on 10-31-2013 08:51 PM
This document answers questions related to CGv6 Features supported on ISM card across different IOS-XR Releases. This document tries to list all the CGv6 on ISM related features in one place in a consolidated manner to help CGv6 on ISM customers. It does not intend to replace official IOS-XR release notes. For official release note document, please select "Release Notes for Cisco ASR 9000 Series Aggregation Services Routers for Cisco IOS-XR Software Release X.Y.Z" link for appropriate IOS-XR release.
A. Following table captures different CGv6 features supported on ISM and also indicates from which IOS-XR release they are supported.
Feature Group | Feature Description | Supported on ISM from IOS-XR Release | Additional Comments | |
---|---|---|---|---|
Generic (Common to All Applications) | Multiple CGv6 Applications on same ISM card | 4.2.0 | ||
Active/Standby ISM redundancy (warm) | 4.3.0 | |||
NAT44 | Generic / Base support | 4.2.0 | ||
Active FTP ALG | 4.2.0 | Configurable per NAT44 instance. | ||
RTSP ALG | 4.2.1 | Configurable per NAT44 instance. | ||
PPTP ALG | 4.3.1 | Configurable per NAT44 instance. | ||
Port limit | 4.2.0 | Configurable per NAT44 instance. | ||
Netflow version 9 (NFv9) logging | 4.2.0 | Configurable per inside-VRF. | ||
Syslog logging | 4.2.1 | Configurable per inside-VRF. | ||
Bulk Port Allocation (BPA) | 4.2.1 | Configurable per inside-VRF. | ||
Destination Based Logging (DBL) | 4.3.0 | Configurable per inside-VRF. | ||
NFv9 logging with BPA | 4.2.1 | Configurable per inside-VRF. | ||
NFv9 logging with DBL | 4.3.0 | Configurable per inside-VRF | ||
Syslog loggging with BPA | 4.2.1 | Configurable per inside-VRF | ||
Syslog logging with DBL | 4.3.0 | Configurable per inside-VRF | ||
One-to-One mapping | 4.2.3 | Configurable per inside-VRF. One Public IP address is associated with maximum of one Private IP address. Multiple Private IP addresses are not mapped to single Public IP address, if this option is enabled. | ||
Many-to-One mapping | 4.3.2 | Configurable per inside-VRF. By this option, one Public IP address can be associated with a maximum (configurable) number of Private IP addresses. | ||
OutsideServiceApp mapping for inside-VRF | 4.2.3 | Configurable per inside-VRF. It is a MUST when you have multiple Outside ServiceApp interfaces inside same / single Outside VRF. | ||
VRF override for O2I traffic | 4.3.1 | For Out-to-In traffic (after translation), VRF can be overridden to be default VRF (instead of inside VRF) to perform forwarding lookup. | ||
Static Port Forwarding | 4.2.0 | Configurable per inside-VRF. User can specify a particular Inside/Private IP address, IP protocol and Port number which will be statically mapped to a Public IP address and Port, selected by the CGv6 Application. Usually, port number is preserved, unless there is a conflict (Port number is already in use). | ||
Active/Standby ISM redundancy (warm) | 4.3.0 | Dynamic NAT44 sessions will be re-established after the redundancy switchover. A different public IP address will be | ||
BNG and NAT44 inter-working | 4.2.1 | |||
DS-Lite | Generic support | 4.2.1 | ||
Active FTP ALG | 4.3.0 | Configurable per DS-Lite instance. | ||
RTSP ALG | 4.3.0 | Configurable per DS-Lite instance. | ||
Port limit | 4.2.1 | Configurable per DS-Lite instance. In 4.2.1 release, it was per Private IPv4 address. In 4.3.0 release, it is made per B4 (IPv6 address) element. | ||
Netflow version 9 (NFv9) logging | 4.2.1 | Configurable per DS-Lite instance. | ||
Syslog logging | 4.2.1 | Configurable per DS-Lite instance. | ||
Bulk Port Allocation (BPA) | 4.2.1 | Configurable per DS-Lite instance. | ||
Destination Based Logging (DBL) | 4.3.0 | Configurable per DS-Lite instance. | ||
NFv9 logging with BPA | 4.2.1 | Configurable per DS-Lite instance. | ||
NFv9 logging with DBL | 4.3.0 | Configurable per DS-Lite instance. | ||
Syslog logging with BPA | 4.2.1 | Configurable per DS-Lite instance. | ||
Syslog logging with DBL | 4.3.0 | Configurable per DS-Lite instance. | ||
Active/Standby ISM redundancy (warm) | 4.3.0 | |||
