I am using ASR1004 for address translation for my subscribers. I have a problem that nat translation session is already a half (1 million) of what ASR1K ESP20 limitation (2 million session). Below is the output of "show ip nat statistics":
Total active translations: 1066570 (31 static, 1066539 dynamic; 1066506 extended)
[Id: 7] route-map NATuser pool New-Pool refcount 1066163
pool New-Pool: netmask 255.255.224.0
start 188.8.131.52 end 184.108.40.206
type generic, total addresses 8190, allocated 2516 (30%), misses 0
max entry: max allowed 10000000, used 1066539, missed 0
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 0
IP alias add fail: 0
Limit entry add fail: 0
My question is, how to decrease this entry without causing harm to the subs? I have seen these commands:
ip nat translation [timeout|tcp-timeout|...] --> will this command delete idle NAT session or any particular NAT session
ip nat transation max-enries .... --> I understand that this will limit session a host/group of host can make. But if the threshold is exceeded, what will happen to the host? Say for example max entriy for a host is 10, what if a host want to make 11 session? What will happen with the last session.
I also have read about carier grade NAT/ large scale NAT, but have not found detail document. Could someone direct me? Or maybe someone can share their experience with NAT in service provider.
if you use CGN (licence required) less memory is required, at least this is what I think.
"In CGN, packets that traverse from inside the network to outside require only the source address port translation; destination address port translation is not required"
Do you have PPPoE subscribers or IPoE (DHCP) subscribers?
I see that there are restrictions with BB and CGN.
Restrictions for Carrier Grade Network Address Translation
Asymmetric routing with box-to-box (B2B) redundancy is not supported in Carrier Grade Network Address Translation (CGN) mode.
B2B redundancy is not supported on broadband with CGN; B2B is supported on standalone CGN.
Broadband is not supported with traditional NAT.
CGN does not support IP sessions.
NAT outside mappings are disabled automatically when CGN operating mode is configured using the ip nat settings mode cgn command.
CGN does not support integration with Cisco Performance Routing (PfR). Commands with the oer keyword are not supported. For example, the ip nat inside source route-map pool overload oer and theip nat inside source list pool overload