Network Address Translation

The Trio chipset supports inline Network Address Translation (NAT). The Lookup Block as of Junos 11.4 only supports simple 1:1 NAT with no port address translation. Simple NAT includes the following: source NAT, destination NAT, and two-way NAT. The primary driver for inline NAT is performance and low latency. Inline NAT is performed in the microcode of the Trio Lookup Block and doesn’t require moving the packet through a dedicated Services Module.

Types of NAT

Inline Trio supports 1:1 NAT; this specifically means that IP address #1 can be translated into IP address #2. There’s no port translation available, as this would require keeping track of flows and state. 1:1 NAT can be expressed in three different methods: source NAT, destination NAT, and twice NAT. In implementation, all three methods are the same; the only differences between them are the direction and number of translations.

Source NAT will inspect egress traffic from H1 and change the source address upon translation to H2, as shown in Figure 7-4.

Inline Trio Source NAT.

Figure 7-4. Inline Trio Source NAT.

Destination NAT will inspect egress traffic from H2 and change the destination address upon translation to H1, as shown in Figure 7-5.

Inline Trio Destination NAT.

Figure 7-5. Inline Trio Destination NAT.

Twice NAT simply combines source and destination ...

Get Juniper MX Series now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial