No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE20E-S2 V800R010C10SPC500 Feature Description - NAT and IPv6 Transition 01

This is NE20E-S2 V800R010C10SPC500 Feature Description - NAT and IPv6 Transition
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAT Address Pool and Its Conversion Basis

NAT Address Pool and Its Conversion Basis

NAT Address Pool

To perform NAT on private network user packets, public IP addresses must be available. The NE20E uses NAT address pools to manage public IP addresses. The address pool defines the range of public IP addresses that can be allocated to private network packets.

To associate a NAT address pool with a NAT board, the following concepts are introduced on the NE20E:

  • VSM HA backup group: is used to specify the board where the NAT task is performed.

  • VSM HA service instance group: is bound to a VSM HA backup group.

  • NAT instance: NAT processing policies may differ on various user devices. For example, a port block size and a flow rate limit for each user are specified in policies. To facilitate unified management, the concept of NAT instances is introduced. Users with the same policy are assigned to the same instance. The address segment, address assignment policy, and security policy can be configured in the instance.

    The NAT instance must be bound to a specific VSM HA service instance group so that user packets in the NAT instance can be forwarded to the specified board for NAT processing.

    After a NAT instance is created, specify a NAT address pool for the NAT instance. In this way, the private IP address of the user can be replaced with the public IP address in the address pool during NAT.
    After an address pool is specified for a NAT instance, the device generates a UNR to a specific network segment or IP address for the NAT device to find out the interface.


By default, an IP address in the NAT address pool cannot be the same as any IP address that has been used by an interface. Users on enterprise networks cannot apply for sufficient public network addresses because of limited public address resources. The NAT function needs to be used when a few public IP addresses are available. To use limited public network address resources, the NE20E can use addresses in a NAT address pool as interface addresses, which is called NAT easy IP.
PAT NAT alone supports the NAT easy IP function.
Figure 2-3 NAT easy IP fundamentals
In Figure 2-3, a NAT device translates the private IP address of an enterprise network user to the IP address of a public network interface so that traffic can be transmitted from the enterprise network to the carrier network.
  1. The NAT device receives packets sent from the local host to access the public server. For example, the source IP address of the packets sent by Host A is, and the port number is 4000.
  2. The NAT device uses the public IP address of the public network interface to establish an Easy IP entry that maps to the source IP address of the internal network. The NAT device can then implement NAT on the received packets based on the interface IP address corresponding to the Easy IP entry. In this example, the source IP address is and the port number is 4101 after NAT is implemented for the packets sent by Host A.

NAT Address Pool Translation Basis

The NE20E performs NAT based on quintuple information (source address, source port number, protocol type, destination address, and destination port number).

5-tuple NAT, also called symmetric NAT, translates IP addresses and filters out packets based on the 5-tuple information in packets. The 5-tuple information includes the source IP address, source port number, protocol type, destination IP address, and destination port number.

A NAT device receives packets carrying the same private source IP address and port number but different private destination IP addresses and port numbers. The NAT device translates the private source IP address and port number in these packets into different public IP addresses and port numbers. In addition, the NAT device allows public network hosts only with IP addresses matching these destination IP addresses to send packets carrying the translated IP addresses and port numbers to access private network hosts. When 5-tuple NAT is used, public network hosts can communicate with private hosts only if the public host packets carry the public network source IP address that match destination IP addresses carried in private host packets before NAT processes the private host packets. 5-tuple NAT improves packet transmission security, but does not allow hosts connected to different NAT devices to communicate.

Updated: 2019-01-02

Document ID: EDOC1100055472

Views: 2368

Downloads: 3

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next