Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
513
Views
0
Helpful
1
Replies
Highlighted
jny
Beginner
Beginner
‎08-07-2019 11:28 PM
‎08-07-2019 11:28 PM

CGN behavior on ASR1001X

Trying to determine how the CGN function balances sessions across a pool of public IPs.

 

With my current config (se below), NAT'ing jumps wildly between public IPs.   An "inside" hosts changes public IP per session. I expected this, but not at this level. 

 

On an "outside" server, I logged this.  

 

<SNIP>

Mon, 05 Aug 2019 15:20:54 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:25:02 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:26:05 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:48:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:57:04 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 15:59:06 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 15:59:13 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:02:25 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:03:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Mon, 05 Aug 2019 16:03:53 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:13:52 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}
Mon, 05 Aug 2019 16:21:55 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.78}
Tue, 06 Aug 2019 08:30:44 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.79}

Tue, 06 Aug 2019 08:59:15 +0200 [ERROR] {"username":"REMOTE-PROBE","remote":"42.42.42.64}

</SNIP>

 

The NAT-function works fine, but I would like some more "stickyness".    Docs does not describe anything usefull.

 

!

ip nat settings mode cgn
no ip nat settings support mapping outside
no ip nat service pptp
ip nat pool POOL1 42.42.42.64 42.42.42.79 prefix-length 28
prefix-length 24
ip nat inside source list CGN-PRIVATE-SPACE1 pool POOL1 overload
ip nat inside source list CGN-PRIVATE-SPACE2 pool POOL1 overload
!

ip access-list standard CGN-PRIVATE-SPACE1
permit 100.64.0.0 0.0.63.255

ip access-list standard CGN-PRIVATE-SPACE2
permit 100.64.64.0 0.0.63.255
!

 

 

/Nykaer

Everyone's tags (3)
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Evgeniy Prichinin
Beginner
Beginner
‎08-16-2019 02:21 AM
‎08-16-2019 02:21 AM

Re: CGN behavior on ASR1001X

Try to set ip nat settings pap limit 30 bpa

also you could set timeout for connections.

View solution in original post

0 Helpful
Reply
1 REPLY 1
Highlighted
Evgeniy Prichinin
Beginner
Beginner
‎08-16-2019 02:21 AM
‎08-16-2019 02:21 AM

Re: CGN behavior on ASR1001X

Try to set ip nat settings pap limit 30 bpa

also you could set timeout for connections.

View solution in original post

0 Helpful
Reply
Latest Contents
performing a manual iPXE boot (eXR password/disaster recover...
Created by xthuijs on 05-28-2020 05:38 AM
1
5
1
5
CCO documentation lists out the ability to do a password recovery for eXR with a ZTP/PXE boot. One can also perform the operation manually, like a "turboboot" for classic XR in this facinity. this procedure will wipe out the complete system and install a... view more
Introduction to MPLS LDP and MPLS-TE and SR and SR-TE (color...
Created by smilstea on 03-24-2020 04:25 PM
1
5
1
5
Hi everyone, Below is a link to a video showing how to analyze traceroute output in L3VPN and look up CEF forwarding and MPLS/TE/SR/SR-TE forwarding for labels through a domain. Some basic examples of traffic engineering are used but the concepts lend the... view more
[CVIM] Pod health check
Created by gosekar on 02-10-2020 12:24 AM
0
0
0
0
Introduction This document summarises various health checks that can be done on a Cisco VIM pod.   Cloud-sanity Cloud sanity checks the health status of network, storage and various openstack infrastructure components like mariadb, rabbitmq etc.... view more
Hardware Upgrade from RSP440 to RSP880-LT
Created by pallu on 02-06-2020 09:23 PM
0
25
0
25
Prerequisites        The following pre-requisites are necessary for the migration from RSP440 to RSP880-LT to be successful. Make sure that you have console access to the router. Verify that the system is running a minimum o... view more
BGP Flowspec implementation on Cisco 8000 platforms
Created by yosef_manasseh on 01-29-2020 01:21 PM
0
0
0
0
Feature Description     BGP flowspec in a nutshell is a feature that will allow you to receive IPv4/IPv6 traffic flow specification (source X, destination Y, protocol UDP, source port A .. etc) and actions that need to be taken on that traffic (... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad

Cisco COVID-19 Survey