Solved: Re: how many public ip address i need for Nat

anas.abdullkarim · ‎03-24-2020

Hello

i have router with Ios xe and make NAT for client's

i have 128 public ip address (/25)

my config is

ip nat pool PublicPool 94.231.X.X 94.231.X.254 prefix-length 25
ip nat inside source list 1 pool PublicPool overload

so everything is ok

i have now more of 4500 client is connect'ed and they have internet access by NAT

the problem is a the nat used may public ip address

for 4000 Clinet's now is allocated 118 (98%) of my Public ip address pool

[Id: 1] access-list 1 pool PublicPool refcount 522515
 pool PublicPool: id 1, netmask 255.255.255.128
        start 94.231.X.X end 94.231.X.254
        type generic, total addresses 120, allocated 118 (98%), misses

more information of my config

ip nat settings mode cgn
no ip nat settings support mapping outside
ip nat translation timeout 60
ip nat translation tcp-timeout 500
ip nat translation udp-timeout 30
ip nat translation finrst-timeout 10
ip nat translation syn-timeout 10
ip nat translation dns-timeout 30
ip nat translation icmp-timeout 30

my question is how many public i need for every 5000 Client's connected ,

and how i can make some optimize to save public ip used by nat ?

Leonid Voronkin · ‎03-24-2020

You can observe only certain clients

show ip nat translations inside X.X.X.X total

If look at the your current Total number of translations you will be enough 16 IP. But if only it is a peak quantity. You can secure yourself and use 32 IP.

You must understand the maximum number of translations. And then you can make decision

But I would use 64 IP for 5000 clients.

________________________________________________________
Если ответ понравился, ставь звёздочку. Если ответ помог решить твою проблему, утверди его в качестве решения

View solution in original post

Leonid Voronkin · ‎03-24-2020

It depends on what do you want. Saying what do you want, I mean what your customers want.

________________________________________________________
Если ответ понравился, ставь звёздочку. Если ответ помог решить твою проблему, утверди его в качестве решения

View solution in original post

Leonid Voronkin · ‎03-24-2020

Is it ISP network or enterprise?

You should to understand how many ports your clients use on average. In my opinion you should expect on 1000 ports per client. So 65536 divided by 1000 equals 65,536. Let's round up to 65. It is quantity of users per IP. So if you want to know how many IP you need for 5000 clients divide 5000 by 65. It will be approximately 76 IP's

________________________________________________________
Если ответ понравился, ставь звёздочку. Если ответ помог решить твою проблему, утверди его в качестве решения

anas.abdullkarim · ‎03-24-2020

Thanks for reply , it's ISP Network
now number of nat translations is
#sh ip nat translations total
Total number of translations: 541543
----------
can i control for ports per client ?

Leonid Voronkin · ‎03-24-2020

You can observe only certain clients

show ip nat translations inside X.X.X.X total

If look at the your current Total number of translations you will be enough 16 IP. But if only it is a peak quantity. You can secure yourself and use 32 IP.

You must understand the maximum number of translations. And then you can make decision

But I would use 64 IP for 5000 clients.

________________________________________________________
Если ответ понравился, ставь звёздочку. Если ответ помог решить твою проблему, утверди его в качестве решения

anas.abdullkarim · ‎03-24-2020

hello thanks for more information
so i have problem
i have now only 4500 client right now
add /25 all is used why !!?

[Id: 1] access-list 1 pool PublicPool refcount 558793
pool PublicPool: id 1, netmask 255.255.255.128
start 94.231.199.131 end 94.231.199.250
type generic, total addresses 120, allocated 120 (100%), misses 114

how to fix that ? as u see 64 IP for 5000 clients. how that ? now only 4500 used 120 IP's

**
Fiberband-PerUser#sh ip nat translations inside 94.231.199.211 total
Total number of translations: 0
----
i have use /
ip nat settings mode cgn
no ip nat settings support mapping outside
/
is effect ?

Leonid Voronkin · ‎03-24-2020

Sorry I did't see that you use CGNAT. Of course CGNAT double the session number.
Do you use PAP (Paired-Address-Pooling)?
ip nat settings pap

Also in this command

Fiberband-PerUser#sh ip nat translations inside 94.231.199.211 total

you should use inside local address not a inside global

________________________________________________________
Если ответ понравился, ставь звёздочку. Если ответ помог решить твою проблему, утверди его в качестве решения

anas.abdullkarim · ‎03-24-2020

so Do you suggest canceling CGNAT ?

Leonid Voronkin · ‎03-24-2020

It depends on what do you want. Saying what do you want, I mean what your customers want.

________________________________________________________
Если ответ понравился, ставь звёздочку. Если ответ помог решить твою проблему, утверди его в качестве решения

anas.abdullkarim · ‎03-24-2020

no , i have used (ip nat settings pap)

anas.abdullkarim · ‎03-24-2020

Do you suggest use default NAT or CGNAT ??
and you can give me a best NAT setting to save public ip address without effect to Nat Service

i have use a router 1006 (esp100) as ISP network with client 5000 and In an increasing number

so i must use CGNAT or not
what best Nat setting ?
thanks for your effort's

anas.abdullkarim · ‎03-24-2020

now i disable CGNAT
now
#sh ip nat translations total
Total number of translations: 507966

[Id: 1] access-list 1 pool PublicPool refcount 586030
pool PublicPool: id 1, netmask 255.255.255.128
start 94.231.199.131 end 94.231.199.250
type generic, total addresses 120, allocated 10 (8%), misses 178
nat-limit statistics:

anas.abdullkarim · ‎03-24-2020

!!!!