Actually I do not have this particular information as all the customers are 3G customers , is there any command that I can use to get into this information ?
From: pshe...@gmail.com Date: Mon, 28 Mar 2016 09:06:19 +0000 Subject: Re: [c-nsp] ASR9K VSM To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net How many active subscribers (inside IPs) do you have per one outside IP? For example in one of the installations I worked on we used 16 active subscribers per outside IP (4096 ports per subscriber). kind regardsPshem On Mon, 28 Mar 2016 at 22:03 Mohammad Khalil <eng_m...@hotmail.com> wrote: Hi Can you clarify me more in order to be precise From: pshe...@gmail.com Date: Mon, 28 Mar 2016 09:00:30 +0000 Subject: Re: [c-nsp] ASR9K VSM To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net Hi, What's your inside IP/outside IP ratio? kind regardsPshem On Mon, 28 Mar 2016 at 21:44 Mohammad Khalil <eng_m...@hotmail.com> wrote: Hi Pshem Thanks for the reply , please check my configuration below vrf OUTSIDE address-family ipv4 unicast vrf INSIDE-1 address-family ipv4 unicast vrf INSIDE-2 address-family ipv4 unicast hw-module service cgn location 0/1/CPU0 interface TenGigE0/0/1/1 mtu 9216 load-interval 30 interface TenGigE0/0/1/1.900 description ## VLAN 900 SUBINTERFACE ## vrf INSIDE-1 ipv4 address 172.20.60.130 255.255.255.248 load-interval 30 encapsulation dot1q 900 interface TenGigE0/0/1/1.902 description ## VLAN 902 SUBINTERFACE ## vrf INSIDE-2 ipv4 address 172.20.60.146 255.255.255.248 load-interval 30 encapsulation dot1q 902 interface TenGigE0/0/1/2 mtu 9216 load-interval 30 interface TenGigE0/0/1/2.901 description ## VLAN 901 SUBINTERFACE ## vrf INSIDE-1 ipv4 address 172.20.60.138 255.255.255.248 load-interval 30 encapsulation dot1q 901 interface TenGigE0/0/1/2.903 description ## VLAN 903 SUBINTERFACE ## vrf INSIDE-2 ipv4 address 172.20.60.154 255.255.255.248 load-interval 30 encapsulation dot1q 903 interface ServiceApp1 vrf INSIDE-1 ipv4 address 1.1.1.1 255.255.255.252 load-interval 30 service cgn cgn1 service-type nat44 interface ServiceApp2 ipv4 address 2.2.2.2 255.255.255.252 load-interval 30 service cgn cgn1 service-type nat44 interface ServiceApp3 vrf INSIDE-2 ipv4 address 30.30.30.30 255.255.255.252 load-interval 30 service cgn cgn1 service-type nat44 interface ServiceApp4 ipv4 address 4.4.4.2 255.255.255.252 load-interval 30 service cgn cgn1 service-type nat44 interface ServiceInfra1 ipv4 address 10.99.99.2 255.255.255.0 service-location 0/1/CPU0 router static address-family ipv4 unicast x.x.x.x/21 ServiceApp2 y.y.y.y/21 ServiceApp4 vrf INSIDE-1 address-family ipv4 unicast 0.0.0.0/0 172.20.60.131 50 0.0.0.0/0 ServiceApp1 10.4.160.0/28 172.20.60.132 10.5.0.0/17 172.20.60.132 10.5.128.0/17 172.20.60.132 10.13.0.0/17 172.20.60.132 10.13.128.0/17 172.20.60.132 10.14.0.0/17 172.20.60.132 10.14.128.0/17 172.20.60.132 10.16.0.0/17 172.20.60.132 10.16.128.0/17 172.20.60.132 10.21.0.0/17 172.20.60.132 10.21.128.0/17 172.20.60.132 10.23.0.0/17 172.20.60.132 10.23.128.0/17 172.20.60.132 10.25.0.0/17 172.20.60.132 10.25.128.0/17 172.20.60.132 10.55.0.0/27 172.20.60.132 10.128.0.0/16 172.20.60.132 10.129.0.0/16 172.20.60.132 10.130.0.0/16 