[leveler]

Добрый день!

По поиску именно мою проблему не нашёл. Пишу сюда поэтому.

 

Использую PAT (NAT overload) на ASR1002. Но у меня из 31 адреса в пуле только одни уходит под overload, а остальные 30 под 1-в-1. Как так?

 

Искал на цыско.ком в багах, не нашёл ничего схожего тоже.

 

Версия софта:

Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVIPSERVICES-M), Version 15.0(1)S2, RELEASE SOFTWARE (fc1)

 

Верси железа:

ASR1002#sh inventory
NAME: "Chassis", DESCR: "Cisco ASR1002 Chassis"
PID: ASR1002           , VID: V04, SN: <серийник>

NAME: "module F0", DESCR: "Cisco ASR1000 Embedded Services Processor, 5Gbps"
PID: ASR1000-ESP5      , VID: V03, SN: <серийник>

NAME: "Power Supply Module 0", DESCR: "Cisco ASR1002 AC Power Supply"
PID: ASR1002-PWR-AC    , VID: V02, SN: <серийник>

NAME: "Power Supply Module 1", DESCR: "Cisco ASR1002 AC Power Supply"
PID: ASR1002-PWR-AC    , VID: V02, SN: <серийник>

NAME: "module 0", DESCR: "Cisco ASR1002 SPA Interface Processor 10"
PID: ASR1002-SIP10     , VID: V04, SN: <серийник>

NAME: "SPA subslot 0/1", DESCR: "5-port Gigabit Ethernet Shared Port Adapter"
PID: SPA-5X1GE-V2      , VID: V02, SN: <серийник>

NAME: "subslot 0/1 transceiver 1", DESCR: "GE LX"
PID: N/A                 , VID: 0000, SN: <серийник>

NAME: "subslot 0/1 transceiver 3", DESCR: "GE LX"
PID: N/A                 , VID: 1.0 , SN: <серийник>

NAME: "subslot 0/1 transceiver 4", DESCR: "GE LX"
PID: N/A                 , VID: 1.0 , SN: <серийник>

NAME: "SPA subslot 0/0", DESCR: "4-port Gigabit Ethernet Shared Port Adapter"
PID: 4XGE-BUILT-IN     , VID: V00, SN: <серийник>

NAME: "subslot 0/0 transceiver 1", DESCR: "GE T"
PID: N/A                 , VID: 1.0 , SN: <серийник>

NAME: "subslot 0/0 transceiver 2", DESCR: "GE LX"
PID: N/A                 , VID: 1.0 , SN: <серийник>

NAME: "subslot 0/0 transceiver 3", DESCR: "GE LX"
PID: N/A                 , VID: 1.0 , SN: <серийник>

NAME: "module R0", DESCR: "Cisco ASR1002 Route Processor 1"
PID: ASR1002-RP1       , VID: V04, SN: <серийник>

 

Настройки NAT:

ip nat translation timeout 3600
ip nat translation tcp-timeout 900
ip nat translation udp-timeout 180
ip nat translation finrst-timeout 45
ip nat translation syn-timeout 45
ip nat translation dns-timeout 30
ip nat translation icmp-timeout 45
ip nat translation port-timeout tcp 110 60
ip nat translation port-timeout tcp 25 60
ip nat translation port-timeout tcp 6112 1800
ip nat translation port-timeout tcp 5222 1800
ip nat translation port-timeout tcp 1723 1800
ip nat translation port-timeout tcp 3389 1800
ip nat translation max-entries 1000000
no ip nat service H225
no ip nat service ras

ip nat pool ttk-1 100.100.100.225 100.100.100.255 prefix-length 27

ip nat inside source route-map nat-ttk-1 pool ttk-1 overload

ip nat inside source route-map nat-ttk-1 pool ttk-1 overload
route-map nat-ttk-1 deny 5
match ip address real-ip-ttk
route-map nat-ttk-1 permit 10
match ip address subscr-nat
match interface GigabitEthernet0/0/1

 

Статистика NAT:

ASR1002#sh ip nat statistics
...
[Id: 3] route-map nat-ttk-1 pool ttk-1 refcount 139531
pool ttk-1: netmask 255.255.255.224
        start 100.100.100.225 end 100.100.100.255
        type generic, total addresses 31, allocated 31 (100%), misses 468
...

 

В лог периодически сыпется:

018160: Mar  5 17:42:40.337 OMST: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:00 Thread:038 TS:00006069156812517226 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 3 may be exhausted
018161: Mar  5 17:42:45.468 OMST: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:00 Thread:016 TS:00006069161943352867 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 3 may be exhausted
018162: Mar  5 17:42:51.324 OMST: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:00 Thread:006 TS:00006069167799112707 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 3 may be exhausted
018163: Mar  5 18:01:24.181 OMST: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:00 Thread:088 TS:00006070280602411529 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 3 may be exhausted
018164: Mar  5 18:01:29.384 OMST: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:00 Thread:001 TS:00006070285805108696 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 3 may be exhausted
018165: Mar  5 18:01:34.405 OMST: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:00 Thread:029 TS:00006070290826736266 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 3 may be exhausted
018166: Mar  5 18:01:39.791 OMST: %IOSXE-6-PLATFORM: F0: cpp_cp: QFP:00 Thread:030 TS:00006070296212145339 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 3 may be exhausted

[leveler]

Сделал пул rotary:

ip nat pool ttk-1 100.100.100.225 100.100.100.255 prefix-length 27 type rotary

Пишет, что выделен один адрес:

[Id: 8] route-map nat-ttk-1 pool ttk-1 refcount 104772
pool ttk-1: netmask 255.255.255.224
        start 100.100.100.225 end 100.100.100.255
        type rotary, total addresses 31, allocated 1 (3%), misses 0

Но через show ip nat stat | i 100.100.100.2 вижу, что 14 адресов записано как натирование 1-в-1.

 

Где я туплю?

[Walday]

Тема вроде поднималась - не работает на ASR1002 overload.. команда принимается, а не работает..

[leveler]

Тема вроде поднималась - не работает на ASR1002 overload.. команда принимается, а не работает..

А ссылкой не поделитесь?