Garikys Posted April 28, 2021 Posted April 28, 2021 (edited) Добрый день, имеем cisco asr1004(rp2) с работающим ISG+PPPoE+IPoE Cisco IOS XE Software, Version 03.16.09.S - Extended Support Release Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-ADVENTERPRISE-M), Version 15.5(3)S9, RELEASE SOFTWARE (fc3) Chassis type: ASR1004 Slot Type State Insert time (ago) --------- ------------------- --------------------- ----------------- 1 ASR1000-SIP40 ok 5d04h 1/0 SPA-1X10GE-L-V2 ok 5d04h 1/1 SPA-1X10GE-L-V2 ok 5d04h 1/2 SPA-1X10GE-L-V2 ok 5d04h 1/3 SPA-1X10GE-L-V2 ok 5d04h R0 ASR1000-RP2 ok, active 5d04h F0 ASR1000-ESP40 ok, active 5d04h P0 ASR1004-PWR-AC ps, fail 5d04h P1 ASR1004-PWR-AC ok 5d04h Slot CPLD Version Firmware Version --------- ------------------- --------------------------------------- 1 00200900 16.3(2r) R0 10021901 16.3(2r) F0 1003190E 16.3(2r) При работе nat начинают расти ошибки Настройки nat ip nat settings mode cgn no ip nat settings support mapping outside ip nat settings pap limit 250 ip nat log translations flow-export v9 udp destination *.*.*.* **** ip nat translation timeout 300 ip nat translation tcp-timeout 12000 ip nat translation pptp-timeout 12000 ip nat translation udp-timeout 60 ip nat translation finrst-timeout 10 ip nat translation syn-timeout 10 ip nat translation dns-timeout 10 ip nat translation icmp-timeout 10 ip nat translation port-timeout tcp 80 180 ip nat translation port-timeout tcp 8080 180 ip nat translation port-timeout tcp 1600 180 ip nat translation port-timeout tcp 110 180 ip nat translation port-timeout tcp 25 180 ip nat translation max-entries 1500000 ip nat translation max-entries all-host 1500 no ip nat service all-algs ip nat pool NAT_POOL_GREY *.*.125.1 *.*.125.31 netmask 255.255.255.224 ip nat inside source list ACL_NAT_GREY pool NAT_POOL_GREY overload ip forward-protocol nd Ошибки: show platform hardware qfp active feature nat datapath stats non_extended 0 entry_timeouts 0 statics 0 static net 0 hits 0 misses 0 non_natted 21734 Proxy stats: ipc_retry_fail 0 cfg_rcvd 5776 cfg_rsp 5776 Subcode #14 SESS_CREATE_FAIL 346163 Subcode #18 ALLOC_ADDR_PORT_FAIL 154088 Subcode #29 LIMIT 346163 Subcode #43 BPA_NO_PSET 154088 В логах вижу такое : Apr 27 00:12:21: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:111 TS:00000326206458495629 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 00:12:29: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:015 TS:00000326214504615082 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 00:12:37: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:061 TS:00000326222550620979 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 00:12:45: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:146 TS:00000326230592263974 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:15: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:066 TS:00000363640350936714 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:20: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:082 TS:00000363645394388419 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:28: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:069 TS:00000363653455460679 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:36: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:038 TS:00000363661522297247 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 10:36:44: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:061 TS:00000363669586204659 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:03:39: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:008 TS:00000365284389207284 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:03:44: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:114 TS:00000365289427763682 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:03:52: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:131 TS:00000365297477981562 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:04:00: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:108 TS:00000365305520534099 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 11:04:08: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:004 TS:00000365313573714279 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:02: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:138 TS:00000369448208593222 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:08: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:065 TS:00000369453281969564 