CCNA Video Training Series

Instant Access, Web or Mobile!

Only $99 for 30 days...
Renew at half price!

Buy/Renew

Includes FREE Practice Exams!

Member Login

Lost your password?

Not a member yet? Sign Up!

Official Lammle User Forum

Results 1 to 14 of 14
  1. #1
    Join Date
    Oct 2009
    Posts
    10

    Default Question about NAT pool for NAT overload

    Dear all,

    Is it true that I should set address pool as:

    ip nat pool Todd 192.1.2.109 192.1.2.109 netmask 255.255.255.248

    to use all 6 (six) IP-addresses in a continuous succession ?


    And if I set the pool as:
    ip nat pool Todd 192.1.2.109 192.1.2.114 netmask 255.255.255.248

    then the second through sixth addresses (110 - 114) would only be used if there was a conflict with a TCP port number, so it is a wastefull configuration.
    Is it true?

    Thank you in advance.

    P.S. The only silly question is a question that was not asked.


  2. #2
    Join Date
    Nov 2008
    Location
    Birmingham, UK
    Posts
    1,440

    Default

    No, the configuration you supplied first will only allocate one address to the pool. only if you specify NAT overload will port translation occur. The second config you have selected will place 6 addresses into the pool.

    What you are doing with the command is defining the start and end addresses of the pool. The netmask does not define this. For example
    ip nat pool testnat 192.168.0.1 192.168.0.20 255.255.255.0 defines only the first 20 addresses in the pool, even though the subnet can accomodate 254 hosts.

    Also your IP addresses cross over subnets if you are using 255.255.255.248 . Your subnets are .104, .112 and .120 with this subnet mask.
    Last edited by Fuzz; 10-07-2009 at 07:05 AM.
    CCNP R&S, CCNA DC
    Currently studying: CCIE R&S, CCNP Data Centre
    Follow my CCIE progress with study notes on my blog: http://beyondccna.blogspot.co.uk/

  3. #3
    Join Date
    Oct 2009
    Posts
    10

    Default

    Thank you.
    It seems Todd's book contradicts with what you've said.
    I read "CCNA:Cisco Certified Network Associate Study Guide", Sixth Edition by Todd Lammle. And in my previous post I just copied from the book the first line of the command:

    ip nat pool Todd 192.1.2.109 192.1.2.109 netmask 255.255.255.248
    access-list 1 permit 192.168.10.64 0.0.0.63
    ip nat inside source list 1 pool Todd overload


    this is Chapter 11, page 679.
    Here he does use mask 255.255.255.248 that cross over subnets
    .104,and .112 ; is it a misprint or what?

    Did you use this book while preparing for your CCNA exam?

    P.S. I do not doubt your knowledge, I just want to gain an understanding.
    Last edited by Artur; 10-08-2009 at 12:38 AM.

  4. #4
    Join Date
    Oct 2009
    Location
    Punjab, India
    Posts
    6

    Default

    Hi Friend,
    The netmask address is 255.255.255.248 and according to this 6 valid hosts can be used and it contains 8 IP addresses in this subnet. The range starts from 0,8,16,24,32... .....

    So the IP address 192.1.2.109 comes in 192.1.2.104 to 192.1.2.111 and the valid host range is 192.1.2.105 to 192.1.2.110.

    You can see page number 123 of chapter 3 of Sixth Edition.
    Last edited by amrinder_bajwa; 10-08-2009 at 01:46 AM. Reason: Mistake in Calculation....

  5. #5
    Join Date
    Oct 2009
    Posts
    10

    Default

    Hi, Amrinder_bajwa,

    I would rather agree with Fuzz.
    If netmask address is 255.255.255.248 then the subnets are .0, .8, .16, .24, .32, .40, .48, .56, .64, .72, .80, .88, .96, .104, .112, 120 etc
    So, I doubt that a subnet x.x.x.108 could be assigned by mask 255.255.255.248

    Best regards,

    Artur

  6. #6
    Join Date
    Oct 2009
    Location
    Punjab, India
    Posts
    6

    Default

    Hi, Artur,
    Sorry Yes you are absolutely, I got mistake in my calculation because I was taking 0,8,16... in my mind to calculate the valid host range instead of 104,112....