BNG and DS-Lite inter-working | 4.3.0 | |||
Stateful NAT64 | Generic support | 4.3.0 | ||
Active FTP ALG | 4.3.1 | Configurable per NAT64 instance. | ||
RTSP ALG | 4.3.1 | Configurable per NAT64 instance. | ||
Port limit | 4.3.0 | Configurable per NAT64 instance. | ||
Netflow logging | 4.3.0 | Configurable per NAT64 instance. | ||
Destination Based Logging (DBL) | 4.3.0 | Configurable per NAT64 instance. | ||
NFv9 logging with DBL | 4.3.1 | Configurable per NAT64 instance. | ||
Active/Standby ISM redundancy (warm) | 4.3.0 | |||
MAP-T | Generic support | 4.3.0 | It is also supported Inline for line cards with Typhoon NPU. However, ISM card is needed for configuration, statistics and exception traffic (which are not processed inline). | |
Active/Standby ISM redundancy (warm) | 4.3.0 | |||
BNG and MAP-T inter-working | 4.3.0 | |||
MAP-E | Generic support | 4.3.1 | It is also supported Inline for line cards with Typhoon NPU. However, ISM card is needed for configuration, statistics and exception traffic (which are not processed inline). | |
Active/Standby ISM redundancy (warm) | 4.3.1 | |||
BNG and MAP-E inter-working | 4.3.1 | |||
6RD | Generic support | 4.3.1 | It is also supported Inline for line cards with Typhoon NPU. However, ISM card is needed for configuration, statistics and exception traffic (which are not processed inline). | |
Active/Standby ISM redundancy (warm) | 4.3.1 | |||
BNG and 6RD inter-working | 4.3.1 |
.
A. Following table captures different supported scale numbers related to CGv6 features on ISM.
Parameter Name | Parameter Value per ISM | Parameter Value per ASR9K Chassis | Additional Comments |
---|---|---|---|
Number of CGN/CGv6 Instances | 1 | 6 | Under one CGN/CGv6 instance, multiple CGv6 Applications (like, NAT44, DS-Lite, NAT64, etc.) are supported. |
Number of ServiceInfra Interfaces | 1 | 6 | ServiceInfra interface is used to send Management / Control traffic related to CGv6. Hence, only 1 ServiceInfra interface per ISM card is needed. |
Number of ServiceApp interfaces | 244 | 244 | For running a CGv6 Application instance (like, NAT44, DS-Lite, etc.), you need a pair of ServiceApp interfaces. Hence, you can run at the most 122 CGv6 Application instances (of different types) per ASR9K. |
Number of NAT44 instances | 1 | 6 | Within 1 NAT44 instance, multiple Inside VRFs are possible. Several parameters can be configured on per Inside VRF. |
Number of DS-Lite instances | 64 | 64 | Each DS-Lite instance would need 1 pair of ServiceApp interfaces. |
Number of Stateful NAT64 instances | 64 | 64 | Each Stateful NAT64 instance would need 1 pair of ServiceApp interfaces. |
Number of MAP-T instances | 64 | 64 | Each MAP-T instance would need 1 pair of ServiceApp interfaces. |
Number of MAP-E instances | 64 | 64 | Each MAP-E instance would need 1 pair of ServiceApp interfaces. |
Number of 6RD instances | 64 | 64 | Each 6RD instance would need 1 pair of ServiceApp interfaces. |
Number of Stateful NAT Translations | 20 Millions | 120 Millions | NAT DB is shared across NAT44, Stateful NAT64 and DS-Lite Applications. |
Number of NAT Sessions | 20 Millions | 120 Millions | NAT Session DB is shared across NAT44, Stateful NAT64 and DS-Lite Applications. |
Number of NAT Users | 1 Million | 6 Millions | NAT User DB is shared across NAT44, Stateful NAT64 and DS-Lite Applications. |
Number of Static Port Forwarding Entries | 6,000 | 36,000 | |
Number of Public IPv4 addresses | 65536 or /16 | ||
Number of VRFs | 122 (Inside) + 122 (Outside) | 122 (Inside) + 122 (Outside) | - As we support maximum of 244 ServiceApp interfaces, at the most, we need to have 122 Inside and 122 Outside VRF. - You can have less number of Outside VRFs as well. - Please note that ASR9K supports much higher number of VRFs in the chassis. This is only with respect to CGv6 Application on ISM. |
Number of IPv4 Prefixes | 512K | Related to forwarding. | |
Number of IPv6 Prefixes | 128K | Related to forwarding. | |
Number of MPLS labels | 256K | Related to forwarding. Increased to 256K from 4.3.0 release onwards. |
