Добрый день, имеем cisco asr1004(rp2) с работающим ISG+PPPoE+IPoE
Cisco IOS XE Software, Version 03.16.09.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVENTERPRISE-M),
Version 15.5(3)S9, RELEASE SOFTWARE (fc3)
Chassis type: ASR1004
Slot Type State Insert time (ago)
--------- ------------------- --------------------- -----------------
1 ASR1000-SIP40 ok 5d04h
1/0 SPA-1X10GE-L-V2 ok 5d04h
1/1 SPA-1X10GE-L-V2 ok 5d04h
1/2 SPA-1X10GE-L-V2 ok 5d04h
1/3 SPA-1X10GE-L-V2 ok 5d04h
R0 ASR1000-RP2 ok, active 5d04h
F0 ASR1000-ESP40 ok, active 5d04h
P0 ASR1004-PWR-AC ps, fail 5d04h
P1 ASR1004-PWR-AC ok 5d04h
Slot CPLD Version Firmware Version
--------- ------------------- ---------------------------------------
1 00200900 16.3(2r)
R0 10021901 16.3(2r)
F0 1003190E 16.3(2r)
При работе nat начинают расти ошибки
Настройки nat
ip nat settings mode cgn
no ip nat settings support mapping outside
ip nat settings pap limit 250
ip nat log translations flow-export v9 udp destination *.*.*.* ****
ip nat translation timeout 300
ip nat translation tcp-timeout 12000
ip nat translation pptp-timeout 12000
ip nat translation udp-timeout 60
ip nat translation finrst-timeout 10
ip nat translation syn-timeout 10
ip nat translation dns-timeout 10
ip nat translation icmp-timeout 10
ip nat translation port-timeout tcp 80 180
ip nat translation port-timeout tcp 8080 180
ip nat translation port-timeout tcp 1600 180
ip nat translation port-timeout tcp 110 180
ip nat translation port-timeout tcp 25 180
ip nat translation max-entries 1500000
ip nat translation max-entries all-host 1500
no ip nat service all-algs
ip nat pool NAT_POOL_GREY *.*.125.1 *.*.125.31 netmask 255.255.255.224
ip nat inside source list ACL_NAT_GREY pool NAT_POOL_GREY overload
ip forward-protocol nd
Ошибки:
show platform hardware qfp active feature nat datapath stats
non_extended 0 entry_timeouts 0 statics 0 static net 0 hits 0 misses 0
non_natted 21734
Proxy stats:
ipc_retry_fail 0 cfg_rcvd 5776 cfg_rsp 5776
Subcode #14 SESS_CREATE_FAIL 346163
Subcode #18 ALLOC_ADDR_PORT_FAIL 154088
Subcode #29 LIMIT 346163
Subcode #43 BPA_NO_PSET 154088
В логах вижу такое :
Apr 27 00:12:21: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:111 TS:00000326206458495629 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 00:12:29: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:015 TS:00000326214504615082 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 00:12:37: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:061 TS:00000326222550620979 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 00:12:45: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:146 TS:00000326230592263974 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 10:36:15: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:066 TS:00000363640350936714 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 10:36:20: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:082 TS:00000363645394388419 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 10:36:28: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:069 TS:00000363653455460679 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 10:36:36: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:038 TS:00000363661522297247 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 10:36:44: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:061 TS:00000363669586204659 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 11:03:39: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:008 TS:00000365284389207284 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 11:03:44: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:114 TS:00000365289427763682 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 11:03:52: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:131 TS:00000365297477981562 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 11:04:00: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:108 TS:00000365305520534099 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 11:04:08: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:004 TS:00000365313573714279 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 12:13:02: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:138 TS:00000369448208593222 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 12:13:08: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:065 TS:00000369453281969564 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 12:13:16: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:065 TS:00000369461319159137 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 12:13:24: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:130 TS:00000369469344440597 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 12:13:32: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:105 TS:00000369477373010127 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 12:13:41: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:011 TS:00000369486493327164 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 12:13:50: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:081 TS:00000369495457456754 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 15:12:07: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:042 TS:00000380193190668659 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 15:12:13: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:074 TS:00000380198313818479 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 15:12:21: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:079 TS:00000380206426343894 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 15:12:29: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:110 TS:00000380214497832537 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 15:12:37: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:004 TS:00000380222539459342 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
Apr 27 15:12:46: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:155 TS:00000380231671613899 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted
По статистике видно, что белые адреса выделяются по порядку ,но в пропущенных адресах по одному клиенту, а железка думает что их там нет
show platform hardware qfp active feature nat datapath pAp LAddrpergaddr
gaddr *.*.125.1 vrf 0 laddr-per-gaddr 250 mapid 1
gaddr *.*.125.2 vrf 0 laddr-per-gaddr 249 mapid 1
gaddr *.*.125.3 vrf 0 laddr-per-gaddr 250 mapid 1
gaddr *.*.125.4 vrf 0 laddr-per-gaddr 250 mapid 1
gaddr *.*.125.5 vrf 0 laddr-per-gaddr 250 mapid 1
gaddr *.*.125.7 vrf 0 laddr-per-gaddr 248 mapid 1
gaddr *.*.125.8 vrf 0 laddr-per-gaddr 250 mapid 1
gaddr *.*.125.9 vrf 0 laddr-per-gaddr 250 mapid 1
gaddr *.*.125.11 vrf 0 laddr-per-gaddr 249 mapid 1
gaddr *.*.125.12 vrf 0 laddr-per-gaddr 249 mapid 1
gaddr *.*.125.13 vrf 0 laddr-per-gaddr 199 mapid 1
gaddr *.*.125.15 vrf 0 laddr-per-gaddr 164 mapid 1
gaddr *.*.125.19 vrf 0 laddr-per-gaddr 249 mapid 1
gaddr *.*.125.23 vrf 0 laddr-per-gaddr 248 mapid 1
show platform hardware qfp active feature nat datapath bind inside 10.24.253.151
bind 0x936edad0 oaddr 10.24.253.151 taddr *.*.125.14 oport 0 tport 0 vrfid 0 tableid 0 proto 0 domain 0 create time 1457 refcnt 21 mask 0x0 flags 0 timeout 2 ifhandle 2844 wlan_info 0x0 flags 0x0 mapping 0x8e9bd9c0 cp_mapping_id 1 limit_type 4 last_use_ts 449505 mibp 0x0 rg 0nak_retry 0
при этом, занято 93%
Dynamic mappings:
-- Inside Source
[Id: 1] access-list ACL_NAT_GREY pool NAT_POOL_GREY refcount 315674
pool NAT_POOL_GREY: id 1, netmask 255.255.255.224
start *.*.125.1 end *.*.125.31
type generic, total addresses 31, allocated 29 (93%), misses 1367
nat-limit statistics:
max entry: max allowed 1500000, used 315672, missed 0
All Host Max allowed: 1500
In-to-out drops: 12784407 Out-to-in drops: 1610
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 0
IP alias add fail: 0
Limit entry add fail: 0
Получается что используется 23 адреса, но в 10 из них по одному клиенту
Подскажите куда копать, думаю глюк софта, может работает у кого данная конфигурация?