Manual Chapter : Using NAPT Address Translation Mode

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter

Using NAPT Address Translation Mode

Overview: Using NAPT address translation mode

NAPT mode provides standard address and port translation allowing multiple clients in a private network to access remote networks using the single IP address assigned to their router. For outbound packets, NAPT translates the source IP address and source transport identifier. For inbound packets, NAPT translates the destination IP address, the destination transport identifier, and the IP and transport header checksums. This mode is beneficial for remote access users.

NAPT log examples

The following examples describe typical NAPT log messages

NAT44 example

Mar 27 11:17:39 10.10.10.200 lsn_event="LSN_ADD",cli="10.10.10.1: 33950",nat="5.5.5.1:10000"
Mar 27 11:17:39 10.10.10.200 "LSN_ADD""10.10.10.1: 33950""5.5.5.1:10000"
Mar 27 11:23:17 localhost info tmm[32683]: "LSN_ADD""10.10.10.1:33950""5.5.5.1:10000"
Mar 27 11:17:39 10.10.10.200 lsn_event="LSN_DELETE",cli="10.10.10.1: 33950",nat="5.5.5.1:10000"
Mar 27 11:17:39 10.10.10.200 "LSN_DELETE""10.10.10.1: 33950""5.5.5.1:10000"
Mar 27 11:23:17 localhost info tmm[32683]: "LSN_DELETE""10.10.10.1:33950""5.5.5.1:10000"

NAT44 example with route domains

Mar 28 08:34:12 10.10.21.200 lsn_event="LSN_ADD",cli="10.10.10.1%11: 59187",nat="5.5.5.1%22:10000"
Mar 28 08:34:12 10.10.21.200 "LSN_ADD""10.10.10.1%11: 59187""5.5.5.1%22:10000"
Mar 28 08:34:12 10.10.21.200 lsn_event="LSN_DELETE",cli="10.10.10.1%11: 59187",nat="5.5.5.1%22:10000"
Mar 28 08:34:12 10.10.21.200 "LSN_DELETE""10.10.10.1%11: 59187""5.5.5.1%22:10000"

NAT64 example

Mar 27 11:18:20 10.10.10.200 lsn_event="LSN_ADD",cli="2701: 1:12:123:1234:432:43:100.39900",nat="5.5.5.1:10000"
Mar 27 11:18:20 10.10.10.200 "LSN_ADD""2701: 1:12:123:1234:432:43:100.39900""5.5.5.1:10000"
Mar 27 11:23:57 localhost info tmm[32683]: "LSN_ADD""2701:1:12:123:1234:432:43:100.39900""5.5.5.1:10000"
Mar 27 11:18:23 10.10.10.200 lsn_event="LSN_DELETE",cli="2701: 1:12:123:1234:432:43:100.39900",nat="5.5.5.1:10000"
Mar 27 11:18:23 10.10.10.200 "LSN_DELETE""2701: 1:12:123:1234:432:43:100.39900""5.5.5.1:10000"
Mar 27 11:24:00 localhost info tmm[32683]: "LSN_DELETE""2701:1:12:123:1234:432:43:100.39900""5.5.5.1:10000"

NAT64 example with route domains

Mar 28 14:50:56 10.10.21.200 lsn_event="LSN_ADD",cli="2701: 1:12:123:1234:432:43:100%11.45000",nat="5.5.5.1%22:10000"
Mar 28 14:50:56 10.10.21.200 "LSN_ADD""2701: 1:12:123:1234:432:43:100%11.45000""5.5.5.1%22:10000"
Mar 28 14:50:56 10.10.21.200 lsn_event="LSN_DELETE",cli="2701: 1:12:123:1234:432:43:100%11.45000",nat="5.5.5.1%22:10000"
Mar 28 14:50:56 10.10.21.200 "LSN_DELETE""2701: 1:12:123:1234:432:43:100%11.45000""5.5.5.1%22:10000"

NAT DSLITE

Mar 27 11:19:14 10.10.10.200 lsn_event="LSN_ADD",cli="10.10.31.4: 52240",nat="5.5.5.1:10000",dslite="2701::200"
Mar 27 11:19:14 10.10.10.200 "LSN_ADD""10.10.31.4: 52240""5.5.5.1:10000""2701::200"
Mar 27 11:24:52 localhost info tmm[32682]: "LSN_ADD""10.10.31.4:52240""5.5.5.1:10000""2701::200"
Mar 27 11:19:18 10.10.10.200 lsn_event="LSN_DELETE",cli="10.10.31.4: 52240",nat="5.5.5.1:10000",dslite="2701::200"
Mar 27 11:19:18 10.10.10.200 "LSN_DELETE""10.10.31.4: 52240""5.5.5.1:10000""2701::200"
Mar 27 11:24:55 localhost info tmm[32682]: "LSN_DELETE""10.10.31.4:52240""5.5.5.1:10000""2701::200"

