Arista 7150 Series Hardware Based NAT For Unicast Traffic

Arista 7150 series switches use Intel’s Fulcrum FM6000 (code named ‘Alta’) ASIC for packet processing. The ASIC includes several features for IP header translation including Network Address Translation (NAT). In doing so, packets to be NAT’d are processed by the ASIC which is known as Hardware NAT rather than by CPU known as Software NAT. Hardware NAT provides much better scale and performance compared to Software NAT.  The 7150 series switches can provide 10/40Gbps line rate hardware based NAT  across all Ethernet ports at the same time. The number of available ports varies depending on the particular model – it could be 24 x 10G, 52 x 10G, or 48 x 10G + 4 x 40G.

Static NAT

Since 7150 switches perform static NAT completely in hardware, there is no added latency. The latency of the ASIC is about 350ns, and there is no overhead for performing NAT functionality. There is also no re-circulation of the packet on both forward and reverse paths.

Dynamic NAT

With  dynamic NAT some of the work is done by the CPU – mainly the establishment and tear down of the NAT entries. In order to create hardware NAT entry for a particular dynamic NAT rule, the switch CPU must first see the request to establish a connection.  This first packet is trapped to CPU in order to create the hardware entries. The following packets are punted to CPU for Dynamic NAT:

1.    TCP packets with SYN flag
2.    TCP packets with RST flag
3.    TCP packets with FIN flag
4.    Non-TCP packets

•    A translation rule already in hardware will have more precedence than the above punt rule.
•    By default TCP timeout for a NAT flow is set at 60 minutes.