A. Please contact your Cisco Account Team or ASR9K Product Marketing team (whichever you have access to).
A. Please contact your Cisco Account Team or ASR9K Product Marketing team (whichever you have access to).
Note:
Hi,
nice document, it will help me a lot because I have to configure NAT44 on a BNG for PPPoE subscribers.
We are using dualstack with IPv4 and IPv6 on the same session.
IPv4 address space is private RFC1918 and it has to be translated to a public one. IPv6 is of course public.
Subscribers are in a VRF and because NAT44 requires two VRFs, we will create an outside vrf.
My question is what happens with the IPv6 traffic? Does it just pass transparently throught the serviceapp interface to another service app interface, and then to the public internet?
I hope yes.
Your v4 traffic will be subject to translation, your v6 will not.
Note that there is only one vrf on the sub for both v4 and v6 traffic so you may want to use ABF or some other directive traffic mechanism to move the v4 traffic to the NAT engine and let v6 pass through and move via the general routing table.
(so comes down to a v4 access-group definition on the sub)
cheers!
xander
Hi Xander,
I see that you cover everything
I checked my prepared config and I see that I have only a static route for ADF IPv4. If I don't forward IPv6 to service app then it will just not go through the ISM. Stupid me, too tired and too much reading
Actually, you don't really need an outisde-VRF, you can perfectly use the Global Routing Table.
But indeed you may need to use an inside-VRF.
If your ingress physical interface (for i2o traffic) is assigned to this VRF, then you will need:
- a static (probably default) route to push your v4 traffic to the serviceApp inside (to the CGN engine)
- a static to "leak" your IPv6 traffic from the inside-VRF to the GRT (or the outside-VRF if you decide to use one).
If your ingress physical interface (for i2o traffic) is not assigned to this inside-VRF, then you will need:
- nothing for your v6 traffic, it will be routed naturally in the Global Routing Table to its destination
- an ABF matching the source/destination of your v4 traffic and pointing to the serviceApp interface in the inside-VRF (basically, a leak from GRT to inside-VRF via an ABF).
Finally, even if not used here, keep in mind that ABF for v6 traffic is not working on the first generation line cards (trident based).
Cheers,
N.
Hi Nicolas,
yes I understand, I can use the global RT (vrf default) as outside vrf.
In my case it is a little bit different. The BNG is a multi-vrf device and we are using vrf-lite, and in vrf default is only a static route for RADIUS traffic.
I will just leak the IPv6 traffic from inside to outside vrf. I have a couple more ideas and I will test it tomorrow.
Thank you!
Hi again,
CGN is working for one inside vrf (dualstack) which is PPPoE. Now I need to add a new inside vrf (ipoe) which is IPoE
but NAT is working only for vrf dualstack. I have to check with you if this is a valid config. I checked the config guide and I see that it's possible to add multiple inside vrfs, but in the guide different outside-vrf are used.
service cgn CGN44
service-location preferred-active 0/0/CPU0
service-type nat44 NAT44_1
portlimit 65535
alg ActiveFTP
alg rtsp
alg pptpAlg
inside-vrf ipoe
map outside-vrf hsi address-pool 195.x.x.232/29
!
