[c-nsp] NAT logging ASR1k
Aaron Gould
aaron1 at gvtc.com
Mon Jul 9 08:29:54 EDT 2018
You wanna see the juniper configs for your ASR1006?
Not sure why we didn't use netflow. I guess because syslog worked and that's where the docs led me
Aaron
> On Jul 9, 2018, at 2:52 AM, Ring Bit <ringbit at mail.com> wrote:
>
> Hi Aaron,
>
> Could you post the nat configs?
>
> Why not use Netflow?
>
> Thanks.
> T.
>
>> Sent: Sunday, July 08, 2018 at 10:14 PM
>> From: "Aaron Gould" <aaron1 at gvtc.com>
>> To: ringbit at mail.com
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] NAT logging ASR1k
>>
>> Bulk logging and port block allocation (PBA)?
>>
>> https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-bpa.html
>>
>> I do PBA in groups of 100 ports on my CGNAT deployment (juniper) and use syslog to log. Using port block allocation caused the syslogging to slow down significantly
>>
>> Aaron
>>
>>> On Jul 8, 2018, at 10:12 AM, ringbit at mail.com wrote:
>>>
>>> Hi everybody,
>>>
>>> Have an ASR 1006 doing NAT translations, it is having around 300k+ and wanted to ask for a recommendation about logging those NAT translations.
>>>
>>> Tried it with a collector via Netflow v9 with the export command "ip nat log translationsflow-export v9 udp destination" command the CPU spiked to 100%.
>>>
>>> Is there a recommendation as a workaround or have alternative solution which is easy on resources to those massive NAT translations?
>>>
>>> Thanks,
>>> T.
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
More information about the cisco-nsp
mailing list