Cisco Community
English
Register
Cisco Community Events are getting a new name! LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
169
Views
0
Helpful
1
Replies
Highlighted
jny
jny Beginner
Beginner
‎08-07-2019 11:28 PM
‎08-07-2019 11:28 PM

CGN behavior on ASR1001X

Trying to determine how the CGN function balances sessions across a pool of public IPs.

 

With my current config (se below), NAT'ing jumps wildly between public IPs.   An "inside" hosts changes public IP per session. I expected this, but not at this level. 

 

On an "outside" server, I logged this.  

 

<SNIP>

Mon, 05 Aug 2019 15:20:54 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:25:02 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:26:05 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:48:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:57:04 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:59:06 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:59:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:02:25 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:03:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:03:53 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:13:52 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:21:55 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Tue, 06 Aug 2019 08:30:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}

Tue, 06 Aug 2019 08:59:15 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.64}

</SNIP>

 

The NAT-function works fine, but I would like some more "stickyness".    Docs does not describe anything usefull.

 

!

ip nat settings mode cgn
no ip nat settings support mapping outside
no ip nat service pptp
ip nat pool POOL1 42.42.42.64 42.42.42.79 prefix-length 28
prefix-length 24
ip nat inside source list CGN-PRIVATE-SPACE1 pool POOL1 overload
ip nat inside source list CGN-PRIVATE-SPACE2 pool POOL1 overload
!

ip access-list standard CGN-PRIVATE-SPACE1
permit 100.64.0.0 0.0.63.255

ip access-list standard CGN-PRIVATE-SPACE2
permit 100.64.64.0 0.0.63.255
!

 

 

/Nykaer

Everyone's tags (3)
0 Helpful
Reply
1 REPLY 1
Evgeniy Prichinin
Evgeniy Prichinin Beginner
Beginner
‎08-16-2019 02:21 AM
‎08-16-2019 02:21 AM

Re: CGN behavior on ASR1001X

Try to set ip nat settings pap limit 30 bpa

also you could set timeout for connections.

0 Helpful
Reply
Latest Contents
NCS5500 general health check CLI's and expectations
Created by arajhans on 06-18-2019 11:21 AM
0
15
0
15
XR-vm - CLI's Description show context  look for any process crash, review time stamp[if it is too old, then no immediate action needed] show redundancy verify if standby state  is Ready and NSR-Ready show proc cpu | exclude " 0%" ... view more
Conditional Route advertisement
Created by xthuijs on 06-13-2019 11:26 AM
0
10
0
10
Symptoms It's been a long standing ask for XR to support conditional route advertisements in BGP. The expected option of using the             if rib-has-route option in RPL currently can only be used at the default-inf... view more
IOS-XR QoS ECN feature on NCS5500
Created by arajhans on 05-31-2019 10:25 AM
0
0
0
0
On IOS-XR, Quality of Service has an extension to WRED (Weighted Random Early Detection) called Explicit Congestion Notification (ECN). ECN will mark packets instead of dropping them when the average queue length exceeds a specific threshold value. When c... view more
Pre-Defined NAT White Paper
Created by pulatha on 05-17-2019 02:25 AM
0
5
0
5
Technical Guide to Pre-Defined NAT. Abstract In traditional NAT, due to the government regulations logging the CGN translations is mandatory and this is a huge cost incurrence. In Pre-defined NAT, the translations are known upfront, hence there is no nee... view more
ASR9K Line Card ECMP Hashing
Created by pewang on 05-08-2019 02:23 PM
0
0
0
0
 
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.