Community discussions

MikroTik App
 
Rogelio
just joined
Topic Author
Posts: 1
Joined: Wed Apr 07, 2021 2:23 pm

1:1 - NAT L2 - Configuration

Wed Apr 07, 2021 2:47 pm

Hello everyone,

Please have an application where I need to nat some equipment, but I cannot use the gateway on these equipment to do NAT as is done in L3.
I researched and found a function that cisco implemented in its routers called NAT L2, does this function exist in any Mikrotik router with another name?
Below is a description of how NAT L2 works.
Information About L2 Network Address Translation (NAT)
One-to-one (1:1) Layer 2 NAT is a service that allows the assignment of a unique public IP address to an existing private IP address (end device), so that the end device can communicate on both the private and public subnets. This service is configured in a NAT-enabled device and is the public “alias” of the IP address physically programmed on the end device. This is typically represented by a table in the NAT device.
Layer 2 NAT has two translation tables where private-to-public and public-to-private subnet translations can be defined. Layer 2 NAT is a hardware based implementation that provides the same high level of (bump-on-the-wire) wire-speed performance. This implementation also supports multiple VLANs through the NAT boundary for enhanced network segmentation.
In the following example, Layer 2 NAT translates addresses between sensors on a 192.168.1.x network and a line controller on a 10.1.1.x network.
1. The 192.168.1.x network is the inside/internal IP address space and the 10.1.1.x network is the outside/external IP address space.
2. The sensor at 192.168.1.1 sends a ping request to the line controller by using an “inside” address, 192.168.1.100.
3. Before the packet leaves the internal network, Layer 2 NAT translates the source address (SA) to 10.1.1.1 and the destination address (DA) to 10.1.1.100.
4. The line controller sends a ping reply to 10.1.1.1.
5. When the packet is received on the internal network, Layer 2 NAT translates the source address to 192.168.1.100 and the destination address to 192.168.1.1.
Figure 1. Translating Addresses Between Networks
Image
1:1 Layer 2 vs. Layer 3 NAT
Historically 1:1 NAT has been implemented in software on Layer 3, meaning the NAT
enabled device acts as the default gateway (router) for all the devices on the private
subnet. The NAT device will intercept traffic on behalf of its private subnet devices,
perform the translation, and route traffic to the private subnet appropriately. As a software
implementation, Layer 3 NAT translations typically are handled by the host CPU on the NAT
device. Performance of a software NAT implementation is tied directly to the loading the
host CPU can handle.

The Layer 2 1:1 NAT implementation differs in several areas. Rather than acting as the
default gateway for the private subnet, Layer 2 NAT has two translation tables where
private-to-public and public-to-private subnet translations can be defined. Layer 2 NAT
is a hardware-based implementation that provides wire speed performance throughout
switch loading. This implementation also supports multiple VLANs through the NAT
boundary for enhanced network segmentation. Ring architecture support is built into
Layer 2 NAT, allowing redundancy through the NAT boundary.

Image

Thanks for help,

Who is online

Users browsing this forum: No registered users and 63 guests