Inline Network Address Translation Overview
Inline NAT uses the capabilities of the MPC line card, eliminating the need for a services card for NAT. Consequently, you can achieve line-rate, low-latency address translations (up to 120 Gbps per slot). The current implementation provides:
1:1 static address mapping.
Bidirectional mapping - source NAT for outbound traffic and destination NAT for inbound traffic.
No limit on number of flows.
Support for Source, destination, and twice NAT, as shown in Figure 1. Inline NAT supports the translation type basic-nat44. Starting in Junos OS Release 15.1R1, inline NAT also supports twice-basic-nat-44.
Support for hairpinning.
To configure inline NAT, you define your service interface as type si- (service-inline) interface. You must also reserve adequate bandwidth for the inline interface. This enables you to configure both interface or next-hop service-sets used for NAT. The si- interface serves as a “virtual service PIC”.
Only static NAT is supported. Port translation and dynamic NAT are not supported. An MS-MPC, MS-MIC, MS-DPC, or MS-PIC is still needed for any stateful-firewall processing and dynamic port translation.
Benefits of Inline NAT
Eliminates the need for a services card
Supports more NAT flows than a services card