No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C00 Feature Description - NAT and IPv6 Transition 01

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
CGN Traffic Diversion

CGN Traffic Diversion

CGN traffic is distributed to a VSUF-80/160 without interfaces.

VSUF Components

Figure 2-5 shows the VSUF components.

  • Multi-core CPU: processes NAT, including the private/public NAT IP address, port range, NAT log tracing, and session aging processing mechanism.

  • Ternary Content Addressable Memory (TCAM): stores FIB entries and searches for routing tables.

  • Traffic manager (TM): processes traffic from VSUFs and other related boards.

  • Control CPU: is connected to the SFU and MPU to download the configurations and collects statistics of all components. It is used to control other components, such as multi-core CPU, TM, and TCAM.

  • Switch Fabric Unit (SFU): provides channels for data communication with other boards.

  • Control bus: is used to control the bus of connected components.

  • Data bus: is used for data transmission.

  • Bus for TCAM searching: is used to search the buses of every entry.

  • Control and data bus: is used to control the buses of connected components and data transmission.

Figure 2-5  VSUF components

Traffic Diversion Principles

A CGN device uses the multi-core VSUF that has no outbound interface to process services. Figure 2-6 shows the traffic diversion procedure of CGN services.
  • Upstream direction (user-side traffic)

    1. LPU->SFU->VSUF: Traffic is diverted from the SFU to the VSUF over the LPU. Users can configure a traffic policy to import the packets that hit the traffic policy to the service board for processing.
    2. VSUF->SFU->LPU: The VSUF performs NAT on user-side traffic, and the traffic is sent to the LPU over the SFU.
  • Downstream direction (network-side traffic)

    1. LPU->SFU->VSUF: Traffic is diverted from the SFU to the VSUF over the LPU using the routing table of the public address pool.
    2. VSUF->SFU->LPU: The VSUF performs NAT on network-side traffic, and the traffic is sent from the SFU to the LPU.
Figure 2-6  CGN service processing
Figure 2-6 shows the internal processing among components. Figure 2-7 shows the upstream and downstream CGN forwarding at each stage.
  • Upstream direction (user-side traffic)

    1. A packet is transmitted from a PIC interface.
    2. PIC->PFE (Packet Forward Engine): Layer 2 CRC is performed on the PIC.
    3. PFE->TM: The PFE searches for the TCAM for ACL matching. Users can configure a traffic policy for traffic diversion. The search result contains the position information of the NAT instance (board and multi-core CPU information). These information is encapsulated and then sent to the TM. Layer 3 CRC is performed on the PFE.
    4. TM->SFU: The packet is fragmented into several units for exchange so that NAT position information can be sent to the SFU.
    5. SFU->TM: The SPF sends packet fragments to the subsequent board.
    6. TM->Multi-core CPU: Packet fragments are reassembled and then sent to the corresponding multi-core CPU.
    7. Multi-core CPU->TM: The multi-core CPU processes NAT to allocate public IP addresses and ports as well as establishing NAT sessions. The device then searches for FIB entries based on the destination IP address. The search result contains the next-hop outbound interface information. This information is sent to the TM.
    8. TM->SFU: Upon receipt of the encapsulated next-hop information, the TM fragments the packet and sends the packet that includes the next-hop information to the SFU.
    9. SFU->TM: The SFU sends packet fragments to the corresponding board.
    10. TM->PFE: The TM reassembles packet fragments and sends the packet to the PFE. The next-hop information is contained in the packet header.
    11. PFE->PIC: The PFE sends the packet to the PIC interface.
    12. The PIC forwards the packet.
  • Downstream direction (network-side traffic)

    1. A packet is transmitted from the PIC interface.
    2. PIC->PFE: Layer 2 CRC is performed on the PIC.
    3. PFE->TM: The PFE searches for the TCAM for ACL matching. Users can configure a traffic policy for traffic diversion. The search result contains the position information of the NAT instance (board and multi-core CPU information). These information is encapsulated and then sent to the TM. Layer 3 CRC is performed on the PFE.
    4. TM->SFU: The packet is fragmented into several units for exchange so that NAT position information can be sent to the SFU.
    5. SFU->TM: The SPF sends packet fragments to the subsequent board.
    6. TM->Multi-core CPU: Packet fragments are reassembled and then sent to the corresponding multi-core CPU.
    7. Multi-core CPU->TM: The multi-core CPU searches for the destination IP address (public IP address) of NAT session entries based on hash algorithm. If the mappings between the public and private IP address and port of the NAT session are obtained, the destination IP address and port of the packet can be processed and translated into the corresponding private IP address and port. The TCAM searches for the FIB entries of the private IP address and the next-hop outbound interface. The next-hop information is encapsulated into the packet before the packet is forwarded to the TM.
    8. TM->SFU: Upon receipt of the encapsulated next-hop information, the TM fragments the packet and sends the packet that includes the next-hop information to the SFU.
    9. SFU->TM: The SFU sends packet fragments to the corresponding board.
    10. TM->PFE: The TM reassembles packet fragments and sends the packet to the PFE. The next-hop information is contained in the packet header.
    11. PFE->PIC: The PFE sends the packet to the PIC interface.
    12. The PIC forwards the packet.
Figure 2-7  CGN service processing in the upstream and downstream directions
Download
Updated: 2018-07-04

Document ID: EDOC1100027155

Views: 21934

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next