PAT Statistics Counters

Sandovag123 · ‎12-14-2015

Hello

Regards to the command "show ip nat statistics" on an ASR1000. The increment of the counters "In-to-out drops", "Out-to-in drops" and "Port block alloc fail:" are refered to a PAT problems? Or just are packets that don´t need to do nat?

This is an example of an output of a router ASR1000 IOS 3.08

ROUTER#show ip nat statistics
Total active translations: 89566 (0 static, 89566 dynamic; 89566 extended)
Outside interfaces:
TenGigabitEthernet0/0/1
Inside interfaces:
Tunnel12098
Hits: 6721089331 Misses: 41697444
Expired translations: 42261166
Dynamic mappings:
-- Inside Source
[Id: 1] access-list Prueba interface TenGigabitEthernet0/0/1 refcount 89563
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
In-to-out drops: 14182335 Out-to-in drops: 131221
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 4146132
IP alias add fail: 0
Limit entry add fail: 0

Thanks

Cisco Freak · ‎12-14-2015

Hello,

Do you have NAT rate limiting configured on you router?

CF

Sandovag123 · ‎12-15-2015

Hello CF

Yes, the router has the command "max-entries" This is the actual configuration:

interface TenGigabitEthernet0/0/1
vrf forwarding Prueba
ip address X.X.X.X 255.255.255.248
ip nat outside

interface Tunnel12098

vrf forwarding Prueba
ip address 10.111.98.1 255.255.254.0
ip nat inside
ip tcp adjust-mss 1200
tunnel source TenGigabitEthernet0/0/1
tunnel destination 10.11.255.134

ip nat inside source list NAT-LIST interface TenGigabitEthernet0/0/1 vrf Prueba overload

ip nat translation max-entries list Prueba 20000000

ip access-list extended NAT-LIST
permit ip 10.0.0.0 0.255.255.255 any

Thanks

Adel3 · ‎01-09-2022

Any news guys ?