inside-vrf dualstack
map outside-vrf hsi address-pool 195.x.x.240/29 ----------- THIS ONE IS WORKING FINE
interface ServiceApp1
vrf dualstack
ipv4 address 172.31.31.1 255.255.255.252
service cgn CGN44 service-type nat44
!
interface ServiceApp2
vrf hsi
ipv4 address 172.31.31.5 255.255.255.252
service cgn CGN44 service-type nat44
interface ServiceApp3
vrf ipoe
ipv4 address 172.31.31.9 255.255.255.252
service cgn CGN44 service-type nat44
interface ServiceApp4 --------------- I tried without this ServiceApp4, where I used ServiceApp2 for second inside-vrf, but it was not working, so I added ServiceApp4
vrf hsi
ipv4 address 172.31.31.13 255.255.255.252
service cgn CGN44 service-type nat44
router static
!
vrf hsi
address-family ipv4 unicast
80.65.81.64/29 Null0
195.x.x.232/29 ServiceApp4
195.x.x.240/29 ServiceApp2
vrf ipoe
address-family ipv4 unicast
0.0.0.0/0 ServiceApp3
10.120.20.1/32 100.127.0.25
10.120.20.59/32 100.127.0.25
!
vrf dualstack
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
Both public subnet are in the RIB of the PE, so it's not a routing issue.
The working inside vrf is PPPoE, and the one which is NOT working is IPoE. I can ping the GW (loopback) and the DHCP server but Internet is not working.
PPoE private subnet is a /16, and IPoE is a /16, too. Public subnets are /29, but port limit is at max.
Maybe you have an idea.
p.s. ISM module has been reloaded twice. The second time because "show cgn nat44 NAT44_1 statistics" was giving an error "core response failure".
Here is the "show cgn trace master-agent apply reverse" output. I see some messages about no free ports etc.
I tried with a large public subnet 5.0.0.0/19 but still no translations on the ISM module. Only the working one...
Feb 13 15:01:25.854 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 15:01:25.854 cgn/ma/apply 0/RSP0/CPU0 t4 config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command
Feb 13 15:01:25.853 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 15:01:25.853 cgn/ma/apply 0/RSP0/CPU0 t4 Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x960', start-addr: '195.222.57.232', end-addr: '195.222.57.239'
Feb 13 15:01:25.851 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0
Feb 13 15:01:25.851 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_cfg_apply.c Line:909 cgn inst: CGN44 :Fail to get intf details for VRF: value:ipoe value:
Feb 13 15:00:48.044 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 15:00:48.044 cgn/ma/apply 0/RSP0/CPU0 t4 config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command
Feb 13 15:00:48.043 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 15:00:48.040 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0
Feb 13 14:58:02.458 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:58:02.458 cgn/ma/apply 0/RSP0/CPU0 t4 config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command
Feb 13 14:58:02.457 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:58:02.457 cgn/ma/apply 0/RSP0/CPU0 t4 Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x960', start-addr: '5.0.0.0', end-addr: '5.0.31.255'
Feb 13 14:58:02.456 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0
Feb 13 14:58:02.456 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_cfg_apply.c Line:909 cgn inst: CGN44 :Fail to get intf details for VRF: value:ipoe value:
Feb 13 14:57:25.346 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgnma_ip_prefix_validate Line:941 :Error 'cgn' detected the 'warning' condition 'Prefix value is out of range for this platform'
Feb 13 14:57:05.538 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:57:05.538 cgn/ma/apply 0/RSP0/CPU0 t4 config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command
Feb 13 14:57:05.537 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:57:05.534 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0
Feb 13 14:31:33.180 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_imc.c Line:2812 cgn inst: :Interface not found in Database value:ServiceApp4 value:
Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_msg_handler Line:1355 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_avl_search_global_intf Line:132 :Error 'lib-avl' detected the 'warning' condition 'not found in avl tree'
Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_msg_handler Line:1355 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_avl_search_global_intf Line:132 :Error 'lib-avl' detected the 'warning' condition 'not found in avl tree'
Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_rsi_intf_handler Line:2130 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:31:33.166 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_intf_query_sysdb Line:271 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:31:33.162 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_intf_query_sysdb Line:271 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:27:22.061 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:27:22.061 cgn/ma/apply 0/RSP0/CPU0 t4 config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command
