cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1142
Views
0
Helpful
5
Replies
Highlighted
Enthusiast

ISM with NAT64 - need help with config

Hello,

we are trying to configure NAT64 on ISM. We are running 4.3.0 on ASR9k and all

packages are installed.

Problem is that the config guide is "incomplete" and the NAT64 config is not well

explained.

I will paste the config and show command output..

RP/0/RSP1/CPU0:ASR9010_PE_DMALTA#sh cgn nat64 stateful CGN1 statistics

Tue Jan 29 14:52:59.351 BIH

Unable to obtain requested info Error:'cgn' detected the 'warning' condition 'The instance has not yet been configured'

RP/0/RSP1/CPU0:ASR9010_PE_DMALTA#sh cgn nat64 stateful STATEFULL statistics

Tue Jan 29 14:59:07.270 BIH

Unable to obtain requested info Error:'cgn' detected the 'warning' condition 'CONN state is DOWN'

service cgn CGN1

service-location preferred-active 0/4/CPU0

service-type nat64 stateful STATEFULL

  portlimit 2000

  ipv6-prefix 64:ff9b::/64

  ipv4 address-pool 80.65.84.160/29

  dynamic-port-range start 10000

  address-family ipv4

   interface ServiceApp2

   tcp mss 600

  !

  address-family ipv6

   interface ServiceApp1

   protocol icmp

    reset-mtu

   !

   tcp mss 600

  !

  protocol udp

   timeout 1800

  !

  protocol tcp

   session initial timeout 90

   session active timeout 90

  !

  protocol icmp

   timeout 900

  !

  interface ServiceInfra10

ipv4 address 10.100.127.9 255.255.255.252

service-location 0/4/CPU0

Interface serviceAPP1 is present but not serviceApp2

RP/0/RSP1/CPU0:ASR9010_PE_DMALTA#sh run inter ServiceApp1

Tue Jan 29 22:40:43.814 BIH

interface ServiceApp1

RP/0/RSP1/CPU0:ASR9010_PE_DMALTA#sh run inter ServiceApp2

Tue Jan 29 22:41:34.601 BIH

% No such configuration item(s)


RP/0/RSP1/CPU0:ASR9010_PE_DMALTA#show platform

Tue Jan 29 14:57:29.753 BIH

Node            Type                      State            Config State

-----------------------------------------------------------------------------

0/RSP0/CPU0     A9K-RSP440-TR(Standby)    IOS XR RUN       PWR,NSHUT,MON

0/RSP1/CPU0     A9K-RSP440-TR(Active)     IOS XR RUN       PWR,NSHUT,MON

0/0/CPU0        A9K-8T-L                  IOS XR RUN       PWR,NSHUT,MON

0/1/CPU0        A9K-8T-L                  IOS XR RUN       PWR,NSHUT,MON

0/2/CPU0        A9K-2T20GE-L              IOS XR RUN       PWR,NSHUT,MON

0/3/CPU0        A9K-2T20GE-L              IOS XR RUN       PWR,NSHUT,MON

0/4/CPU0        A9K-ISM-100(LCP)          IOS XR RUN       PWR,NSHUT,MON

0/4/CPU1        A9K-ISM-100(SE)           APP-READY

Package asr9k-ism-cgv6-install-kit-4.3.0.00.sh has been installed!

Node 0/RSP0/CPU0 [RP] [SDR: Owner]

    Boot Device: disk0:

    Boot Image: /disk0/asr9k-os-mbi-4.3.0/0x100305/mbiasr9k-rsp3.vm

    Active Packages:

      disk0:asr9k-fpd-px-4.3.0

      disk0:asr9k-mpls-px-4.3.0

      disk0:asr9k-optic-px-4.3.0

      disk0:asr9k-doc-px-4.3.0

      disk0:asr9k-mini-px-4.3.0

      disk0:asr9k-mcast-px-4.3.0

      disk0:asr9k-mgbl-px-4.3.0

      disk0:asr9k-services-p-px-4.3.0

      disk0:asr9k-k9sec-px-4.3.0

Node 0/4/CPU0 [LC] [SDR: Owner]

    Boot Device: mem:

    Boot Image: /disk0/asr9k-os-mbi-4.3.0/lc/mbiasr9k-lc.vm

    Active Packages:

      disk0:asr9k-mpls-px-4.3.0

      disk0:asr9k-optic-px-4.3.0

      disk0:asr9k-mini-px-4.3.0

      disk0:asr9k-mcast-px-4.3.0

      disk0:asr9k-services-p-px-4.3.0

Service-Engine0/4/0/0          unassigned      Up                    Up    

Service-Mgmt0/4/0/0            unassigned      Up                    Up    

Service-Engine0/4/0/1          unassigned      Up                    Up    

Service-Mgmt0/4/0/1            unassigned      Up                    Up    

Service-Engine0/4/0/2          unassigned      Up                    Up    

Service-Mgmt0/4/0/2            unassigned      Up                    Up    

Service-Engine0/4/0/3          unassigned      Up                    Up    

Service-Mgmt0/4/0/3            unassigned      Up                    Up 

5 REPLIES 5
Highlighted
Cisco Employee

Hi,

Without digging to deep into the config, I see two missing config part:

First you need to define the card role:

     hw-module service cgn location 0/4/CPU0

Second, you clearly need a serviceApp2 for your outside IPv4 side.