NAT DSLITE with route domains

Mar 28 15:03:40 10.10.21.200 lsn_event="LSN_ADD",cli="10.10.31.4%11: 51942",nat="5.5.5.1%22:10000",dslite="2701::200%11"
Mar 28 15:03:40 10.10.21.200 "LSN_ADD""10.10.31.4%11: 51942""5.5.5.1%22:10000""2701::200%11"
Mar 28 15:03:40 10.10.21.200 lsn_event="LSN_DELETE",cli="10.10.31.4%11: 51942",nat="5.5.5.1%22:10000",dslite="2701::200%11"
Mar 28 15:03:40 10.10.21.200 "LSN_DELETE""10.10.31.4%11: 51942""5.5.5.1%22:10000""2701::200%11"

Task summary

Creating a NAPT LSN pool

  • The CGNAT module must be provisioned before LSN pools can be configured.
  • Before associating a LSN pool with a log publisher, ensure that at least one log publisher exists on the BIG-IP system.
Large Scale NAT (LSN) pools are used by the CGNAT module to allow efficient configuration of translation prefixes and parameters.
  1. On the Main tab, click Carrier Grade NAT > LSN Pools .
    The LSN Pool List screen opens.
  2. Click Create.
  3. In the Name field, type a unique name.
  4. In the Description field, type a description.
  5. Select NAPT for the pool's translation Mode.
  6. Click Finished.
Your NAPT LSN pool is now ready and you can continue to configure your CGNAT.

Creating a VLAN for NAT

VLANs represent a collection of hosts that can share network resources, regardless of their physical location on the network. You create a VLAN to associate physical interfaces with that VLAN.
  1. On the Main tab, click Network > VLANs .
    The VLAN List screen opens.
  2. Click Create.
    The New VLAN screen opens.
  3. In the Name field, type a unique name for the VLAN.
  4. In the Tag field, type a numeric tag, from 1-4094, for the VLAN, or leave the field blank if you want the BIG-IP system to automatically assign a VLAN tag.
    The VLAN tag identifies the traffic from hosts in the associated VLAN.
  5. For the Interfaces setting, from the Available list, click an interface number or trunk name and add the selected interface or trunk to the Untagged list. Repeat this step as necessary.
  6. From the Configuration list, select Advanced.
  7. If you want the system to verify that the return route to an initial packet is the same VLAN from which the packet originated, select the Source Check check box.
  8. In the MTU field, retain the default number of bytes (1500).
  9. If you want to base redundant-system failover on VLAN-related events, select the Fail-safe box.
  10. From the Auto Last Hop list, select a value.
  11. From the CMP Hash list, select Source if this VLAN is the subscriber side or Destination if this VLAN is the Internet side.
  12. To enable the DAG Round Robin setting, select the check box.
  13. Click Finished.
    The screen refreshes, and displays the new VLAN from the list.
You now have one of two VLANs for your deterministic NAT. Repeat these steps to create a second VLAN to act as the destination if the first VLAN is the source or vice versa.

Creating a virtual server for an LSN pool

Virtual servers are matched based on source (client) addresses. Define a virtual server that references the CGNAT profile and the LSN pool.
  1. On the Main tab, click Carrier Grade NAT > Virtual Servers .
    The Virtual Servers screen opens.
  2. Click the Create button.
    The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. From the Type list, select Performance (Layer 4).
  5. For the Destination setting, in the Address field, type 0.0.0.0 to allow all traffic to be translated.
  6. In the Service Port field, type * or select * All Ports from the list.
  7. From the VLAN and Tunnel Traffic list, select Enabled on. Then, for the VLANs and Tunnels setting, move the VLAN or VLANs on which you want to allow the virtual servers to share traffic from the Available list to the Selected list.
  8. For the LSN Pool setting, select the pool that this server will draw on for translation addresses.
  9. In the Resources area of the screen, for the iRules setting, select the name of the iRule that you want to assign and using the Move button, move the name from the Available list to the Enabled list.
  10. Click Finished.
The custom CGNAT virtual server now appears in the CGNAT Virtual Servers list.