ASR1000 CGNAT :
Please first read the configuration guide.
For cgnat config :
ip nat settings mode cgn no ip nat settings support mapping outside
- ip nat settings mode cgn : disables outside to inside mapping which is not required for cgnat case.
- no ip nat settings support mapping outside : deletes outside the inside mapping.
- ip nat translation max-entries all-host XXXX : for the oversubscription ratio
Also note that cisco ESP do not give through that is in the data-sheet. We see interface input overruns beginning %60 of the ESP throughput. Example : 1 outside ip ->65535 ports (normally calculate for 60000) , your subscribers average port usage 60 then 1 outside ip will be serve 65535/60 ~ 1092 customers.
When an Interface IP is overloaded for the translations and a single IP address is used for all the expected translations, a maximum of 60,000 translations can be achieved with this configuration depending on the traffic ports and the port parity involved. You can use the NAT Pool Overload configuration to achieve maximum translations.
Intelligent Services Gateway Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 1000)
NAT Overloading and Port Parity
|
Protocol |
Inside Global IP address:port |
Inside Local IP address:port |
Outside Local IP address:port |
Outside Global IP address:port |
|
TCP |
2.2.2.2:4000 |
10.0.0.1:32000 |
— |
— |
Router# show platform hardware qfp active infrastructure exmem statistics QFP exmem statistics Type: Name: DRAM, QFP: 0 Total: 1073741824 #For ESP40 total available memory is 1 GB InUse: 566236160 #Shows the ESP memory currently in use Free: 507505664 Lowest free water mark: 507505664 Type: Name: IRAM, QFP: 0 Total: 134217728 InUse: 9028608 Free: 125189120 Lowest free water mark: 125189120 Type: Name: SRAM, QFP: 0 Total: 32768 InUse: 14848 Free: 17920 Lowest free water mark: 17920 The default TCP translations timeout is 2 hour and 4 minutes. The default UDP translations timeout is 5 minutes.
There is a concept of port parity (even/odd) in NAT and NAT64. If a source port is in the port range of 0 to 1023, it is translated between ports 512 to 1023. If a source port range is more than 1023, it takes ports from 1024 onwards.
ip nat translation max-entries all-host 60 ip nat translation max-entries 1000000
Do not forget to adjust nat session timeouts.
ip nat translation timeout 120 ip nat translation tcp-timeout 120 ip nat translation udp-timeout 60 ip nat translation finrst-timeout 30 ip nat translation syn-timeout 30 ip nat translation dns-timeout 30 ip nat translation icmp-timeout 2
Some usefull configurations :
ip nat translation max-entries 1000000 no ip nat service all-algs ip nat settings nonpatdrop ip nat settings pap limit 30 bpa
DRAM proctection :
platform subscriber cac mem qfp 95
Here in our company we have an asr-1002x for BNG, we have some issue with ip local pool, the ips are not in use anymore were not release for new conections so the router continue using next ips from the pool, have you ever seen something like that?
Hi Mateus,
Sorry for late response, I was very busy.
This changes if your are using pppoe, dhcp e.t.c.
For the pppoe this should not be a problem. Can you see those users PPPoE session? This happens the pppoe session have not closed properly. We used pppoe idle timeout for those.
For the dhcp there should be command like ip dhcp track pppoe or sth like that.