Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
541
Views
0
Helpful
2
Replies

Paired-Address Pooling definition

Go to solution
steven.crutchley
Level 3
Level 3

‎11-04-2024 10:00 AM

So, I've been reading this document:

https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/ip-addressing/b-ip-addressing/m_iadnat-bpa.html

and am trying to understand exactly what "Paired-Address Pooling Limit" is.

I can understand these terms...

  • Start port number: The first port number in the port block
  • A step value: the increment to get the next port
  • The number of ports to allocate: Just what it says. The total number of ports that will be given out in this block.

So if you have start port 2000, step value 5 and port range of 100, the first 3 values would be:
2000
2005
2010

and so forth.

But the document then introduces the term Paired-Address Pooling Limit... and I'm struggling to understand what that means, particularly how it fits into this tables

stevencrutchley_0-1730743102913.png

Can anyone explain what this means or provide a link to resources that do?

Thanks in advance. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
AshSe
VIP
VIP

‎01-09-2025 10:23 PM

Hello @steven.crutchley 

The "Paired-Address Pooling Limit" is a concept used in Cisco's NAT (Network Address Translation) configuration to control how IP addresses and port numbers are allocated when performing NAT, particularly in scenarios involving Port Address Translation (PAT) or NAT overload.

To break it down:

What is "Paired-Address Pooling Limit"?

The Paired-Address Pooling Limit is a feature that ensures a consistent pairing between an inside local IP address (the private IP address) and an inside global IP address (the public IP address) when NAT is being used. This means that once a private IP address is mapped to a specific public IP address, all subsequent connections from that private IP will use the same public IP address, as long as the limit is not exceeded.

This is particularly useful in scenarios where applications or protocols require consistent IP address mappings for proper functionality (e.g., certain VoIP or multimedia applications).

How does it work?

When NAT is configured with a pool of public IP addresses, the router can dynamically assign public IP addresses to private IP addresses. Without the "Paired-Address Pooling Limit," the router might assign a different public IP address for each new connection from the same private IP address. This can cause issues for applications that expect a consistent mapping.

The Paired-Address Pooling Limit enforces a limit on how many private IP addresses can share the same public IP address. Once the limit is reached, the router will assign a new public IP address from the pool for subsequent connections.

Example Scenario

  1. You have a NAT pool with 3 public IP addresses: 203.0.113.1, 203.0.113.2, and 203.0.113.3.
  2. You configure a Paired-Address Pooling Limit of 2.
  3. Private IP addresses 192.168.1.1 and 192.168.1.2 are mapped to 203.0.113.1.
  4. If a third private IP address (192.168.1.3) initiates a connection, it will be mapped to the next available public IP address in the pool (203.0.113.2).

This ensures that no more than 2 private IP addresses are paired with the same public IP address.

Why is this important?

The Paired-Address Pooling Limit is important for:

  • Application Compatibility: Some applications require consistent IP address mappings to function correctly.
  • Load Balancing: It helps distribute the load across multiple public IP addresses in the NAT pool.
  • Security: It can reduce the risk of certain attacks by limiting the number of private IPs sharing the same public IP.

How does it relate to your example (ports)?

The port allocation (start port, step value, and number of ports) is a separate mechanism that determines how ports are assigned within a single public IP address. The Paired-Address Pooling Limit operates at a higher level, controlling how many private IP addresses can share the same public IP address, regardless of the port allocation.

 

Hope This Helps!!!

 

AshSe

Forum Tips: 

  1. Insert photos/images inline - don't attach.
  2. Always mark helpful and correct answers, it helps others find what they need.
  3. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
steven.crutchley
Level 3
Level 3

‎11-08-2024 10:55 AM - edited ‎11-08-2024 10:56 AM

So... I think, it might be the number of Ports that each IP can be allocated if you have 65401 ports (65535-1024 reserved)

Because...
120 * 512 = 61440
30 * 2048 = 61440
60 * 1024 = 61440
250 * 256 = 64000
500 * 128 = 64000
1000 * 64 = 64000

But as an example, 65401 / 60 = 1090 (roughly) so I guess the number of ports has to be a power of 2?

0 Helpful

Go to solution
AshSe
VIP
VIP

‎01-09-2025 10:23 PM

Hello @steven.crutchley 

The "Paired-Address Pooling Limit" is a concept used in Cisco's NAT (Network Address Translation) configuration to control how IP addresses and port numbers are allocated when performing NAT, particularly in scenarios involving Port Address Translation (PAT) or NAT overload.

To break it down:

What is "Paired-Address Pooling Limit"?

The Paired-Address Pooling Limit is a feature that ensures a consistent pairing between an inside local IP address (the private IP address) and an inside global IP address (the public IP address) when NAT is being used. This means that once a private IP address is mapped to a specific public IP address, all subsequent connections from that private IP will use the same public IP address, as long as the limit is not exceeded.

This is particularly useful in scenarios where applications or protocols require consistent IP address mappings for proper functionality (e.g., certain VoIP or multimedia applications).

How does it work?

When NAT is configured with a pool of public IP addresses, the router can dynamically assign public IP addresses to private IP addresses. Without the "Paired-Address Pooling Limit," the router might assign a different public IP address for each new connection from the same private IP address. This can cause issues for applications that expect a consistent mapping.

The Paired-Address Pooling Limit enforces a limit on how many private IP addresses can share the same public IP address. Once the limit is reached, the router will assign a new public IP address from the pool for subsequent connections.

Example Scenario

  1. You have a NAT pool with 3 public IP addresses: 203.0.113.1, 203.0.113.2, and 203.0.113.3.
  2. You configure a Paired-Address Pooling Limit of 2.
  3. Private IP addresses 192.168.1.1 and 192.168.1.2 are mapped to 203.0.113.1.
  4. If a third private IP address (192.168.1.3) initiates a connection, it will be mapped to the next available public IP address in the pool (203.0.113.2).

This ensures that no more than 2 private IP addresses are paired with the same public IP address.

Why is this important?

The Paired-Address Pooling Limit is important for:

  • Application Compatibility: Some applications require consistent IP address mappings to function correctly.
  • Load Balancing: It helps distribute the load across multiple public IP addresses in the NAT pool.
  • Security: It can reduce the risk of certain attacks by limiting the number of private IPs sharing the same public IP.

How does it relate to your example (ports)?

The port allocation (start port, step value, and number of ports) is a separate mechanism that determines how ports are assigned within a single public IP address. The Paired-Address Pooling Limit operates at a higher level, controlling how many private IP addresses can share the same public IP address, regardless of the port allocation.

 

Hope This Helps!!!

 

AshSe

Forum Tips: 

  1. Insert photos/images inline - don't attach.
  2. Always mark helpful and correct answers, it helps others find what they need.
  3. For a prompt reply, kindly tag @name. An email will be automatically sent to the member.
0 Helpful
Customers Also Viewed These Support Documents