May be the cisco.com config guide isn't clear enough, please send me the link so that we review it more carefully.

In the meantime, you may take a look at the CGSE version of the config (I've been told that some differences may exists between the ISM and the CGSE implementation in term of config syntax, but I didn't verify myself), it will give you a rough idea of the config steps:

http://www.cisco.com/en/US/docs/routers/crs/software/crs_r4.2/cg_nat/configuration/guide/cgc42cgn.html#wp1279434

Kind regards,

N.

Highlighted

Hi,

first thank your for reply.

hw-module service cgn location 0/4/CPU0 has been typed in the config but I can not see it anywhere in the config after I enter and commit it.

This is the guide I am using. You will see that the NAT64 example is incomplete or is lacking of some explainations. You will see mistakes like an IP address 300.x.x.x . I even tried to completly copy/paste the example in the guide and it still shows the same errors!

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/cg_nat/configuration/guide/cgnat_43.html

Edit:

After serviceapp 1 and 2 has been configured the error "Unable to obtain requested info Error:'cgn' detected the 'warning' condition 'CONN state is DOWN'
" has gone

RP/0/RSP1/CPU0:ASR9010_PE_DMALTA#sh run interface serviceapp1

Wed Jan 30 08:44:59.602 BIH

interface ServiceApp1

vrf Internet

ipv6 address 1::1/64

service cgn CGN1 service-type nat64 stateful

!

RP/0/RSP1/CPU0:ASR9010_PE_DMALTA#sh run interface serviceapp2

Wed Jan 30 08:45:00.950 BIH

interface ServiceApp2

vrf Internet

ipv4 address 1.1.1.1 255.255.255.252

service cgn CGN1 service-type nat64 stateful

RP/0/RSP1/CPU0:ASR9010_PE_DMALTA#sh cgn nat64 stateful STATEFULL statistics

Wed Jan 30 08:46:50.342 BIH

Statistics summary of NAT64 Stateful instance: 'STATEFULL'

--------------------------------------------------------

Number of active translations                  : 0

Number of static translations                  : 0

Number of dynamic translations                 : 0

Number of Sessions                             : 0

Translations create rate                       : 0

Translations delete rate                       : 0

Inside to outside forward rate                 : 0

Outside to inside forward rate                 : 0

Inside to outside drops port limit exceeded    : 0

Inside to outside drops system limit reached   : 0

Inside to outside drops resource depletion     : 0

No translation entry drops                     : 3134

Filtering Drops                                : 0

Invalid Ipv6 Prefix Drops                      : 0

Number of subscribers                          : 0

Drops due to session db limit exceeded         : 0

Pool address totally free                      : 8

Pool address used                              : 0

For what are the IP addresses in serviceapp used, only for communication between router and ISM?


Highlighted

Hello,

I succeeded to configure NAT64 and NAT44 on the ISM.

I had to configure the serviceapp interface-a with

"interface ServiceApp1

vrf Internet

ipv6 address 1::1/64

service cgn CGN1 service-type nat64 stateful"

The config for CRS helped me a lot. Thanks!

Highlighted
Beginner

Hi All,

We want to ask about ISM scalability issue. The issue are :

1. Each ISM handling 14Gbps of NAT translation.

2. We want to install 6 ISM module to handle 80Gbps NAT traffic from subs.

3. We only have one big bundled interface on the ASR router to the subscriber.

the diagram :

subscriber --- (gateway router) --- (ASR NAT router) --- internet

each link is 80Gig traffic.

(The gateway router) send all 0.0.0.0/0 traffic to (ASR NAT router)

(The gateway router) have bundled-ether(8 TenGElink) interface to (ASR NAT router)

(The gateway router) doesn't have capability to sort/classify/choose which customer ip goes to which interface to internet because of 0.0.0.0/0 to (ASR NAT router)

What is the solution for this, so that (ASR NAT router) can :

1. Can utilize all the ISM prefered active module for all subs.

2. Can have only one big insidevrf assigned to bundle-ether (8 TenGE link). And this one big insidevrf applied to all 6 ISM module.

3. Can use the same insidevrf name for each of all servicecgn that assigned to each of all 6 ISM module.

4. Can use different insidevrf name for each of 6 ISM servicecgn. But the different insidevrf share the same private IP pool from bundle-ether, but different public map pool. (because gateway router only sending 0.0.0.0/0 to ASR NAT and cannot do which subs pool goes to which interface to ASR NAT using route-map/set next hop).

5. Can the ISM module be bundled in one servicecgn. And all NAT process is spreading accross 6 module, and from customer via gateway with default gateway without doing the ACL to specify source of customer pool go to specific interface to get associated with unique vrf that get assigned to specific which ISM doing the nat work. But instead one big bundled of 6 ISM to 1 ISM processing NAT.

Please help.

Thanks,

Budi L

Highlighted

Hi Budi,

please use the thread

https://supportforums.cisco.com/message/4022965

for this discussion,

Thanks,

N.