Though port-overloading and port-translation seems to be almost equivalent, this article focuses on a minute difference between these two.
Below example will bring out the difference between two:
Example:
========
Client (10.1.1.1) —— (10.1.1.2) SRX (1.1.1.1) ——– ISP ——- Servers (2.2.2.2, 3.3.3.3, 4.4.4.4)
Consider SRX has interface based NAT configured on it.
This means if my client sends a packet to each of the server 2.2.2.2, 3.3.3.3, 4.4.4.4, it would take a source IP as 1.1.1.1
Scenario 1:
======== Sessions after NAT could be like these: 10.1.1.1/1299 ---> 2.2.2.2/80 2.2.2.2/80 ---> 1.1.1.1/5000 10.1.1.1/1300 ---> 3.3.3.3/80 3.3.3.3/80 ---> 1.1.1.1/5000 10.1.1.1/1301 ---> 4.4.4.4/80 4.4.4.4/80 ---> 1.1.1.1/5000
Scenario 2:
======== Sessions after NAT could be as follows: 10.1.1.1/1299 ---> 2.2.2.2/80 2.2.2.2/80 ---> 1.1.1.1/5000 10.1.1.1/1300 ---> 3.3.3.3/80 3.3.3.3/80 ---> 1.1.1.1/5001 10.1.1.1/1301 ---> 4.4.4.4/80 4.4.4.4/80 ---> 1.1.1.1/5002
Now, in both scenarios mentioned above there is a PAT, because I do see a change in the port numbers after NAT.
Here comes the difference:
In scenario 1, port-overloading is at work but not in scenario 2. The reason is because I am using the same port 5000 for interface NAT’d IP, 1.1.1.1 for 3 different sessions but not in scenario 2.