[c-nsp] NAT logging ASR1k
Ring Bit
ringbit at mail.com
Mon Jul 9 03:52:10 EDT 2018
Hi Aaron,
Could you post the nat configs?
Why not use Netflow?
Thanks.
T.
> Sent: Sunday, July 08, 2018 at 10:14 PM
> From: "Aaron Gould" <aaron1 at gvtc.com>
> To: ringbit at mail.com
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] NAT logging ASR1k
>
> Bulk logging and port block allocation (PBA)?
>
> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-bpa.html
>
> I do PBA in groups of 100 ports on my CGNAT deployment (juniper) and use syslog to log. Using port block allocation caused the syslogging to slow down significantly
>
> Aaron
>
> > On Jul 8, 2018, at 10:12 AM, ringbit at mail.com wrote:
> >
> > Hi everybody,
> >
> > Have an ASR 1006 doing NAT translations, it is having around 300k+ and wanted to ask for a recommendation about logging those NAT translations.
> >
> > Tried it with a collector via Netflow v9 with the export command "ip nat log translationsflow-export v9 udp destination" command the CPU spiked to 100%.
> >
> > Is there a recommendation as a workaround or have alternative solution which is easy on resources to those massive NAT translations?
> >
> > Thanks,
> > T.
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list