Garikys

Доброго дня, при данном листе, как он будет натить GRE?

Добрый день, имеем cisco asr1004(rp2) с работающим ISG+PPPoE+IPoE Cisco IOS XE Software, Version 03.16.09.S - Extended Support Release Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVENTERPRISE-M), Version 15.5(3)S9, RELEASE SOFTWARE (fc3) Chassis type: ASR1004 Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 1 ASR1000-SIP40 ok 5d04h 1/0 SPA-1X10GE-L-V2 ok 5d04h 1/1 SPA-1X10GE-L-V2 ok 5d04h 1/2 SPA-1X10GE-L-V2 ok 5d04h 1/3 SPA-1X10GE-L-V2 ok 5d04h R0 ASR1000-RP2 ok, active 5d04h F0 ASR1000-ESP40 ok, active 5d04h P0 ASR1004-PWR-AC ps, fail 5d04h P1 ASR1004-PWR-AC ok 5d04h Slot CPLD Version Firmware Version --------- ------------------- --------------------------------------- 1 00200900 16.3(2r) R0 10021901 16.3(2r) F0 1003190E 16.3(2r) При работе nat начинают расти ошибки Настройки nat ip nat settings mode cgn no ip nat settings support mapping outside ip nat settings pap limit 250 ip nat log translations flow-export v9 udp destination *.*.*.* **** ip nat translation timeout 300 ip nat translation tcp-timeout 12000 ip nat translation pptp-timeout 12000 ip nat translation udp-timeout 60 ip nat translation finrst-timeout 10 ip nat translation syn-timeout 10 ip nat translation dns-timeout 10 ip nat translation icmp-timeout 10 ip nat translation port-timeout tcp 80 180 ip nat translation port-timeout tcp 8080 180 ip nat translation port-timeout tcp 1600 180 ip nat translation port-timeout tcp 110 180 ip nat translation port-timeout tcp 25 180 ip nat translation max-entries 1500000 ip nat translation max-entries all-host 1500 no ip nat service all-algs ip nat pool NAT_POOL_GREY *.*.125.1 *.*.125.31 netmask 255.255.255.224 ip nat inside source list ACL_NAT_GREY pool NAT_POOL_GREY overload ip forward-protocol nd Ошибки: show platform hardware qfp active feature nat datapath stats non_extended 0 entry_timeouts 0 statics 0 static net 0 hits 0 misses 0 non_natted 21734 Proxy stats: ipc_retry_fail 0 cfg_rcvd 5776 cfg_rsp 5776 Subcode #14 SESS_CREATE_FAIL 346163 Subcode #18 ALLOC_ADDR_PORT_FAIL 154088 Subcode #29 LIMIT 346163 Subcode #43 BPA_NO_PSET 154088 В логах вижу такое : Apr 27 00:12:21: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:111 TS:00000326206458495629 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 00:12:29: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:015 TS:00000326214504615082 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 00:12:37: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:061 TS:00000326222550620979 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 00:12:45: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:146 TS:00000326230592263974 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:15: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:066 TS:00000363640350936714 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:20: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:082 TS:00000363645394388419 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:28: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:069 TS:00000363653455460679 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:36: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:038 TS:00000363661522297247 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:44: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:061 TS:00000363669586204659 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:03:39: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:008 TS:00000365284389207284 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:03:44: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:114 TS:00000365289427763682 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:03:52: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:131 TS:00000365297477981562 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:04:00: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:108 TS:00000365305520534099 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:04:08: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:004 TS:00000365313573714279 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:02: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:138 TS:00000369448208593222 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:08: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:065 TS:00000369453281969564 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:16: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:065 TS:00000369461319159137 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:24: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:130 TS:00000369469344440597 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:32: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:105 TS:00000369477373010127 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:41: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:011 TS:00000369486493327164 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:50: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:081 TS:00000369495457456754 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:07: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:042 TS:00000380193190668659 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:13: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:074 TS:00000380198313818479 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:21: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:079 TS:00000380206426343894 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:29: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:110 TS:00000380214497832537 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:37: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:004 TS:00000380222539459342 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:46: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:155 TS:00000380231671613899 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted По статистике видно, что белые адреса выделяются по порядку ,но в пропущенных адресах по одному клиенту, а железка думает что их там нет show platform hardware qfp active feature nat datapath pAp LAddrpergaddr gaddr *.*.125.1 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.2 vrf 0 laddr-per-gaddr 249 mapid 1 gaddr *.*.125.3 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.4 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.5 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.7 vrf 0 laddr-per-gaddr 248 mapid 1 gaddr *.*.125.8 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.9 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.11 vrf 0 laddr-per-gaddr 249 mapid 1 gaddr *.*.125.12 vrf 0 laddr-per-gaddr 249 mapid 1 gaddr *.*.125.13 vrf 0 laddr-per-gaddr 199 mapid 1 gaddr *.*.125.15 vrf 0 laddr-per-gaddr 164 mapid 1 gaddr *.*.125.19 vrf 0 laddr-per-gaddr 249 mapid 1 gaddr *.*.125.23 vrf 0 laddr-per-gaddr 248 mapid 1 show platform hardware qfp active feature nat datapath bind inside 10.24.253.151 bind 0x936edad0 oaddr 10.24.253.151 taddr *.*.125.14 oport 0 tport 0 vrfid 0 tableid 0 proto 0 domain 0 create time 1457 refcnt 21 mask 0x0 flags 0 timeout 2 ifhandle 2844 wlan_info 0x0 flags 0x0 mapping 0x8e9bd9c0 cp_mapping_id 1 limit_type 4 last_use_ts 449505 mibp 0x0 rg 0nak_retry 0 при этом, занято 93% Dynamic mappings: -- Inside Source [Id: 1] access-list ACL_NAT_GREY pool NAT_POOL_GREY refcount 315674 pool NAT_POOL_GREY: id 1, netmask 255.255.255.224 start *.*.125.1 end *.*.125.31 type generic, total addresses 31, allocated 29 (93%), misses 1367 nat-limit statistics: max entry: max allowed 1500000, used 315672, missed 0 All Host Max allowed: 1500 In-to-out drops: 12784407 Out-to-in drops: 1610 Pool stats drop: 0 Mapping stats drop: 0 Port block alloc fail: 0 IP alias add fail: 0 Limit entry add fail: 0 Получается что используется 23 адреса, но в 10 из них по одному клиенту Подскажите куда копать, думаю глюк софта, может работает у кого данная конфигурация?

