If you use NAT, you are generally just trying to hide ips, or trying to
shovel many ips of one domain (in the mathematical sense) into another
smaller domain. If you use NAPT (or the Cisco term, PAT), you are
multiplexing connections against ips + ports, instead of just IPs. Of
course then you get a many to one cardinality. (hence the concept of "ip
sharing"). The problem with this is sometimes people need specific
listening ports for certain applications, and this can pose serious
problems. So, people may run into "issues" with those
applications. Fortunately, cisco has some built in "light-weight" proxying
which enables you to use quite a few features with no problems. Most
vendors will call this "application support with NAT" (which they really
mean NAPT, or Cisco PAT). I generally do not use Cisco's NAPT that often
so I do not know the details of which proxies are available.
Some applications that will have issues are
-Active FTP
-Any server application which has a "well-known" incoming port
In terms of performance, unless you got one of those really crappy cisco
boxes doing a bit more than their feeble processors can dig, there is
nearly no performance loss. Essentially, it is like a single ACL hit and
then a translation which should be fast (hash table access probably).
Your costs will be dealing with the many to smaller many issues (when you
run out of static NATs to do, think combo of static NAT for the important
ips and PAT to avoid this).
Also if you choose to go purely with PAT, be aware of the issues with some
applications that are "server like" in nature.
Hope this clears some stuff up. Of course, you can always go to... heehe
www.cisco.com
or any other web site with white papers, AKA
ip masquerading for linux
ipfilter for openbsd, freebsd, netbsd, solaris, and hp-ux
ipfw for freebsd
(yeah I know you said no wise cracks, but hey, I could not resist!).
At 12:06 AM 9/14/01 -0400, Circusnuts wrote:
>Has anyone come across performance specs, statistics, or costs (latency or
>otherwise) for NAT & PAT services ???
>
>Thanks
>Phil
>
>PS- no wise-acre's please, I know all about www.Cisco.com :o)
-Carroll Kong
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19908&t=19899
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
