Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1921
Views
0
Helpful
1
Replies

ASR1K and Large Scale NAT

prima.ramadhan
Level 1
Level 1

‎12-28-2011 06:12 AM - edited ‎03-01-2019 02:31 PM

Hi All,

I am using ASR1004 for address translation for my subscribers. I have a problem that nat translation session is already a half (1 million) of what ASR1K ESP20 limitation (2 million session). Below is the output of "show ip nat statistics":

Total active translations: 1066570 (31 static, 1066539 dynamic; 1066506 extended)

Outside interfaces:TenGigabitEthernet0/1/0

Inside interfaces:

TenGigabitEthernet0/0/0.200, TenGigabitEthernet0/0/0.300

Hits: 716003894051  Misses: 10196539490

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 10430579015

Dynamic mappings:

-- Inside Source

[Id: 7] route-map NATuser pool New-Pool refcount 1066163

pool New-Pool: netmask 255.255.224.0

start 139.255.128.1 end 139.255.159.254

type generic, total addresses 8190, allocated 2516 (30%), misses 0

nat-limit statistics:

max entry: max allowed 10000000, used 1066539, missed 0

Pool stats drop: 0  Mapping stats drop: 0

Port block alloc fail: 0

IP alias add fail: 0

Limit entry add fail: 0

My question is, how to decrease this entry without causing harm to the subs? I have seen these commands:

ip nat translation [timeout|tcp-timeout|...] --> will this command delete idle NAT session or any particular NAT session

ip nat transation max-enries ....    --> I understand that this will limit session a host/group of host can make. But if the threshold is exceeded, what will happen to the host? Say for example max entriy for a host is 10, what if a host want to make 11 session? What will happen with the last session.

I also have read about carier grade NAT/ large scale NAT, but have not found detail document. Could someone direct me? Or maybe someone can share their experience with NAT in service provider.

Thanks,

Prima

Labels:
0 Helpful
1 Reply 1

smailmilak
Level 4
Level 4

‎03-23-2016 02:47 AM

Hi,

if you use CGN (licence required) less memory is required, at least this is what I think.

"In CGN, packets that traverse from inside the network to outside require only the source address port translation; destination address port translation is not required"

Do you have PPPoE subscribers or IPoE (DHCP) subscribers?

I see that there are restrictions with BB and CGN.

Restrictions for Carrier Grade Network Address Translation


  • Asymmetric routing with box-to-box (B2B) redundancy is not supported in Carrier Grade Network Address Translation (CGN) mode.

  • B2B redundancy is not supported on broadband with CGN; B2B is supported on standalone CGN.

  • Broadband is not supported with traditional NAT.

  • CGN does not support IP sessions.

  • NAT outside mappings are disabled automatically when CGN operating mode is configured using the ip nat settings mode cgn command.

  • CGN does not support integration with Cisco Performance Routing (PfR). Commands with the oer keyword are not supported. For example, the ip nat inside source route-map pool overload oer and the ip nat inside source list pool overload oer commands are not supported.

  • The match-in-vrf keyword for intra-VPN NAT is not supported with CGN.

p.s. I know that your post is 4 years old :D

0 Helpful
Customers Also Viewed These Support Documents