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:16: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:065 TS:00000369461319159137 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:24: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:130 TS:00000369469344440597 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:32: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:105 TS:00000369477373010127 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:41: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:011 TS:00000369486493327164 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 12:13:50: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:081 TS:00000369495457456754 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:07: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:042 TS:00000380193190668659 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:13: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:074 TS:00000380198313818479 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:21: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:079 TS:00000380206426343894 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:29: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:110 TS:00000380214497832537 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:37: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:004 TS:00000380222539459342 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted Apr 27 15:12:46: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:155 TS:00000380231671613899 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 1 may be exhausted По статистике видно, что белые адреса выделяются по порядку ,но в пропущенных адресах по одному клиенту, а железка думает что их там нет show platform hardware qfp active feature nat datapath pAp LAddrpergaddr gaddr *.*.125.1 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.2 vrf 0 laddr-per-gaddr 249 mapid 1 gaddr *.*.125.3 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.4 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.5 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.7 vrf 0 laddr-per-gaddr 248 mapid 1 gaddr *.*.125.8 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.9 vrf 0 laddr-per-gaddr 250 mapid 1 gaddr *.*.125.11 vrf 0 laddr-per-gaddr 249 mapid 1 gaddr *.*.125.12 vrf 0 laddr-per-gaddr 249 mapid 1 gaddr *.*.125.13 vrf 0 laddr-per-gaddr 199 mapid 1 gaddr *.*.125.15 vrf 0 laddr-per-gaddr 164 mapid 1 gaddr *.*.125.19 vrf 0 laddr-per-gaddr 249 mapid 1 gaddr *.*.125.23 vrf 0 laddr-per-gaddr 248 mapid 1 show platform hardware qfp active feature nat datapath bind inside 10.24.253.151 bind 0x936edad0 oaddr 10.24.253.151 taddr *.*.125.14 oport 0 tport 0 vrfid 0 tableid 0 proto 0 domain 0 create time 1457 refcnt 21 mask 0x0 flags 0 timeout 2 ifhandle 2844 wlan_info 0x0 flags 0x0 mapping 0x8e9bd9c0 cp_mapping_id 1 limit_type 4 last_use_ts 449505 mibp 0x0 rg 0nak_retry 0 при этом, занято 93% Dynamic mappings: -- Inside Source [Id: 1] access-list ACL_NAT_GREY pool NAT_POOL_GREY refcount 315674 pool NAT_POOL_GREY: id 1, netmask 255.255.255.224 start *.*.125.1 end *.*.125.31 type generic, total addresses 31, allocated 29 (93%), misses 1367 nat-limit statistics: max entry: max allowed 1500000, used 315672, missed 0 All Host Max allowed: 1500 In-to-out drops: 12784407 Out-to-in drops: 1610 Pool stats drop: 0 Mapping stats drop: 0 Port block alloc fail: 0 IP alias add fail: 0 Limit entry add fail: 0 Получается что используется 23 адреса, но в 10 из них по одному клиенту Подскажите куда копать, думаю глюк софта, может работает у кого данная конфигурация? Edited April 29, 2021 by Garikys Вставить ник Quote
zhenya` Posted April 28, 2021 Posted April 28, 2021 В ацл сделайте permit icmp permit tcp permit udp.. Вставить ник Quote
Garikys Posted May 2, 2021 Author Posted May 2, 2021 В 28.04.2021 в 18:26, zhenya` сказал: В ацл сделайте permit icmp permit tcp permit udp.. Доброго дня, при данном листе, как он будет натить GRE? Вставить ник Quote
ShyLion Posted May 12, 2021 Posted May 12, 2021 On 5/2/2021 at 1:10 PM, Garikys said: Доброго дня, при данном листе, как он будет натить GRE? никак не будет. PPTP - устаревшая технология (реально), пущай абоны пользуют L2TP/IPSec редким особо упертым проще продать/выдать реальный адрес GRE циска не умеет overload'ить Вставить ник Quote
.png.5d2afa2996cc6a85d0f2c09b92dd0a28.png)
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.