NAT out of the same interface

accidentaladmin · ‎11-05-2024

Hi

I've been looking for a solution for a few days and I'm feeling that I'm only wasting my time on searching on so I decided to ask here.

Scenario is as simple as follows:

What I try to accomplish is to send IPERF_client traffic to R1 to be redirected back to IPERF_server (sever and client are hosted on the same machine) so the IPERF_client is kinda being fooled that it is doing iperf with R1 but is actually doing it with itself but via R1 (out of its outer interface). Everyone in this scenario knows (has a route) how to get to each other.

I know this is not the best way of measuring bandwidth but it's only for diagnostic purposes.

On Huawei USG series is as simple as typing:

>nat server [some_name] global [R1_address] inside [iperf_machine_addres] unr-route

without specifying which interface is inside or outside.

I looking for equivalent if there's any in Cisco world.

My equipment:

Cisco C921-4P ; IOS 15.8(3)M6

I hope I described whole matter clear enough...

M02@rt37 · ‎11-05-2024

Hello @accidentaladmin

you can set up a static NAT configuration.

You will need to create a static NAT entry to map the public IP address of `R1` to the private IP address of the `iperf_machine`.

Use an ACL to specify which traffic should be translated.

Make sure NAT is enabled on the appropriate interfaces.

---

Assuming:
- `R1_address` (public IP address) is `203.0.113.1`
- `iperf_machine_address` (private IP address) is `192.168.1.10`
- `R1` is connected to the internet through its outside interface.

interface GigabitEthernet0/0
ip address 203.0.113.1 255.255.255.0 ! Outside interface
ip nat outside

interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0 ! Inside interface
ip nat inside

ip nat inside source static 192.168.1.10 203.0.113.1

** Optionally, if you want to allow specific traffic, create an access list
access-list 10 permit ip host 203.0.113.1 any

ip nat inside source list 10 interface GigabitEthernet0/0 overload

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

accidentaladmin · ‎11-05-2024

Thank you for your reply but assumption that you made isn't neccesarily applying to my scenario. The point is that IPERF_machine generates traffic towards R1 interface and R1 redirects it back to IPERF_machine out of THE SAME interface that it has received it - so there's no way of assigning ip nat outside and ip nat inside to the same interface.

Ok, I'll keep simple with my explanation:

I tried with ip nat inside...:

interface GigabitEthernet4.10
encapsulation dot1Q 10
ip address 10.0.0.25 255.255.255.248
ip nat inside
ip virtual-reassembly in

----------------------------

ip nat inside source static [iperf_machine_ip] 10.0.0.2

...and what I get is when IPERF_machine pings 10.0.0.2 it gets reply from R1's pretending to be 10.0.0.2

but it doesn't work for my purpose. Whenever I issue from iperf_machine a comannd like iperf3 -c 10.0.0.2 or ssh 10.0.0.2 etc. I should be able to iperf or ssh with myself (iperf_machine) but it should happen through R1. What I get is "connection refused" message from R1 (as though R1 thought that ssh or iperf is destined for him)

Best regards

MHM Cisco World · ‎11-10-2024

are this issue not solve yet?

MHM

balaji.bandi · ‎11-10-2024

 IPERF_client traffic to R1 to be redirected back to IPERF_server (sever and client are hosted on the same machine) so the IPERF_client

I do not think that is correct way of measuring the outcome using iperf

iperf looks for Server and Client different IP address for the best outcome.

I know you looking to NAT to do the task, but the outcome with NAT as expected as results of real outcome.

If this is Internet Link testing, there are lot of Internet testing link depends on geo location to test.

or use 2 Interface in the same Laptop connect to 2 different IP and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Dan Frey · ‎11-10-2024

There is vasi interface feature that can do this type of NAT. Attached is a diagram with the relevant configuration. To test I have ubuntu using unique namespaces for the iperf client and server. When the VASI interface NAT is applied the ping test has a response that is different when compared to the original IP address. This prevented iperf from making the TCP connection end to end on the ubuntu network namespaces.

root@vmUbuntu:/home/dafrey# ip netns exec br-shyn ping 1.2.3.4
PING 1.2.3.4 (1.2.3.4) 56(84) bytes of data.
64 bytes from 10.0.129.5: icmp_seq=1 ttl=61 time=2.10 ms (DIFFERENT ADDRESS!)
64 bytes from 10.0.129.5: icmp_seq=2 ttl=61 time=2.28 ms (DIFFERENT ADDRESS!)
64 bytes from 10.0.129.5: icmp_seq=3 ttl=61 time=2.17 ms (DIFFERENT ADDRESS!)
64 bytes from 10.0.129.5: icmp_seq=4 ttl=61 time=2.34 ms (DIFFERENT ADDRESS!)

Applied a traditional static NAT policy on the router connected to ubuntu to address this.

root@vmUbuntu:/home/dafrey# ip netns exec br-sc2 iperf3 -s -i 10
-----------------------------------------------------------
Server listening on 5201 (test #1)
-----------------------------------------------------------
Accepted connection from 10.0.131.5, port 47424
[  5] local 10.0.129.5 port 5201 connected to 10.0.131.5 port 47426
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.01  sec  11.1 MBytes  9.32 Mbits/sec                  
[  5]  10.01-10.27  sec   256 KBytes  8.09 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.27  sec  11.4 MBytes  9.29 Mbits/sec                  receiver

root@vmUbuntu:/home/dafrey# ip netns exec br-shyn iperf3 -c 1.2.3.4 -i 10
Connecting to host 1.2.3.4, port 5201
[  5] local 10.0.131.5 port 47426 connected to 1.2.3.4 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-10.01  sec  12.0 MBytes  10.1 Mbits/sec  134    436 KBytes       
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.01  sec  12.0 MBytes  10.1 Mbits/sec  134             sender
[  5]   0.00-10.27  sec  11.4 MBytes  9.29 Mbits/sec                  receiver