[j-nsp] Doing SNAT only for destinations learned from a specific BGP peering
Martin Tonusoo
martin at tonusoo.ee
Tue May 5 11:12:52 EDT 2026
Hi Emmanuel,
> - MX204 does not support PAT at all
> - PAT is doable by offloading the work to a Linux box
> - SNAT + PAT is not doable elegantly on a sole MX204 box
That's correct. PAT is not doable on MX204.
> - MX204 does not support SNAT on interface (could have been the elegant configuration)
> - SNAT is doable with routing instances
MX204 supports one-to-one translation of IP addresses. For example,
following SNAT configuration is supported on MX204:
root at mx> show configuration services nat
pool 1-to-1-snat-pool {
address 195.7.9.0/24;
}
rule 1-to-1-snat {
match-direction output;
term snat {
from {
source-address {
10.23.44.0/24;
}
}
then {
translated {
source-pool 1-to-1-snat-pool;
translation-type {
basic-nat44;
}
}
}
}
}
root at mx>
This will map 10.23.44.1 to 195.7.9.1, 10.23.44.2 to 195.7.9.2, etc.
The address pool must contain equal or more addresses than the
source-address network specified under the from clause.
This kind of SNAT is performed directly within the Trio lookup block
and should offer near line-rate performance with very little and
stable latency.
> And thanks Martin for the time you put in writing your thorough and
> detailed example.
No problem at all.
Martin
More information about the juniper-nsp
mailing list