You guys are awesome. PBA is working ! thanks a bunch. I upgraded to 14.2.R2 like you suggested and it's good now.
BTW, PBA allocations on the non-power-of-two seem to work fine. I went with 1000. After I enabled PBA I still saw a bunch of session open logs, then I figured I probably needed to turn that off. so now it only shows the NAT PORT BLOCK ALLOC msg . cool. gvtceng@eng-lab-mx104-cgn# run show version | grep JunOS Junos: 14.2R2.8 gvtceng@eng-lab-mx104-cgn# [edit] gvtceng@eng-lab-mx104-cgn# set services nat pool nat1 port secured-port-block-allocation block-size 1000 [edit] gvtceng@eng-lab-mx104-cgn# delete services service-set cgn-sset syslog host 172.22.14.247 class session-logs [edit] gvtceng@eng-lab-mx104-cgn# commit commit complete [edit] seen in syslog server... 2016-04-25 15:55:22 Daemon.Info 10.101.12.243 2016-04-25 20:55:21: {cgn-sset}[jservices-nat]: JSERVICES_NAT_PORT_BLOCK_ALLOC: 10.144.0.105 -> 1.2.3.128:32024-33023 0x571e843a 2016-04-25 15:57:16 Daemon.Info 10.101.12.243 2016-04-25 20:57:15: {cgn-sset}[jservices-nat]: JSERVICES_NAT_PORT_BLOCK_ALLOC: 10.144.0.102 -> 1.2.3.129:32024-33023 0x571e84ac 2016-04-25 15:57:23 Daemon.Info 10.101.12.243 2016-04-25 20:57:23: {cgn-sset}[jservices-nat]: JSERVICES_NAT_PORT_BLOCK_ALLOC: 10.144.0.105 -> 1.2.3.130:32024-33023 0x571e84b3 2016-04-25 15:57:36 Daemon.Info 10.101.12.243 2016-04-25 20:57:35: {cgn-sset}[jservices-nat]: JSERVICES_NAT_PORT_BLOCK_ALLOC: 10.144.0.180 -> 1.2.3.131:32024-33023 0x571e84bf - Aaron _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp