03-24-2020 03:13 AM
Hello
i have router with Ios xe and make NAT for client's
i have 128 public ip address (/25)
my config is
ip nat pool PublicPool 94.231.X.X 94.231.X.254 prefix-length 25 ip nat inside source list 1 pool PublicPool overload
so everything is ok
i have now more of 4500 client is connect'ed and they have internet access by NAT
the problem is a the nat used may public ip address
for 4000 Clinet's now is allocated 118 (98%) of my Public ip address pool
[Id: 1] access-list 1 pool PublicPool refcount 522515 pool PublicPool: id 1, netmask 255.255.255.128 start 94.231.X.X end 94.231.X.254 type generic, total addresses 120, allocated 118 (98%), misses
more information of my config
ip nat settings mode cgn no ip nat settings support mapping outside ip nat translation timeout 60 ip nat translation tcp-timeout 500 ip nat translation udp-timeout 30 ip nat translation finrst-timeout 10 ip nat translation syn-timeout 10 ip nat translation dns-timeout 30 ip nat translation icmp-timeout 30
my question is how many public i need for every 5000 Client's connected ,
and how i can make some optimize to save public ip used by nat ?
Solved! Go to Solution.
03-24-2020 05:05 AM - edited 03-24-2020 05:06 AM
You can observe only certain clients
show ip nat translations inside X.X.X.X total
If look at the your current Total number of translations you will be enough 16 IP. But if only it is a peak quantity. You can secure yourself and use 32 IP.
You must understand the maximum number of translations. And then you can make decision
But I would use 64 IP for 5000 clients.
03-24-2020 05:54 AM
03-24-2020 03:33 AM
Is it ISP network or enterprise?
You should to understand how many ports your clients use on average. In my opinion you should expect on 1000 ports per client. So 65536 divided by 1000 equals 65,536. Let's round up to 65. It is quantity of users per IP. So if you want to know how many IP you need for 5000 clients divide 5000 by 65. It will be approximately 76 IP's
03-24-2020 04:34 AM
03-24-2020 05:05 AM - edited 03-24-2020 05:06 AM
You can observe only certain clients
show ip nat translations inside X.X.X.X total
If look at the your current Total number of translations you will be enough 16 IP. But if only it is a peak quantity. You can secure yourself and use 32 IP.
You must understand the maximum number of translations. And then you can make decision
But I would use 64 IP for 5000 clients.
03-24-2020 05:11 AM
03-24-2020 05:46 AM - edited 03-24-2020 05:48 AM
Sorry I did't see that you use CGNAT. Of course CGNAT double the session number.
Do you use PAP (Paired-Address-Pooling)?
ip nat settings pap
Also in this command
Fiberband-PerUser#sh ip nat translations inside 94.231.199.211 total
you should use inside local address not a inside global
03-24-2020 05:47 AM
03-24-2020 05:54 AM
03-24-2020 05:48 AM
03-24-2020 05:56 AM
03-24-2020 06:14 AM
03-24-2020 05:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide