Tuesday, October 11, 2011

What is the maximum allowed NAT/PAT Translations on Sup720

We are trying to figure out maximum allowed NAT/PAT Translations allowed on a WS-SUP720-BASE. At any one time we can expect about 30k active users browsing the internet. Can someone please confirm if it supports 300k+ translations.

General rules are:

- the Sup720 is not conceived to NAT all the traffic handled by it. It can do it of course but since the feature is hardware assisted, as Giuseppe correctly pointed out, which means that it cannot be entirely performed in hardware but requires the assistance of software (read CPU) there are scalability considerations to be aware of.
In other words if you require that all the traffic (or vast majority of it) going through your system has to be NAT'ted it is better that you use another device for that (a software based router is better equipped for that). NAT on Sup720 can be used as a temporary measure or for limited traffic volume.

- Performance depends on some variables such as packet size, transport protocol (TCP vs UDP), and type of NAT (static vs dynamic; NAT vs PAT).
NAt is more performing than PAT with UDP being slighlty more performing than TCP.

NAT is declared hardware assisted on sup720 datasheet. Please click here for the datasheet.

Don't expect the system to be able to handle more NAT entries then the size of its TCAM tables used for multilayer switching operations.
for sup 720 3B
256,000 route entries
128,000 netflow entries
see table 1 of above document

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

