Endpoint Independent Mapping (EIM) refers to assigning the same external address and port for all connections from a given host if they use the same internal address and port. It ensures that even if the destination address or port of the traffic originating from a private network IP or port are different, the requests originating from that pair of private IP and port will always be mapped to the same public NAT IP and port.
Configuration
admin@Site2Branch1-cli(config)% show orgs org-services ServiceProvider cgnat
pools {
Failover-Pool-ISPA-Network {
routing-instance ISPA-Network-Transport-VR;
egress-network [ ISPA-Network ];
address-allocation round-robin;
source-port {
allocation-scheme range-based;
random-allocation;
range {
low 1024;
high 32000;
}
}
}
}
rules {
From_Redundant_To_ISPA-Network_Traffic {
precedence 1;
from {
source-zone [ Intf-ISPA-Network-Failover-Zone ];
destination-zone [ Intf-ISPA-Network-Zone ];
routing-instance ISPA-Network-Transport-VR;
source-address [ 172.16.255.2/32 ];
}
then {
translated {
translation-type napt-44;
source-pool Failover-Pool-ISPA-Network;
mapping-type endpoint-independent;
}
}
}
}Verification
Run the show orgs org-services ServiceProvider cgnat ei-mappings | notab CLI to view active Endpoint Independent Mappings on Versa FlexVNF.
Reference count in the following CLI indicates the number of current sessions using this EIM.
admin@Site2Branch1-cli> show orgs org-services ServiceProvider cgnat ei-mappings | notab cgnat ei-mappings ISPA-Network-Transport-VR 172.16.255.2 4790 public-vrf ISPA-Network-Transport-VR public-ip 70.70.10.2 public-port 12138 pool-name Failover-Pool-ISPA-Network reference-count 24 vsn-id 0
Use Case
EIM is used in active-active SDWAN branch deployment, where a branch uses the same public IP and port to talk to the controller and all the other peer branches. EIM along with EIF (Endpoint Independent Filtering) keep NAT pinholes active and allow traffic from either direction.
Refer to RFC 4787 (Section 4.1) to learn more about EIM.