[c-nsp] PBA best practices

Aaron aaron1 at gvtc.com
Mon Feb 29 15:29:06 EST 2016 

Are you talking about cgnat ?  if so, Why do you only see blocks 512 and 1024 ?  I see 8 - 4096....

Where do you see these settings ?  I see bulk-port-alloc but I don't see anything about max-blocks-per-user, active-block-timeout, overall mapping-timeout, address sharing ratio ??


Mon Feb 29 14:25:16.812 CST
Building configuration...
!! IOS XR Configuration 5.3.1
service cgn cgn1
 service-location preferred-active 0/3/CPU0
 service-type nat44 nat1
  portlimit 5000
  alg ActiveFTP
  inside-vrf six
  !
 !
!
end

RP/0/RSP0/CPU0:eng-lab-9k-1(config-cgn-invrf)#bulk-port-alloc ?
  size  Bulk size for allocation.
        Should be greater or equal to one fourth of the port limit
         and less than twice the port limit.
        For optimum results, should be close to half the port limit
RP/0/RSP0/CPU0:eng-lab-9k-1(config-cgn-invrf)#bulk-port-alloc size ?
  none  No bulk allocation
  8     Allocate 8 ports in bulk
  16    Allocate 16 ports in bulk
  32    Allocate 32 ports in bulk
  64    Allocate 64 ports in bulk
  128   Allocate 128 ports in bulk
  256   Allocate 256 ports in bulk
  512   Allocate 512 ports in bulk
  1024  Allocate 1024 ports in bulk
  2048  Allocate 2048 ports in bulk
  4096  Allocate 4096 ports in bulk




-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Adam Vitkovsky
Sent: Thursday, February 25, 2016 5:56 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] PBA best practices

Hi folks,

Would like to ask regarding PBA best practices.

>From the documentation it was obvious that from a performance point of view using smaller number of larger pools is better than using large number of smaller pools.
But how do I strike the balance? In other words what is the average number of sessions for an average internet user?

I'm interested in these values in particular:
block-size ?saw 512 or 1024?
max-blocks-per-user ?have no idea 2 or 4?
active-block-timeout ?
overall mapping-timeout ?
address sharing ratio ?16:1 before spamhaus blacklists the public IP?

If anyone could share their experience or point me to some nanog presentation or a best practice doc that would be great.


adam



















        Adam Vitkovsky
        IP Engineer

T:      0333 006 5936
E:      Adam.Vitkovsky at gamma.co.uk
W:      www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of this email are confidential to the ordinary user of the email address to which it was addressed. This email is not intended to create any legal relationship. No one else may place any reliance upon it, or copy or forward all or any of it in any form (unless otherwise notified). If you receive this email in error, please accept our apologies, we would be obliged if you would telephone our postmaster on +44 (0) 808 178 9652 or email postmaster at gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with limited liability, with registered number 04340834, and whose registered office is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list