172.20.60.132 10.131.0.0/16 172.20.60.132 10.132.0.0/16 172.20.60.132 10.133.0.0/16 172.20.60.132 10.134.0.0/16 172.20.60.132 10.135.0.0/16 172.20.60.132 10.136.0.0/16 172.20.60.132 10.137.0.0/16 172.20.60.132 10.138.0.0/17 172.20.60.132 172.17.56.0/29 172.20.60.132 vrf INSIDE-2 address-family ipv4 unicast 0.0.0.0/0 172.20.60.147 50 0.0.0.0/0 ServiceApp3 10.11.0.0/18 172.20.60.148 10.11.64.0/20 172.20.60.148 10.11.80.0/20 172.20.60.148 10.11.96.0/19 172.20.60.148 10.11.128.0/17 172.20.60.148 10.138.128.0/17 172.20.60.148 10.140.0.0/16 172.20.60.148 10.141.0.0/16 172.20.60.148 10.142.0.0/16 172.20.60.148 10.143.0.0/16 172.20.60.148 10.144.0.0/16 172.20.60.148 10.145.0.0/16 172.20.60.148 10.146.0.0/16 172.20.60.148 10.147.0.0/16 172.20.60.148 10.152.0.0/16 172.20.60.148 service cgn cgn1 service-location preferred-active 0/1/CPU0 service-type nat44 nat1 portlimit 2048 alg ActiveFTP alg rtsp server-port 10000 alg pptpAlg inside-vrf INSIDE-1 map outsideServiceApp ServiceApp2 address-pool x.x.x.x/21 inside-vrf INSIDE-2 map outsideServiceApp ServiceApp4 address-pool y.y.y.y/21 protocol udp session initial timeout 30 session active timeout 100 protocol tcp session initial timeout 120 session active timeout 900 protocol icmp timeout 60 refresh-direction Outbound BR, Mohammad From: pshe...@gmail.com Date: Mon, 28 Mar 2016 08:28:46 +0000 Subject: Re: [c-nsp] ASR9K VSM To: eng_m...@hotmail.com; cisco-nsp@puck.nether.net Hi, The card is capable of 60mil translations, but you have to 'partition' your traffic into at least 2 ServiceApp interface pairs (4 ServiceApp interfaces total). The port drops mean that the 'inside' IP/ports couldn't be mapped because there is not enough ports left on give public IP. Do you do block allocations? How many inside IPs per one outside IP? If these drops are increasing quickly it means that your customers are most likely having issues accessing the internet. The number of ports will be generally specific to your customer base (for example setup for mobile tends to be able to get away with less ports then customers on fibre access). No translation drops are generally harmless - these are things like port scans across your ranges, packets received past time-outs for give protocols, etc. kind regardsPshem On Sun, 27 Mar 2016 at 20:45 Mohammad Khalil <eng_m...@hotmail.com> wrote: Dears I have installed VSM on ASR9K for NAT44 CGN I can see a lot of drops in the output of show cgn nat44 nat1 statistics RP/0/RSP0/CPU0:NAT1#show cgn nat44 nat1 statistics Statistics summary of NAT44 instance: 'nat1' Number of active translations: 4079397 Inside to outside drops port limit exceeded: 155093 No translation entry drops: 1617189 I have some questions regarding this if you can assist One of the experts told me that number of active translations are 4M (it can be shown from the above output that the number is like that) , is this number per module ? per service ? can I configure extra to isolate this? inside to outside drops ? portlimit drops ? I have configured it to be 2048 , should I increase it ? 2048 means for each private IP address there is 2048 available ? Thanks in advance BR, Mohammad _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/