    Thank you so much for the reply.
    Amrinder Singh

  7. #7
    Join Date
    Nov 2008
    Location
    Birmingham, UK
    Posts
    1,440

    Default

    Quote Originally Posted by Artur View Post
    Thank you.
    It seems Todd's book contradicts with what you've said.
    I read "CCNA:Cisco Certified Network Associate Study Guide", Sixth Edition by Todd Lammle. And in my previous post I just copied from the book the first line of the command:

    ip nat pool Todd 192.1.2.109 192.1.2.109 netmask 255.255.255.248
    access-list 1 permit 192.168.10.64 0.0.0.63
    ip nat inside source list 1 pool Todd overload


    this is Chapter 11, page 679.
    Here he does use mask 255.255.255.248 that cross over subnets
    .104,and .112 ; is it a misprint or what?

    Did you use this book while preparing for your CCNA exam?

    P.S. I do not doubt your knowledge, I just want to gain an understanding.
    I did use Todd's book to learn for the exams, and yes there are a few misprints (it's the misprints that lead me to this forum, so yay for them!)

    In the first example, only one IP address is needed in the pool because of the overload keyword that follows. With this, you can map multiple addresses to one global address. The subnet mask does not define the hosts available in the pool, just remember that. Of course, you can also specify multiple addresses in the pool and still use overload.
    CCNP R&S, CCNA DC
    Currently studying: CCIE R&S, CCNP Data Centre
    Follow my CCIE progress with study notes on my blog: http://beyondccna.blogspot.co.uk/

  8. #8
    Join Date
    Oct 2009
    Posts
    10

    Default

    2 Fuzz
    Thank you. Things are getting more clear.
    Is this statement from the book true:

    " .... you can type this in and have it work too: ip nat pool Todd 102.1.2.109 192.1.2.114 netmask 255.255.255.248. This is a waste because the second through sixth addresses would only be used if there was a conflict with a TCP port number." (c)

    Actually, you already answered this question in your first post: " this config ... will place 6 addresses into the pool..." (c) Fuzz
    I just want to be comletely sure that one more inconsistency was found in the book.

    Best regards,

    Artur
    Last edited by Artur; 10-08-2009 at 03:42 AM.

  9. #9
    Join Date
    Nov 2008
    Location
    Birmingham, UK
    Posts
    1,440

    Default

    It is a waste, because the whole idea behind NAT Overload is to use one global address for the entire organisation. There's plenty of port numbers to go around, unless you have more than 65000 users all trying to connect at the same time.
    CCNP R&S, CCNA DC
    Currently studying: CCIE R&S, CCNP Data Centre
    Follow my CCIE progress with study notes on my blog: http://beyondccna.blogspot.co.uk/

  10. #10
    Join Date
    Dec 2006
    Posts
    2,198

    Default

    Quote Originally Posted by Fuzz View Post
    It is a waste, because the whole idea behind NAT Overload is to use one global address for the entire organisation. There's plenty of port numbers to go around, unless you have more than 65000 users all trying to connect at the same time.


    Well, yes and no.
    If you have 10,000 users, it is best to have a /29 because the odds of someone using the same port number is about 1 in 6, right?
    if they get a RST then they would not only use the next IP address in the pool, they would use another port number. Using a pool of 6 addresses (/29), means the odds would go to about 1 in 60,000.
    Cheers!
    Todd Lammle

  11. #11
    Join Date
    Oct 2009
    Posts
    10

    Default

    Dear Todd,

    I am sorry for being so annoying, I just want to settle this issue ones and for all.

    In case we set configuration as

    ip nat pool Todd 192.1.2.109 192.1.2.114 netmask 255.255.255.248
    access-list 1 permit 192.168.10.64 0.0.0.63
    ip nat inside source list 1 pool Todd overload

    1. Will all these 6 (six) IP-addresses, defined in the pool, be used in a continuous succession?
    2. Or the first one will be used until a conflict with a TCP port number occurs and then the next IP address in the pool (with another port number) is used.
    3. If things are doing on as described in scenario#2, when the third, 4th and so on IP-addresses from the pool are used?
    I guess that the third IP address may be used if a conflict with a TCP port number occurs when second IP-address from the pool is used, but on the other hand we can move back and use the first IP address from the pool.

