Support for special protocols, Nat support for mpls vpns, Configuration restrictions and guidelines – H3C Technologies H3C S12500 Series Switches User Manual
Page 111: Nat configuration task list
97
Support for special protocols
Apart from the basic address translation function, NAT also provides an application layer gateway (ALG)
mechanism that supports some special application protocols without requiring the NAT platform to be
modified, featuring high scalability. The IP addresses or port numbers contained in such protocol
messages might need address translation.
The special protocols that NAT supports include: File Transfer Protocol (FTP), Internet Control Message
Protocol (ICMP), Domain Name System (DNS), Internet Locator Service (ILS), H.323, Session Initiation
Protocol (SIP), Netmeeting 3.01, and NetBIOS over TCP/IP (NBT).
NAT support for MPLS VPNs
NAT allows users from different MPLS VPNs to access external networks through the same outbound
interface, and allows the VPN users to use the same private address space.
1.
Upon receiving a request from an MPLS VPN to an external network, NAT replaces the private
source IP address and port number with a public IP address and port number, and records the
MPLS VPN information, such as the protocol type and router distinguisher (RD).
2.
When the response packet arrives, NAT replaces the public destination IP address and port
number with the internal IP address and port number, and sends the packet to the target MPLS VPN.
Both NAT and NAPT support MPLS VPNs.
This feature can also apply to internal servers so that external users can access an internal host of an
MPLS VPN. For example, suppose a host in MPLS VPN 1 needs to provide web services for the Internet.
It has a private address of 10.110.1.1. To achieve this purpose, configure NAT to use 202.110.10.20 as the
public IP address of the host so that the Internet users can use this IP address to access web services on
the host.
NAT allows hosts in multiple MPLS VPNs to access each other by using the MPLS VPN information
carried in the external IP address.
Configuration restrictions and guidelines
If the NAT configuration (address translation or internal server configuration) on an interface is changed,
H3C recommends that you save the configuration and reboot the switch (or use the reset nat session
command to manually clear the relevant NAT entries), to avoid problems. The following problems might
occur: after you delete the NAT-related configuration, address translation can still work for sessions
already created. If you configure NAT when NAT is running, the same configuration might have different
results because of different configuration orders.
Make sure all the IP address pools applied to the interfaces do not overlap.
NAT configuration task list
Task Remarks
Configuring address translation
Either is required.
Configuring an internal server
Required.
Optional.
Optional.