The Huawei ME60 is a multi-service control gateway product series launched by Huawei. ME60s are mainly used as broadband service access BRAS nodes and IP/MPLS network service provisioning nodes. Among its many features, NAT (Network Address Translation) stands out as a critical function for efficient IP address management and seamless connectivity, which is necessary for ISPs. This blog explores the fundamentals of NAT, its classification, ME60 NAT card & license.on the ME60 platform.

Network address translation (NAT) translates IP addresses between private and public networks, which enables multiple private network users to use only a small number of public IPv4 addresses to access external networks. A NAT device translates private IPv4 addresses in packets to public IPv4 addresses and records the mapping before users access the Internet.

As the Internet develops and network applications grow, IPv4 address exhaustion constrains network development. Before IPv6 can be widely used to replace IPv4 that has been running on network devices and is bearing existing applications, some IPv4-to-IPv6 transition techniques can be used to alleviate IPv4 address shortage.

NAT provides a transition solution that reuses IP addresses to slow down the tendency towards IPv4 address exhaustion, which helps smooth transition from IPv4 to IPv6.

Basic NAT Concepts

• NAT service board: is a physical board that has the NAT capability.

• NAT address pool: is an address pool used to manage NAT address resources.

• NAT traffic diversion: uses diversion rules to identify user packets that need to be translated using NAT and direct the packets to a NAT service board for NAT translation.

• NAT instance: is a service configuration unit that is bound to NAT service boards, address pools, and other NAT attributes.

NAT Conversion

1. After receiving packets, the device checks whether NAT is required. The ME60 filters the user packets that need to be processed by NAT based on an ACL bound to the traffic diversion policy.
If user packets match the ACL, NAT traffic diversion is performed.
If the user packets do not match the ACL, the device forwards the packet based on the common packet forwarding process.
2. The ME60 diverts the user packets to the NAT service board bound to the NAT instance for translation.
3. The ME60 selects the IP address and port number from the address pool and port range bound to the NAT instance to replace the existing source IP address and port number in the user packet to implement NAT.
4. After the translation, the user packets are forwarded to the next hop based on the regular forwarding process.

Reverse NAT Conversion

1. After receiving a packet, the ME60 determines whether to perform reverse NAT translation.
The ME60 filters the user packets in FIB traffic diversion mode and diverts user packets that need to be translated to a NAT service board for translation.
If the destination address in the user packet matches a NAT address pool route in the FIB table, the ME60 performs reverse NAT.
If the destination address of a user packet matches a route of another type, the ME60 forwards the packet based on the regular packet forwarding process.
2. The ME60 diverts the packets that require NAT reverse translation to the NAT service board.
3. The NAT service board performs reverse translation on user packets based on NAT mapping entries. The destination IP address and port number in each user packet are replaced with a private IP address and a port number.
4. After reverse NAT is performed, user packets are forwarded to the next hop based on the regular forwarding process.

NAT Classification

NAT translates between private and public IP addresses carried in the headers of IP data packets. Various NAT modes are defined based on classification rules.

Centralized NAT load balancing

Distributed NAT load balancing

ME60 NAT Card and License

If you want an ME60 to provide the NAT44, DS-Lite or L2NAT function, install a VSUF-80/VSUF-160 on the ME60 and configure the following licenses.

• NAT session license

NAT session licenses are classified as 2M NAT session licenses and 16M NAT session licenses.

If you want a VSUF-80 to support 10M NAT sessions, configure five 2M NAT session licenses. If you want a VSUF-80 to support more than 16M NAT sessions, use the 16M NAT session license in preference.

If you want a VSUF-160 to support 10M NAT sessions, configure five 2M NAT session licenses. If you want a VSUF-160 to support more than 16M NAT sessions, use the 16M NAT session license in preference.

• DS-Lite license

One VSUF-80 requires one DS-Lite license. A VSUF-80 can provide the DS-Lite function only after this license is configured.

• L2-Aware NAT license

One VSUF-80 requires one L2-Aware NAT license. A VSUF-80 can provide the L2-Aware NAT function only after this license is configured.

CGN vs. NAT: What’s the Difference?

XPONSHOP offers ME60 series BRAS solution and hardware. And if you need the technical support about ME60 configuration, please email us at sales@xponshop.com.

END