[c-nsp] DSL+NAT Question
Justin M. Streiner
streiner at cluebyfour.org
Thu Apr 28 15:42:27 EDT 2005
On Thu, 28 Apr 2005, Imad Buhidma wrote:
> We are using Cisco 7206VXR (NPE-G1) with IOS version 12.2(15)T9 as
> aggregation for DSL subscribers (approximately 10000 clients) and all
> subscribers will have private ip addresses, I would to know what is the
> recommended number of real ip addresses that we should use in NAT Pool
> to obtain good performance.
There isn't a definite rule on this that I've ever heard. When I still
worked at an ISP, we had probably around 2,000 users and used close to a
/21 for a NAT pool, so the savings in terms of IP addresses really wasn't
that great. Back in the day, they were PAT'd into a single /24, though
there were also fewer DSL users then, too. Many users complained, and it
turned out that some people had applications that didn't work and play
well with PAT on a large scale, and Cisco's NAT implementation at the time
did some funky things that caused lots of headaches.
If I had it all to do over again, I wouldn't have used NAT in the first
place, but that was done before I had control of the network :-)
If you are committed to doing NAT, make sure you turn your NAT translation
timeout down to something low, but not too low because then you run the
risk of burning up the CPU on care and feeding of the NAT translation
table. A translation timeout of 300 seconds worked pretty well. DSL
users can burn through a translation pool very quickly.
jms
More information about the cisco-nsp
mailing list