Layer 3 functions
9
9.1
NAT
Note
NAT/NAPT is possible only on layer 3 of the ISO/OSI reference model. To use the NAT
function, the networks must use the IPv4 protocol.
When using the ISO protocol that operates at layer 2, it is not possible to use NAT.
With Network Address Translation (NAT), IP subnets are divided into "Inside" and "Outside".
The division is from the perspective of a NAT interface. All networks that can be reached via
the NAT interface itself count as being "Outside" for this interface. All networks that csn be
reached via IP interfaces of the same device count as being "Inside" for the NAT interface.
if there is routing via a NAT interface, the source or destination IP addresses of the transferred
data packets are changed at the transition between "Inside" and "Outside". Whether the source
or destination IP address is changed depends on the communication direction. The address
of the communications node located "Inside" is always adapted. Depending on the perspective
the IP address of the communications node is identified as "Local" or "Global".
Perspective
Local
Global
Position
Inside
An actual IP address that is as‐
signed to a device in the internal
network. This address cannot be
reached from the external network.
An IP address at which an internal
device can be reached from the
external network.
Outside
An actual IP address that is assigned to a device in the external network.
Since only "inside" addresses are implemented, there is no distinction
between made between outside local and outside global.
Computing capacity
Due to the load limitation of the CPU packet receipt of the device is limited to 300 packets a
second. This corresponds to a maximum data through of 1.7 Mbps. This load limitation does
not apply per interface but generally for all packets going the CPU.
The entire NAT communication runs via the CPU and therefore represents competition for IP
communication going to the CPU, e.g. WBM and Telnet.
Note that a large part of the computing capacity is occupied if you use NAT.
NAT
With Network Address Translation (NAT), the IP address in a data packet is replaced by
another. NAT is normally used on a gateway between an internal network and an external
network.
SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Command Line Interface
Configuration Manual, 07/2017, C79000-G8976-C361-06
431