[c-nsp] ASR9K VSM

[Pshem Kowalczyk]

Hi,

The card is capable of 60mil translations, but you have to 'partition' your
traffic into at least 2 ServiceApp interface pairs (4 ServiceApp interfaces
total).

The port drops mean that the 'inside' IP/ports couldn't be mapped because
there is not enough ports left on give public IP. Do you do block
allocations? How many inside IPs per one outside IP? If these drops are
increasing quickly it means that your customers are most likely having
issues accessing the internet. The number of ports will be generally
specific to your customer base (for example setup for mobile tends to be
able to get away with less ports then customers on fibre access).

No translation drops are generally harmless - these are things like port
scans across your ranges, packets received past time-outs for give
protocols, etc.

kind regards
Pshem


On Sun, 27 Mar 2016 at 20:45 Mohammad Khalil <eng_mssk at hotmail.com> wrote:

> Dears
> I have installed VSM on ASR9K for NAT44 CGN
> I can see a lot of drops in the output of show cgn nat44 nat1 statistics
> RP/0/RSP0/CPU0:NAT1#show cgn nat44 nat1 statistics
>
>
>
> Statistics summary of NAT44 instance: 'nat1'
>
> Number of active translations: 4079397
>
> Inside to outside drops port limit exceeded: 155093
>
> No translation entry drops: 1617189
>
> I have some questions regarding this if you can assist
>
> One of the experts told me that number of active translations are 4M (it
> can be shown from the above output that the number is like that) , is this
> number per module ? per service ? can I configure extra to isolate this?
> inside to outside drops ?
> portlimit drops ? I have configured it to be 2048 , should I increase it ?
> 2048 means for each private IP address there is 2048 available ?
>
> Thanks in advance
>
> BR,
> Mohammad
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>