I am using ASR1004 for address translation for my subscribers. I have a problem that nat translation session is already a half (1 million) of what ASR1K ESP20 limitation (2 million session). Below is the output of "show ip nat statistics":
Total active translations: 1066570 (31 static, 1066539 dynamic; 1066506 extended)
[Id: 7] route-map NATuser pool New-Pool refcount 1066163
pool New-Pool: netmask 255.255.224.0
start 220.127.116.11 end 18.104.22.168
type generic, total addresses 8190, allocated 2516 (30%), misses 0
max entry: max allowed 10000000, used 1066539, missed 0
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 0
IP alias add fail: 0
Limit entry add fail: 0
My question is, how to decrease this entry without causing harm to the subs? I have seen these commands:
ip nat translation [timeout|tcp-timeout|...] --> will this command delete idle NAT session or any particular NAT session
ip nat transation max-enries .... --> I understand that this will limit session a host/group of host can make. But if the threshold is exceeded, what will happen to the host? Say for example max entriy for a host is 10, what if a host want to make 11 session? What will happen with the last session.
I also have read about carier grade NAT/ large scale NAT, but have not found detail document. Could someone direct me? Or maybe someone can share their experience with NAT in service provider.
if you use CGN (licence required) less memory is required, at least this is what I think.
"In CGN, packets that traverse from inside the network to outside require only the source address port translation; destination address port translation is not required"
Do you have PPPoE subscribers or IPoE (DHCP) subscribers?
I see that there are restrictions with BB and CGN.
Restrictions for Carrier Grade Network Address Translation
Asymmetric routing with box-to-box (B2B) redundancy is not supported in Carrier Grade Network Address Translation (CGN) mode.
B2B redundancy is not supported on broadband with CGN; B2B is supported on standalone CGN.
Broadband is not supported with traditional NAT.
CGN does not support IP sessions.
NAT outside mappings are disabled automatically when CGN operating mode is configured using the ip nat settings mode cgn command.
CGN does not support integration with Cisco Performance Routing (PfR). Commands with the oer keyword are not supported. For example, the ip nat inside source route-map pool overload oer and theip nat inside source list pool overload oer commands are not supported.
The match-in-vrf keyword for intra-VPN NAT is not supported with CGN.
In EVPN A/A + IRB both PE in same EVI have BVI playing a default GW role. Its not supported to have BVI to be shutdown on one of PEs, In this case if if traffic hit this PE with DMAc equal to BVI Custom MAC, then it will drop this traffic du...
Crosswork Cloud - Crosswork Traffic Analysis - FAQ
Crosswork Cloud - Crosswork Traffic Analysis is a Cloud-hosted Software as a Service platform that provides Netflow based Traffic Analytics. The Crosswork Traffic Analysis platform Traffic Analysis, Peeri...
Cisco Champion Radio · S8|E9 Innovations to Achieve a Trustworthy Infrastructure
How do you know for certain that a router in your network has not been altered with since you deployed it? Wouldn’t it be great if you can cryptographically challenge your r...
IOS upgrade on asr9xx mandates rommon upgrades sometimes while they can be optional at other times. You may land up in unwanted situation if proper procedure is not followed during upgrades.
This article will include complete details about rommon ...
In some situation NCS560 RP become unresponsive after reload or powercycle.
In many NCS560 deployments are in remote location, deployment might be large and human intervention should be kept at minimum
Engineering team have been working on a str...