Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11333
Views
10
Helpful
5
Replies

What is faster, routing or NAT?

Go to solution
mihailsolovey
Level 1
Level 1

‎06-25-2013 03:01 AM - edited ‎03-04-2019 08:17 PM

Hello!

I've heard an opinion, that routing works faster then NAT, but I can't find any information proving this. For example, if I have several NAT connections on my way to the ISP, it will slow web browsing. Is it true?

My second question is about router's recourses. I almost sure that NAT takes more recourses than routing. Confirm it, if it's correct.

Thank you! 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎06-25-2013 03:31 AM

Hello Mikhail,

The concept of "speed", i.e. what is "faster", is somewhat vague, and it is really difficult to compare the NAT to the routing because they fulfill essentially different functions.

Routing is primarily concerned with lookups - trying to find a matching entry in a routing table. Nowadays, in software-based routers, this is done by creating a prefix tree index over a routing table, performing a longest prefix match in this tree and using the located information to forward the packet (Cisco calls this the CEF). Apart from decreasing the TTL in the packet header and recomputing the header checksum, no more work over a packet is required. In hardware-based routers, the lookup is done in specialized hardware and always within a constant time.

NAT is concerned with lookups in the translation table (exact match, as opposed to prefix-based match during routing) and packet modification. In the case of NAT, you peform a lookup into the translation table to know how to modify the addressing fields of the packet header, optionally the segment header, and in several cases, you also inspect the payload to perform L7 NAT (for example rewriting address/port numbers in FTP or SIP communication). Especially if the NAT needs to modify the packet payload, this can get complicated. After all this modification, several checksums have to be updated as well (L4 segment checksum, L3 packet header checksum, possibly L7 checksum if the application uses any checksums itself).

The complexity of the NAT appears to be higher but from the viewpoint of the number of operations when rewriting pure L3 headers in a static 1:1 mapping, there may be fewer operations than if routing a packet over a routing table containing tens of thousands of entries.

What I am saying is that the answer to your question depends strongly on how the NAT and routing code is implemented and how complex the NAT and routing configuration is.

What can be said with certainty - a router performing only routing will be loaded less than a router that performs both NAT and routing. Please note that there is no such thing as a router performing NAT without routing. That is why I find comparing the complexity of the routing to the complexity of NAT to be somewhat inappropriate. You can't have NAT without routing, so why ask which one of them is "faster"?

Best regards,

Peter

View solution in original post

5 Replies 5

Go to solution
mfurnival
Level 4
Level 4

‎06-25-2013 03:14 AM

I don't have any facts or figures to back it up but I am pretty certain that NAT is more CPU / memory intensive than simple routing of packets. Consider that the router has to setup and maintain NAT translations which need to be actively maintained whereas routing of packets should be performed by CEF which has no impact on the CPU.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to mfurnival

‎06-25-2013 03:33 AM

Hi,

routing of packets should be performed by CEF which has no impact on the CPU

This would be true in multilayer switches and hardware-assisted routers where the FIB is stored in TCAM. However, on software-based routers like ISR G1 and G2, the CEF is implemented purely in software (the FIB is a prefix trie, the ADJ is a table), and so on these platforms, even with CEF, each and every packet gets handled by the CPU. It is true, though, that the CEF organizes the necessary routing information in a way that is very efficient for lookups and use so the the load on the CPU is greatly reduced when comparing this to basic process switching.

Best regards,

Peter

0 Helpful

Go to solution
mihailsolovey
Level 1
Level 1
In response to mfurnival

‎06-25-2013 03:44 AM

Thank you very much for reply, mfurnival!

I completely agree with your explanation!

And what about speed of NAT? Does it work more slowly than routing? Honestly, I think that it is just a myth! Even if it is, difference it is very small, less or equal 1 millisecond I think.

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎06-25-2013 03:31 AM

Hello Mikhail,

The concept of "speed", i.e. what is "faster", is somewhat vague, and it is really difficult to compare the NAT to the routing because they fulfill essentially different functions.

Routing is primarily concerned with lookups - trying to find a matching entry in a routing table. Nowadays, in software-based routers, this is done by creating a prefix tree index over a routing table, performing a longest prefix match in this tree and using the located information to forward the packet (Cisco calls this the CEF). Apart from decreasing the TTL in the packet header and recomputing the header checksum, no more work over a packet is required. In hardware-based routers, the lookup is done in specialized hardware and always within a constant time.

NAT is concerned with lookups in the translation table (exact match, as opposed to prefix-based match during routing) and packet modification. In the case of NAT, you peform a lookup into the translation table to know how to modify the addressing fields of the packet header, optionally the segment header, and in several cases, you also inspect the payload to perform L7 NAT (for example rewriting address/port numbers in FTP or SIP communication). Especially if the NAT needs to modify the packet payload, this can get complicated. After all this modification, several checksums have to be updated as well (L4 segment checksum, L3 packet header checksum, possibly L7 checksum if the application uses any checksums itself).

The complexity of the NAT appears to be higher but from the viewpoint of the number of operations when rewriting pure L3 headers in a static 1:1 mapping, there may be fewer operations than if routing a packet over a routing table containing tens of thousands of entries.

What I am saying is that the answer to your question depends strongly on how the NAT and routing code is implemented and how complex the NAT and routing configuration is.

What can be said with certainty - a router performing only routing will be loaded less than a router that performs both NAT and routing. Please note that there is no such thing as a router performing NAT without routing. That is why I find comparing the complexity of the routing to the complexity of NAT to be somewhat inappropriate. You can't have NAT without routing, so why ask which one of them is "faster"?

Best regards,

Peter

Go to solution
mihailsolovey
Level 1
Level 1
In response to Peter Paluch

‎06-25-2013 04:26 AM

Thank very much you for such detailed unswer, Peter!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card