Feb 13 14:27:22.060 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:27:22.060 cgn/ma/apply 0/RSP0/CPU0 t4 Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x960', start-addr: '195.222.57.232', end-addr: '195.222.57.239'
Feb 13 14:27:22.059 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0
Feb 13 14:27:22.059 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_cfg_apply.c Line:909 cgn inst: CGN44 :Fail to get intf details for VRF: value:ipoe value:
Feb 13 14:26:50.397 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_msg_handler Line:1355 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:26:50.397 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_avl_search_global_intf Line:132 :Error 'lib-avl' detected the 'warning' condition 'not found in avl tree'
Feb 13 14:26:50.397 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_msg_handler Line:1355 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:26:50.397 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_avl_search_global_intf Line:132 :Error 'lib-avl' detected the 'warning' condition 'not found in avl tree'
Feb 13 14:26:05.810 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:26:05.810 cgn/ma/apply 0/RSP0/CPU0 t4 config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command
Feb 13 14:26:05.809 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:26:05.805 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0
Feb 13 14:23:38.222 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_rsi_intf_handler Line:2130 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:23:38.218 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_intf_query_sysdb Line:271 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:23:38.214 cgn/ma/apply 0/RSP0/CPU0 t1 Function cgn_ma_intf_query_sysdb Line:271 :Error 'cgn' detected the 'warning' condition 'Requested data not found'
Feb 13 14:21:53.655 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:21:53.655 cgn/ma/apply 0/RSP0/CPU0 t4 config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command
Feb 13 14:21:53.654 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:21:53.654 cgn/ma/apply 0/RSP0/CPU0 t4 Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x960', start-addr: '195.222.57.232', end-addr: '195.222.57.239'
Feb 13 14:21:53.653 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0
Feb 13 14:21:53.653 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_cfg_apply.c Line:909 cgn inst: CGN44 :Fail to get intf details for VRF: value:ipoe value:
Feb 13 14:21:53.651 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:19:17.291 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:19:17.291 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:755 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to active location'
Feb 13 14:19:17.291 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:19:17.286 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:19:17.286 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:755 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to active location'
Feb 13 14:19:17.285 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:19:17.280 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:19:17.274 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 14:19:17.224 cgn/ma/apply 0/RSP0/CPU0 t1 cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0
Hi,
Please take a look at https://supportforums.cisco.com/docs/DOC-37514#Multiple_Outside_ServiceApps_sharing_same_Outside_VRF. You need to use "outsideServiceApp <>" option in "map" CLI command.
regards,
Somnath.
Hi,
thanks Somnath. I tried this to a few hours ago and it was not working.
I tried it again and I have the same problem. Only IPs in the dualstack vrf with PPPoE are being translated.
I have this config now and I for example this show command is working only for dualstack, and not for ipoe.
show cgn nat44 NAT44_1 pool-utilization inside-vrf dualstack address-range 195.222.57.240 195.222.57.247
Thu Feb 13 16:50:58.379 CET
Public address pool utilization details
-------------------------------------------------------
NAT44 instance : NAT44_1
VRF : dualstack
-------------------------------------------------------
Outside Number Number
Address of of
Free ports Used ports
-------------------------------------------------------
195.222.57.240 65535 0
195.222.57.244 65535 0
195.222.57.241 65535 0
195.222.57.245 65532 3
195.222.57.242 65535 0
195.222.57.246 65535 0
195.222.57.243 65535 0
195.222.57.247 65535 0
show cgn nat44 NAT44_1 pool-utilization inside-vrf ipoe address-range 195.222.57.233 195.222.57.238
Thu Feb 13 16:51:21.399 CET
Sysdb datalist failed. Error: 'No such file or directory'
I also do not see any traffic on ServiceApp4, only on ServiceApp2.
service cgn CGN44
service-location preferred-active 0/0/CPU0
service-type nat44 NAT44_1
portlimit 32000
alg ActiveFTP
alg rtsp
alg pptpAlg
inside-vrf ipoe
map outside-vrf hsi outsideServiceApp ServiceApp4 address-pool 195.222.57.232/29
!
inside-vrf dualstack
map outside-vrf hsi outsideServiceApp ServiceApp2 address-pool 195.222.57.240/29
_________________________
I still see this "no free ports available" error!
