<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hi everyone,<br>
As i'm new to redback and to this list, plz tell me if i will be
asking stupid questions :)<br>
<br>
I have a strange problem with NAT logging. In my implementations
besides PPPoE subscribers i have small (but still) raw ethernet
network customers which are addressed in local addresses (mask /23).
I'm planning to migrate them to PPPoE later but due to formal
reasons i cant do it now. So i have to put NAT on them too but the
whole network is passing one single interface on redback. And here i
have a problem. NAT logging is working corectly only until around
1000-1500 port microblocks (32 ports) assigned. Later it is still
assigning the ports and our customers can see the outside network,
but the netflow collector is not receiving any UDP packets regarding
those assignments. Therefore all data about NAT usage at this point
is lost. It looks like logging process "wakes up" when i take out
the nat policy from the interface and put it there again. But whole
data about assignments made during the "hang up" is lost (never
comes to my collector).<br>
<br>
The curious thing about it is the fact, that while on one interface
logging process is already "hang", the other interface which uses
the same nat policy, so also the same pool, and the same nat logging
policy works fine. But only till 1000-1500 open assignments (the
number varies from try to try). So it looks like there is some
strange problem with the ammount of assignments but documentations
does not say anything about it. <br>
<br>
Could u plz look at my configuration and give me some hints about it
?<br>
<br>
<font face="Courier New, Courier, monospace">context userAccess</font><br>
<font face="Courier New, Courier, monospace"> nat logging-profile
natLogging<br>
transport-protocol udp<br>
export-version v9<br>
dscp ef<br>
maximum ip-packet-size 1400<br>
source x.x.x.x port 4242<br>
destination y.y.y.y context userAccess port 9995<br>
!<br>
!<br>
ip nat pool publicNatIP napt logging<br>
logging-profile natLogging<br>
address 188.122.20.96 to 188.122.20.103<br>
exclude well-known<br>
!<br>
policy access-list publicNatAccess<br>
seq 10 permit ip 192.168.0.0 0.0.255.255 class NAT<br>
</font><font face="Courier New, Courier, monospace"><font
face="Courier New, Courier, monospace"> seq 20 permit ip any
host 188.122.20.39 class IGNORE<br>
</font> seq 30 permit ip 188.122.0.0 0.0.31.255 class IGNORE<br>
!<br>
nat policy publicNatPolicy enhanced<br>
! Default class<br>
drop<br>
icmp-notification<br>
! Named classes<br>
access-group publicNatAccess<br>
class NAT<br>
pool publicNatIP userAccess<br>
timeout tcp 21600<br>
timeout udp 180<br>
timeout abandoned 3600<br>
inbound-refresh udp<br>
icmp-notification<br>
class IGNORE<br>
ignore<br>
inbound-refresh udp<br>
icmp-notification<br>
!<br>
!<br>
interface localIf<br>
! bound to 3/1 vlan-id 301 circuit<br>
ip address 192.168.100.1/24<br>
ip nat publicNatPolicy<br>
<br>
interface natingIf<br>
</font><font face="Courier New, Courier, monospace"><font
face="Courier New, Courier, monospace"> ! bound to 3/1 vlan-id
1759 circuit<br>
</font> ip address 188.122.20.39/27</font><br>
<font face="Courier New, Courier, monospace"> ip nat
publicNatPolicy</font><br>
<br>
As u can see here there are 2 interfaces. "LocalIf" is the interface
with low ammount of traffic (there are at most 30 hosts in this
network) and "natingIf" is the one receiving that large ammount.
There is mostly traffic from 192.168.0.0/16 address space but not
only - thats why it is addressed by public IP address, and there is
"ignore" stansa for public addresses :)<br>
<br>
Thanks in advance.<br>
Best regards,<br>
<br>
<pre class="moz-signature" cols="72">--
Wojciech Wrona
</pre>
</body>
</html>