User Manual
TRex 57 / 113
vlan : 4055
next_hop : 10.10.0.2
src_ip : 10.10.0.11
count : 1
- ip_start : 12.2.1.1
v
1
ip_end : 12.2.1.255
initiator :
vlan : 4060
next_hop : 11.10.0.3
src_ip : 11.10.0.11
responder :
vlan : 4064
next_hop : 10.10.0.3
src_ip : 10.10.0.11
count : 1
- ip_start : 12.2.2.1
ip_end : 12.2.2.255
initiator :
vlan : 4061
next_hop : 11.10.0.4
src_ip : 11.10.0.11
responder :
vlan : 4065
next_hop : 10.10.0.4
src_ip : 10.10.0.11
count : 1
v
1
We added more clusters beacuse more IPs will be generated (+mask)
5.6 NAT support
TRex can learn dynamic NAT/PAT translation. To enable this feature, use the
--learn-mode <mode>
switch at the command line. To learn the NAT translation, TRex must embed information describing which flow a packet belongs
to, in the first packet of each flow. TRex can do this using one of several methods, depending on the chosen <mode>.
Mode 1:
--learn-mode 1
TCP flow: Flow information is embedded in the ACK of the first TCP SYN.
UDP flow: Flow information is embedded in the IP identification field of the first packet in the flow.
This mode was developed for testing NAT with firewalls (which usually do not work with mode 2). In this mode, TRex
also learns and compensates for TCP sequence number randomization that might be done by the DUT. TRex can learn and
compensate for seq num randomization in both directions of the connection.
Mode 2:
--learn-mode 2
Flow information is added in a special IPv4 option header (8 bytes long 0x10 id). This option header is added only to the
first packet in the flow. This mode does not work with DUTs that drop packets with IP options (for example, Cisco ASA
firewall).
Mode 3:
--learn-mode 3
Similar to mode 1, but TRex does not learn the seq num randomization in the server→client direction. This mode can
provide better connections-per-second performance than mode 1. But for all existing firewalls, the mode 1 cps rate is
adequate.