Technical data

ManualsBrandsApplication Systems ManualsComputer equipmentADX-64

109

110

111

112

113

114

115

116

117

118

ServerIron ADX NAT64 Configuration Guide 101

53-1002288-02

Stateless static IP NAT

DRAFT: BROCADE CONFIDENTIAL

The syn-timeout keyword indicates timeout for NAT TCP flows after a SYN

The tcp-timeout keyword indicates dynamic entries that use PAT based on TCP port numbers. The

default is 120 seconds. This timer applies only to TCP sessions that do not end “gracefully”, with a

TCP FIN or TCP RST.

The udp-timeout keyword indicates dynamic entries that use PAT based on UDP port numbers. The

default is 120 seconds.

The <secs> parameter specifies number of seconds, 0– 3600. Use maximum to set the maximum

timeout value. For example, 3,600 seconds.

The max-entries <number-of-entries> parameter specifies the maximum number of NAT entries

Stateless static IP NAT

A ServerIron ADX creates sessions for Static NAT by default. You can prevent a ServerIron ADX from

creating sessions for static NAT traffic with the following command.

ServerIronADX(config)# [no] ip nat stateless

Syntax: ip nat stateless

For “ip nat stateless“ to work, the existing command, “ip nat inside source static” must already be

configured.

Example

ip nat inside source static 10.45.16.103 10.45.16.10

NOTE

FTP, RTSP and other similar complex protocols are not supported. The traffic applicable for IP NAT

Stateless are TCP, UDP, and ICMP.

NOTE

You must reload a ServerIron ADX whenever changes are made to a running IP NAT configuration.

Redundancy

The IP NAT Redundancy feature implements a separate protocol to negotiate IP address ownership

of NAT IP addresses.

The new protocol is similar to the symmetric VIP protocol and uses any L2 link to exchange the NAT

PDUs. Both ServerIronADXs will run a “symmetric VIP like” protocol to report and receive ownership

(similar to the VLAN AD protocol in symmetric SLB). When one ServerIron ADX goes down, the peer

ServerIron ADX will become the master for that NAT IP (in case of static NAT) or NAT pool (in case of

dynamic NAT). However, the NAT IP/NAT pool ownership is used only to decide which ServerIronADX

responds to the ARP request for the NAT IP. Both ServerIronADXs are allowed to use the NAT IP in

keeping with the design for symmetric VIP (sym-active SLB).

The global ip policy dependency is as follows:

• SLB — not needed

• IP NAT — not needed