Objective
Use Case
ABC is an ISP vendor who is seeking a way to reduce the significant investment he is forced to make for maintaining logging infrastructure for CGNAT. He is interested in a mechanism by which he can reduce the log volume thus reducing the cost associated with logging infrastructure needs.Quick recap of CGNAT Deterministic NAT
Large-scale network address translation (LSN) also known as carrier-grade NAT (CGNAT) is a technology that several telecom companies and internet service providers are implementing to deal with the exhaustion of IPV4 addresses issue and extend the lifespan of IPv4 addresses until the world slowly moves to IPv6 addresses. LSN allows single IPV4 address to be shared by multiple private network subscribers thus allowing large number of users to connect using limited IPV4 addresses.
In generic NAT scenarios, the operators need to log each connection to be able to trace the subscriber ID. This eventually results in a large volume of log data wherein the ISPs/Telco need to invest a lot to maintain the logging infrastructure.
Deterministic NAT comes to the rescue in such a scenario. In Deterministic NAT there is a pre-determined mapping between the subscriber IP and NATIP. Since the NAT translation/mapping is pre-determined and already available, the logging is drastically reduced.
The subscriber will then be dynamically allocated a port from the assigned port block.
Support for Deterministic NAT in NetScaler
The NetScaler administrators can configure deterministic NAT option by mapping a client (set of subscriber IPs on private network) to an lsn pool (set of public IP addresses available on NetScaler) with fixed port block sizes.
Instructions
Configuration Steps for configuring deterministic NAT on NS
Step 1: Create a LSN client and assign a range of subscriber IP addresses to it.
add lsn client <client-name>
bind lsn client <client-name> -network <IPaddress> -netmask <netmask>
On GUI,
Go to System >> Large Scale NAT >> Clients
And add a new client with corresponding network and netmask
Step 2: Create a LSN pool with NAT type as deterministic and assign a range of public IP addresses to it.
add lsn pool <pool-name> -nattype DETERMINISTIC
bind lsn pool <pool-name> <NATIP1-NATIPx>
On GUI,
Go to System >> Large Scale NAT >> Pools
And add a new pool with corresponding range of IP addresses
Step 3: Create an LSN group and add LSN client(s) to it
add lsn group <group-name> -clientname <client-name> -nattype DETERMINISTIC –portblocksize <multiple of 256>
On GUI,
Go to System >> Large Scale NAT >> LSN Group
And add a new lsn group with corresponding client name and nat type ‘deterministic’
Step 4: Bind the LSN group with LSN pool(s)
bind lsn group <group-name> -poolname <pool-name>
On GUI,
Go to System >> Large Scale NAT >> LSN Group >> select the lsn group and click on Pools
You can now see the configured mapping using the command
show lsn deterministicNat (-clientname <string> |
-network6 <ipv6_addr|*> | -natIP <ip_addr>) [-subscrIP <ip_addr>
[-td <positive_integer>]]
Additional Resources
Refer to "NetScaler: How Do I?" page for more easy to implement articles on commonly used features of NetScaler.