I am using ASR1004 for address translation for my subscribers. I have a problem that nat translation session is already a half (1 million) of what ASR1K ESP20 limitation (2 million session). Below is the output of "show ip nat statistics":
Total active translations: 1066570 (31 static, 1066539 dynamic; 1066506 extended)
[Id: 7] route-map NATuser pool New-Pool refcount 1066163
pool New-Pool: netmask 255.255.224.0
start 184.108.40.206 end 220.127.116.11
type generic, total addresses 8190, allocated 2516 (30%), misses 0
max entry: max allowed 10000000, used 1066539, missed 0
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 0
IP alias add fail: 0
Limit entry add fail: 0
My question is, how to decrease this entry without causing harm to the subs? I have seen these commands:
ip nat translation [timeout|tcp-timeout|...] --> will this command delete idle NAT session or any particular NAT session
ip nat transation max-enries .... --> I understand that this will limit session a host/group of host can make. But if the threshold is exceeded, what will happen to the host? Say for example max entriy for a host is 10, what if a host want to make 11 session? What will happen with the last session.
I also have read about carier grade NAT/ large scale NAT, but have not found detail document. Could someone direct me? Or maybe someone can share their experience with NAT in service provider.
if you use CGN (licence required) less memory is required, at least this is what I think.
"In CGN, packets that traverse from inside the network to outside require only the source address port translation; destination address port translation is not required"
Do you have PPPoE subscribers or IPoE (DHCP) subscribers?
I see that there are restrictions with BB and CGN.
Restrictions for Carrier Grade Network Address Translation
Asymmetric routing with box-to-box (B2B) redundancy is not supported in Carrier Grade Network Address Translation (CGN) mode.
B2B redundancy is not supported on broadband with CGN; B2B is supported on standalone CGN.
Broadband is not supported with traditional NAT.
CGN does not support IP sessions.
NAT outside mappings are disabled automatically when CGN operating mode is configured using the ip nat settings mode cgn command.
CGN does not support integration with Cisco Performance Routing (PfR). Commands with the oer keyword are not supported. For example, the ip nat inside source route-map pool overload oer and theip nat inside source list pool overload oer commands are not supported.
The match-in-vrf keyword for intra-VPN NAT is not supported with CGN.
In scaled EVPN deployments it can be wise to name ESI that way to represent the site/physical port/etc it is attached to. Thus on some remote location you can easily verify where particular route/MAC is coming from. Similar to phone numbers, where...
Want to enable Feature EPFT with “routing-protocols-enable”. However ,it is throwing an error and ask to configure the following command: “non-subscriber-interfaces mac” which once enabled drops the traffic without any penalty.
XR-vm - CLI's
look for any process crash, review time stamp[if it is too old, then no immediate action needed]
verify if standby state is Ready and NSR-Ready
show proc cpu | exclude " 0%"
It's been a long standing ask for XR to support conditional route advertisements in BGP.
The expected option of using the
option in RPL currently can only be used at the default-inf...
On IOS-XR, Quality of Service has an extension to WRED (Weighted Random Early Detection) called Explicit Congestion Notification (ECN). ECN will mark packets instead of dropping them when the average queue length exceeds a specific threshold value. When c...