[rbak-nsp] Redback NAT Logging strange issue

w0jtas - Wojciech Wrona w0jtas at w0jtas.com
Fri Aug 7 06:22:47 EDT 2015 

Hi everyone,
As i'm new to redback and to this list, plz tell me if i will be asking
stupid questions :)

I have a strange problem with NAT logging. In my implementations besides
PPPoE subscribers i have small (but still) raw ethernet network
customers which are addressed in local addresses (mask /23). I'm
planning to migrate them to PPPoE later but due to formal reasons i cant
do it now. So i have to put NAT on them too but the whole network is
passing one single interface on redback. And here i have a problem. NAT
logging is working corectly only until around 1000-1500 port microblocks
(32 ports) assigned. Later it is still assigning the ports and our
customers can see the outside network, but the netflow collector is not
receiving any UDP packets regarding those assignments. Therefore all
data about NAT usage at this point is lost. It looks like logging
process "wakes up" when i take out the nat policy from the interface and
put it there again. But whole data about assignments made during the
"hang up" is lost (never comes to my collector).

The curious thing about it is the fact, that while on one interface
logging process is already "hang", the other interface which uses the
same nat policy, so also the same pool, and the same nat logging policy
works fine. But only till 1000-1500 open assignments (the number varies
from try to try). So it looks like there is some strange problem with
the ammount of assignments but documentations does not say anything
about it.

Could u plz look at my configuration and give me some hints about it ?

context userAccess
 nat logging-profile natLogging
  transport-protocol udp
  export-version v9
  dscp ef
  maximum ip-packet-size 1400
  source x.x.x.x port 4242
  destination y.y.y.y context userAccess port 9995
!
!
 ip nat pool publicNatIP napt logging
  logging-profile natLogging
  address 188.122.20.96 to 188.122.20.103
   exclude well-known
!
 policy access-list publicNatAccess
  seq 10 permit ip 192.168.0.0 0.0.255.255 class NAT
  seq 20 permit ip any host 188.122.20.39 class IGNORE
  seq 30 permit ip 188.122.0.0 0.0.31.255 class IGNORE
!
 nat policy publicNatPolicy enhanced
! Default class
  drop
  icmp-notification
! Named classes
  access-group publicNatAccess
   class NAT
    pool publicNatIP userAccess
    timeout tcp 21600
    timeout udp 180
    timeout abandoned 3600
    inbound-refresh udp
    icmp-notification
   class IGNORE
    ignore
    inbound-refresh udp
    icmp-notification
!
!
 interface localIf
  ! bound to 3/1 vlan-id 301 circuit
  ip address 192.168.100.1/24
  ip nat publicNatPolicy

 interface natingIf
  ! bound to 3/1 vlan-id 1759 circuit
  ip address 188.122.20.39/27
  ip nat publicNatPolicy

As u can see here there are 2 interfaces. "LocalIf" is the interface
with low ammount of traffic (there are at most 30 hosts in this network)
and "natingIf" is the one receiving that large ammount. There is mostly
traffic from 192.168.0.0/16 address space but not only - thats why it is
addressed by public IP address, and there is "ignore" stansa for public
addresses :)

Thanks in advance.
Best regards,

-- 
Wojciech Wrona

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20150807/cad0f191/attachment.html>

More information about the redback-nsp mailing list