Windows Server 2008 R2 NAT Performance – Guest post by the Windows Product Team!

[ The following performance analysis was submitted to tech•ed backstage by Arpan Gupta and the RRAS team. They own the RRAS/ipnat.sys components of Windows 7/Windows Server 2008 R2. Given that we’re using it for address translation at tech•ed 2009, it is rather handy having them on board. 😉 We challenged the RRAS team to validate using RRAS as a NAT solution for 3000 concurrent clients; here is their excellent and helpful response. They did all the hard work with a physical simulation too! — David ]


NAT protocol is a well known solution to provide simplified internet connection sharing across multiple clients. Theoretically NAT supports 65536 TCP and same number of UDP address-port mappings over a single public address. Practically there’re some hardware bottlenecks which limits its performance. NAT, which is a part of ‘Routing and Remote Access’ services that come as a part of NPAS role with WS08R2, allows multiple hosts to connect to the Internet via a single or multiple external IP addresses. In home networking scenario, number of machines hardly crosses a limit of hundreds. But the number may reach to thousands if we deploy RRAS-NAT in enterprise networking. In some middle scale technical meets or conferences we require to manage 3000-4000 clients behind NAT. With RRAS-NAT we can easily achieve this target. A DHCP server can be used to provide private addresses dynamically along with, DNS server & default gateway (NAT private interface) and NAT will forward the packets to internet. We can also distribute the load via deploying multiple NAT boxes with unique DHCP address scopes. As said earlier, RRAS-NAT also supports a scenario where ISP assigns multiple external IP addresses (instead of one) but in this post we’ll target single external IP address and list out its performance.

Hardware Specification

For a set of 1500+ clients we’ve tested on a WS08R2 machine with below specification:

  • 64 bit Quad-Core with 2GHz Clock processor
  • RAM – 8 GB
  • 2 NICs (Gigabit Ethernet)
  • Assuming that external interface supports sufficient web access bandwidth (= Number of clients X Required average bandwidth per client).

Measured Performance

Use case scenario: 1500+ clients each having 5 open internet sessions and each of these sessions consumes 20 Kbps (Total 100 Kbps) bandwidth.


  • We’ve observed up to 100 Mbps average data transfer speed across public interface of NAT flawlessly.
  • With 1100 mappings (each of 100 Kbps sessions) CPU consumption was measured in order of 15%~20% and for 1500+ it was in order of 25%~30%.

Steps to configure a NAT box:

  • Connect external NIC (Say X) to internet and assign a static IP A.B.C.D to another interface (Say Y).
  • Install RRAS role and configure it via NAT path.


  • Choose ‘X’ for internet NIC and ‘Y’ for intranet NIC.
  • Install DHCP role and configure it. While configuring bind it to ‘Y’ NIC.
  • Add a scope with mask. (Please note that A.B.C.D should fall under it.)
  • During various steps fill A.B.C.D as preferred DNS server & default gateway.



  • Now connect the clients to ‘Y’ NIC using hub or switch.
  • Clients will get IP address, default gateway & DNS server through DHCP server and NAT will route them to web.
  • In case of more number of clients, deploy & configure more WS08R2 boxes. Please use unique address scope for each DHCP server.


David Connors, from TechEd, who came up with this requirement. R.Sai Ganesh, who arranged & configured required test setup. Mahmoud Elhaddad for providing technical details about IPNAT driver.

Further information

You can stay up-to-date with the RRAS team by pointing your browser or RSS reader here: