Inline Network Address Translation Overview

 

Inline NAT uses the capabilities of the MPC line card, eliminating the need for a services card for NAT. Consequently, you can achieve line-rate, low-latency address translations (up to 120 Gbps per slot). The current implementation provides:

  • 1:1 static address mapping.

  • Bidirectional mapping - source NAT for outbound traffic and destination NAT for inbound traffic.

  • No limit on number of flows.

  • Support for Source, destination, and twice NAT, as shown in Figure 1. Inline NAT supports the translation type basic-nat44. Starting in Junos OS Release 15.1R1, inline NAT also supports twice-basic-nat-44.

  • Support for hairpinning.

Figure 1: Supported Inline NAT Types
Supported Inline
NAT Types

To configure inline NAT, you define your service interface as type si- (service-inline) interface. You must also reserve adequate bandwidth for the inline interface. This enables you to configure both interface or next-hop service-sets used for NAT. The si- interface serves as a “virtual service PIC”.

Note

Only static NAT is supported. Port translation and dynamic NAT are not supported. An MS-MPC, MS-MIC, MS-DPC, or MS-PIC is still needed for any stateful-firewall processing and dynamic port translation.

Benefits of Inline NAT

  • Eliminates the need for a services card

  • Supports more NAT flows than a services card

Release History Table
Release
Description
Starting in Junos OS Release 15.1R1, inline NAT also supports twice-basic-nat-44