А с чем связана проблема на других устройствах   подскажите пожалуйста, с какими устройствами есть совместимость

Используем SNR-CPE-ME2-SFP, на них линк совсем не поднимается. Тестировали на роутерах keenetic, mikrotik, линк поднимается, статус порта показывает linkup ,прилетают маки и SFP и самого устройства.

Добрый день, приобрели данный модуль на тест, хотим использовать его вместо абонентского терминала, подключать модуль на прямую в абонентский роутер. Авторизация в сети через pppoe, но не получается поднят. сессию, авторизация не проходит.   Конфиг: interface EPON0/2 epon bind-onu mac 9845.62aa.aa29 1 epon bind-onu mac e067.b3de.a8d8 2 switchport trunk vlan-allowed 1 switchport trunk vlan-untagged 1 switchport mode trunk interface EPON0/2:2 switchport port-security dynamic maximum 2 switchport port-security mode dynamic epon onu port 1 ctc vlan mode tag 1 priority 0 epon sla upstream pir 1000000 cir 15000 epon sla downstream pir 1000000 cir 15000

Конфиг: interface EPON0/2 epon bind-onu mac 9845.62aa.aa29 1 epon bind-onu mac e067.b3de.a8d8 2 switchport trunk vlan-allowed 1 switchport trunk vlan-untagged 1 switchport mode trunk interface EPON0/2:2 switchport port-security dynamic maximum 2 switchport port-security mode dynamic epon onu port 1 ctc vlan mode tag 1 priority 0 epon sla upstream pir 1000000 cir 15000 epon sla downstream pir 1000000 cir 15000

Добрый день, приобрели данный модуль на тест, хотим использовать его вместо абонентского терминала, подключать модуль на прямую в абонентский роутер. Авторизация в сети через pppoe, но не получается поднят. сессию, авторизация не проходит.