cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2996
Views
0
Helpful
10
Replies

NAT over utilized?

Hi All,

I just want to know about the results of NAT translations below. Need to know your inputs. Don't know what are the meaning of highlighted below. Thanks in advance!

Router1:

Total active translations: 2600 (4 static, 2596 dynamic; 2596 extended)
Outside interfaces:
GigabitEthernet0/1/0
Inside interfaces:
Port-channel1.99, Port-channel1.100, Port-channel1.101
Hits: 915070021 Misses: 7640111
Expired translations: 7576409
Dynamic mappings:
-- Inside Source
[Id: 2] access-list NAT_ACL interface GigabitEthernet0/2/0 refcount 2513
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
In-to-out drops: 176674 Out-to-in drops: 24189
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 46628
IP alias add fail: 0
Limit entry add fail: 0

Router2:

Total active translations: 5029 (1 static, 5028 dynamic; 5028 extended)
Outside interfaces:
GigabitEthernet0/0/1, GigabitEthernet0/1/0
Inside interfaces:
GigabitEthernet0/0/0, Port-channel2.99, Port-channel2.100
Port-channel2.101
Hits: 546320465 Misses: 6446100
Expired translations: 6445134
Dynamic mappings:
-- Inside Source
[Id: 3] access-list NAT_ACL interface GigabitEthernet0/1/0 refcount 5027
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
In-to-out drops: 80066 Out-to-in drops: 59164
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 74851
IP alias add fail: 0
Limit entry add fail: 0

-Matt

10 Replies 10

Philip D'Ath
VIP Alumni
VIP Alumni

How you got any NAT restrictions configured, like:

ip nat translation max-entries ...

No. I dont have configured max-entries. The only suggested to configured for me is the 1hr expiration of translation "ip nag translation timeout 3600". Is there anything wrong on the outputs of the nat stat?

I'm confused by the "id" in the output.  Is by chance an HSRP NAT configuration?

Yes. We used HSRP NAT configuration. So the Router1 is the primary for the half of the traffic and the Router 2 for the other half.

I suspect these numbers my reflect that the standby can't apply the NATs that it knows about because it is the standby, and on becoming active it will work.

Not sure.  If you aren't observing any issues I don't think I would worry about it.

BTW. Our setup are just like this.

ISP1                              ISP2

HSRP1 - Active            HSRP2 - Active

HSRP2 - Standby         HSRP1 - Standby

NAT1                            NAT2

I observed that the slowness occurs eventually in ISP2. When I try to re-route some traffic from ISP2 to ISP1. I haven't received an issue occurrence. 

Do you know what was the meaning of this part in the results?

"In-to-out drops: 80066 Out-to-in drops: 59164"

Thanks!

I don't know.  My guest guess is the router dropped the packet because it was being processed by the other router (aka was in HSRP standby mode).

Is NAT can cause of latency/disconnections?

Latency, not usually.  Disconnections, yes if it is having a problem.

Ok. Maybe I should take a look deep to the NAT issues. Thanks Bro! Have a nice a day.

Review Cisco Networking for a $25 gift card