    Thank you in advance for spending your time on me.
    Last edited by Artur; 10-08-2009 at 11:00 PM.

  12. #12
    Join Date
    Nov 2008
    Location
    Birmingham, UK
    Posts
    1,440

    Default

    There are over 16,000 port numbers unassigned by the IANA, with 65,535 ports in total. What's the maths behind 1 in 6 with 10k users? Is the source port chosen completely randomly? Or is it application specific, say ports 18595-18700 for a given app, for example?

    Maybe going into it a bit too deep here.
    CCNP R&S, CCNA DC
    Currently studying: CCIE R&S, CCNP Data Centre
    Follow my CCIE progress with study notes on my blog: http://beyondccna.blogspot.co.uk/

  13. #13
    Join Date
    Dec 2006
    Posts
    2,198

    Default

    Quote Originally Posted by Fuzz View Post
    There are over 16,000 port numbers unassigned by the IANA, with 65,535 ports in total. What's the maths behind 1 in 6 with 10k users? Is the source port chosen completely randomly? Or is it application specific, say ports 18595-18700 for a given app, for example?

    Maybe going into it a bit too deep here.


    A little deep, but basically, there are 65,535 port number, of which 1023 are reserved. That means an IPv4 host can choose any number it feels like when making a TCP connection to a remote host from 1024 to 65,535. Just to round it and make it easy, there are about 65,000 numbers to choose from when the source host makes up a number for this session. However, certain apps will choose a range, but just thinking in basic IP, 65,000 is the number to consider that your host has the option of using. If that port number is in use, the remote host will send a RST to tell the source host to try again because that number is in use. When using PAT, the translation router will send a RST if a host send a SYK to the PAT device along with the source and destination port numbers and the source and destination IP addresses. This is called a socket. If the PAT device RST the connection, the transmitting host will try again with a different number, but the translation PAT device will use the next IP address in the range to provide as an inside global. So, just in "very basic" terms, think that each IP address in your pool provides around 65,000 ports.
    Getting into the exact details of how many are actually provided is pretty in-depth, but this is the reason we'd use a pool with NAT. It is because we had thousands upon thousand of users using the same nat device and having multiple IP addresses in the pool allows for faster translation with a large amount of users.
    Cheers!
    Todd Lammle

  14. #14
    Join Date
    Dec 2006
    Posts
    2,198

    Default

    The first IP address in the pool will always be used until there is a RST, then the next IP address in the range will be used, if another RST is sent, it will use the 3rd IP address in the range, and so on.

    Quote Originally Posted by Artur View Post
    Dear Todd,

    I am sorry for being so annoying, I just want to settle this issue ones and for all.

    In case we set configuration as

    ip nat pool Todd 192.1.2.109 192.1.2.114 netmask 255.255.255.248
    access-list 1 permit 192.168.10.64 0.0.0.63
    ip nat inside source list 1 pool Todd overload

    1. Will all these 6 (six) IP-addresses, defined in the pool, be used in a continuous succession?
    2. Or the first one will be used until a conflict with a TCP port number occurs and then the next IP address in the pool (with another port number) is used.
    3. If things are doing on as described in scenario#2, when the third, 4th and so on IP-addresses from the pool are used?
    I guess that the third IP address may be used if a conflict with a TCP port number occurs when second IP-address from the pool is used, but on the other hand we can move back and use the first IP address from the pool.

    Thank you in advance for spending your time on me.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Help with NAT overload (PAT)
    By eduardo in forum Network Address Translation
    Replies: 0
    Last Post: 08-11-2011, 01:22 AM
  2. netmask in pool
    By Laszlo in forum Chapter 13: NAT/PAT
    Replies: 9
    Last Post: 02-22-2010, 07:39 PM
  3. Using interface instead of pool for overload nat
    By mogulsrfun in forum Network Address Translation
    Replies: 2
    Last Post: 11-14-2009, 11:23 AM
  4. NAT Pool netmask question
    By maru3445 in forum Network Address Translation
    Replies: 2
    Last Post: 10-22-2008, 01:10 PM
  5. help Configure NAT Overload on home lab
    By lildeezul in forum Network Address Translation
    Replies: 1
    Last Post: 05-16-2008, 05:29 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •