No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE20E-S2 V800R010C10SPC500 Feature Description - NAT and IPv6 Transition 01

This is NE20E-S2 V800R010C10SPC500 Feature Description - NAT and IPv6 Transition
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NAT Traffic Diversion

NAT Traffic Diversion

After a user packet arrives at a NAT device, the NAT device does not perform NAT for the user packet. Instead, the NAT device directs the packet to a NAT service board, which is called NAT traffic diversion. Traffic diversion is classified into inbound and outbound interface traffic diversion based on traffic diversion locations.

Inbound Interface Traffic Diversion

In inbound interface traffic diversion mode, the NE20E diverts packets based on traffic policies. A traffic classifier in a traffic policy defines an ACL rule used to match packets, and a traffic behavior defines the NAT processing for packets.

After the traffic policy is applied to the inbound interface, the packets matching the ACL rule bound to the traffic policy is processed by NAT. The packets that do not match the traffic policy are forwarded in the normal process.

In the carrier scenario, NAT must be performed for all user traffic. The inbound interface traffic diversion solution is recommended.

  • Forwarding process in inbound interface mode (forward traffic):

    As shown in the preceding figure, the process of forwarding forward traffic in inbound interface mode is as follows:

    1. After user packets on the private network reach a device, the device matches the 5-tuple information in the user packets against ACL rules.
      • If a match is found, the packets are diverted to a NAT service board.
      • If no match is found, the packets are forwarded based on the normal process.
    2. The NAT service board allocates a public IP address and port number to each user packet based on 5-tuple information carried in the user packet, and translates the private IP address and port number in the user packet into the public IP address and port number, respectively.
    3. The NAT service board searches the FIB table for a specified outbound interface and forwards the converted packets to a next hop through the outbound interface.
  • Forwarding process in traffic diversion mode on the inbound interface (reverse traffic):

    As shown in the preceding figure, the process of forwarding reverse traffic in inbound interface mode is as follows:

    1. After packets on the public network side reach a device, the device searches the FIB table and finds that the destination address of the packets is within a NAT address pool. Then, the device forwards the packets to a NAT service board.
    2. The NAT service board replaces the destination address and port number with the private address and port number, respectively, based on the reverse mapping.
    3. The NAT service board searches the FIB table for a specified outbound interface and forwards the converted packets to a next hop through the outbound interface.

Outbound Interface Traffic Diversion

In outbound interface traffic diversion mode, the NE20E diverts traffic using ACL rules bound to a NAT instance. User packets are filtered first. The packets destined for the internal network undergo the normal forwarding process. Packets destined for the public network are diverted to the NAT service board.

In the enterprise network scenario, there is a large amount of internal communication traffic, and NAT is not required for internal mutual access traffic. NAT is performed only for the traffic that needs to access the external network. The outbound interface traffic diversion solution is recommended.

  • Forwarding process in outbound interface traffic diversion mode (forward traffic):

    As shown in the preceding figure, the process of forwarding forward traffic in outbound interface mode is as follows:

    1. After user packets on the private network reach a device, the device searches the FIB table based on the destination address of the packets and obtains the outbound interface name.
    2. The device uses the outbound interface name in the route and the 5-tuple information in the user packet to match against ACL rules applied to the outbound interface.
      • If a match is found, the packets are diverted to the NAT service board.
      • If no match is found, the packets are sent to a next-hop device through a specified interface.
    3. The NAT service board allocates public IP addresses and port numbers in the NAT address pool based on 5-tuple information carried user packets, and replaces the private IP address and port number in the user packets with the assigned public IP address and port number, respectively.
    4. The NAT service board re-searches the FIB table based on the destination address (no longer matches the packets against ACL rules on the outbound interface). The packets are sent from the specified outbound interface to a next-hop device.
  • Forwarding process in outbound interface traffic diversion mode (reverse traffic):

    The forwarding process is the same as the reverse traffic forwarding process in inbound interface traffic diversion mode. For details, see the forwarding process in inbound interface mode (reverse traffic).

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055472

Views: 2334

Downloads: 3

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next