Feb 13 16:51:21.419 cgn/ma/show 0/RSP0/CPU0 t1 Function cgn_ma_edm_pool_util_datalist Line:3236 :Error No such file or directory
Feb 13 16:49:36.781 cgn/ma/show 0/RSP0/CPU0 t1 Function cgn_ma_edm_pool_util_datalist Line:3236 :Error No such file or directory
the 'warning' condition 'Could not send the configuration to active location'
Feb 13 16:46:03.584 cgn/ma/apply 0/RSP0/CPU0 t4 Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'
Feb 13 16:46:03.584 cgn/ma/apply 0/RSP0/CPU0 t4 Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x920', start-addr: '195.222.57.232', end-addr: '195.222.57.239'
Any idea?
Here is the solution/workaround...thanks to Cisco TAC and Cisco developers.
Hardware programming was wrong on ISM card for VRF IPOE where both
ServiceApp3 and ServiceApp4 where programmed as Outside.
Normally App3 should be inside and App4 should be outside.
[root@localhost ~]# debugger -m 0xc0
Service I/F Configuration Details
Service I/F UIDB (Peer) Application Direction VRF ID I/F Handle App Data IPv4 Address / IPv6 Address
--------------------------------------------------------------------------
--------------------------------
Mgmt 0 NATIVE N/A 0 0x00000000
0x0000 NIL / NIL
Infra 8 INFRA N/A 0 0x000003e0
0x0000 172.31.31.253 / NIL
App1 12 ( 13) NAT44 Inside 18 0x000008e0
0x0000 172.31.31.1 / NIL
App2 13 ( 12) NAT44 Outside 17 0x00000960
0x0000 172.31.31.5 / NIL
App3 14 NAT44 Outside 22 0x000009e0
0x0000 172.31.31.9 / NIL <---- WRONG
App4 15 NAT44 Outside 17 0x00000920
0x0000 172.31.31.13 / NIL
//
Workaround:
=================
Restarting "cgn_ma" process resolved the problem.
Cisco is working on a fix for this issue.
I never tried to restart the proces because first inside VRF was always working. I reloaded the ISM three times.
A simple proces restart solves the problem
hey Smail, what I really appreciate in what you do is that you follow up with both thumbs up or down and provide solutions that come out of the Q&A. This is very beneficial for me, us and everyone involved.
So THANK you for your contributions and working with us!!
cheers
xander
Well, I am glad that this issue is solved now.
I knew it's serious when I saw three developers in the webex session .
Now I know why we had this message: No Free Ports Available reqmsg:in-vrf-id: '0x60000007
And of course that I will update this thread so I can help others like they are helping me by sharing such information.
Hi,
one question.
Do you plan to add source based NAT?
e.g. we match a subnet and this subnet is translated to a public pool 1
Second subnet is matched and translated to public pool 2.
For now we can do this with different inside VRF's, but this is not scalable.
And different customer will get an address from different pools (I am talking about BNG and RADIUS).
We have a service where we are routing some customers to SCE and later to Ironport (now WSA) for inspection and filtering.
I checked the config guide of 4.3.x and 5.1.x and could not find anything.
Hi,
An alternate solution exists to this requirement.
You still need to have one inside-VRF per map-pool or group of map-pools (in the future), that's true. But we can rely on ABF to push the traffic to one or another pool based on source addresses. You can have hundreds of access-list entries in your ABF, each one matching a source range and using a Next-Hop address in the proper VRF.
I don't know your particular needs, so you may have hundreds of translation pools and that's why you consider it non-scalable. But most of the customers I know are using a few ranges for translation (less than a dozen), so it's an acceptable effort to configure the inside-VRF. Then you can have super large ACL for your ABF pointing in these VRFs.
HTH,
N.
Hi,
you are right about ABF. I had a conversation with our customer regarding ABF. We can use that, but in my opinion source based NAT, just like we are using it on regular IOS (matching ACL) whould be nice.
It makes things more simple to be honest.
Many thanks for the quick reply.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: