Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configuring Deterministic NAPT for Next Gen Services

Deterministic NAPT for Next Gen Services is available only for MX series devices. To configure deterministic NAPT on Next Gen Services, perform the following:

Configuring the NAT Pool for Deterministic NAPT for Next Gen Services

To configure the NAT pool for deterministic NAPT:

  1. Create a pool.
  2. Define the addresses or subnets to which source addresses are translated.

    or

  3. Configure deterministic port block allocation for the pool.
  4. If you want the lowest and highest IPv4 addresses (the network and broadcast addresses) in the source address range of a NAT rule to be translated when the NAT pool is used, configure include-boundary-address.
  5. Configure the port block size. The range is 1 to 64,512. The default block size is 256.
  6. Configure the first usable pre-NAT subscriber address, which is used in calculating the offset value for a pre-NAT address that is being translated. This offset is used to perform the deterministic NAT mapping.
  7. Configure the interval at which the syslog is generated for the deterministic NAT configuration.
  8. To configure automatic port assignment for the pool, specify either random allocation or round-robin allocation.

    Random allocation randomly assigns a port from the range 1024 through 65535 for each port translation. Round robin allocation first assigns port 1024, and uses the next higher port for each successive port assignment. Round robin allocation is the default.

  9. To disable round-robin port allocation for all NAT pools that do not specify an automatic (random-allocation | round-robin) setting, configure the global setting.

See Also

Configuring the NAT Rule for Deterministic NAPT44 for Next Gen Services

To configure the NAT rule for deterministic NAPT44:

  1. Configure the NAT rule name.
  2. Specify the traffic direction to which the NAT rule set applies.
  3. Specify the addresses that are translated by the source NAT rule.

    To specify one address or prefix value:

    To specify a range of addresses, configure an address book global address with the desired address range, and assign the global address to the NAT rule:

    To specify any unicast address:

  4. Specify one or more application protocols to which the NAT rule applies. The number of applications listed in the rule must not exceed 3072.
  5. Specify the NAT pool that contains the addresses for translated traffic.

Configuring the NAT Rule for Deterministic NAPT64 for Next Gen Services

To configure the NAT rule for deterministic NAPT64:

  1. Configure the source NAT rule name.
  2. Specify the traffic direction to which the NAT rule set applies.
  3. Specify the IPv6 prefix for the source addresses that are translated by the NAT rule.
  4. Specify one or more application protocols to which the NAT rule applies. The number of application terms must not exceed 3072.
  5. Specify the NAT source pool that contains the addresses for translated source addresses.

Configuring the Service Set for Deterministic NAT for Next Gen Services

To configure the service set for deterministic NAPT:

  1. Define the service set.
  2. Configure either an interface service, which requires a single service interface, or a next-hop service, which requires an inside and outside service interface.

    or

  3. Specify the NAT rule sets to be used with the service set.

Clearing the Don’t Fragment Bit

If you configured deterministic NAPT64, specify that the don’t fragment (DF) bit for IPv4 packet headers is cleared when the packet length is less than 1280 bytes.

This prevents unnecessary creation of an IPv6 fragmentation header when translating IPv4 packets that are less than 1280 bytes.

Related Documentation