Hi experts,
we have a strange problem on ASR 1K (RP ESP5) runnin IOS XE 03.10.03.S (15.3(3)S3) with nat44 using CGN mode on VRF-lite context.
We have around 75000 session active (limit is 500000), random some PPPoE subscriber stop of working, the ASR not pass any traffic exept a ICMP.
Here's an excerpt on the configuration:
ip nat settings mode cgn
no ip nat settings support mapping outside
ip nat translation timeout 300
ip nat translation tcp-timeout 2500
ip nat translation udp-timeout 300
ip nat translation finrst-timeout 45
ip nat translation syn-timeout 45
ip nat translation dns-timeout 45
ip nat translation icmp-timeout 45
ip nat translation max-entries 400000
ip nat translation max-entries all-host 500
ip nat service list 10 ftp tcp port 21
!
ip nat pool NAT_POOL_PUBLIC_51_178_167_46 51.178.167.46 51.178.167.46 netmask 255.255.255.0
ip nat inside source list NAT_POOL_PRIVATE_10_254_9_112 pool NAT_POOL_PUBLIC_51_178_167_46 vrf RACC_XDSL overload
!
Extended IP access list NAT_POOL_PRIVATE_10_254_9_112
10 deny ip 10.254.9.112 0.0.0.7 host xxx.xxx.xxx.xxx
20 deny ip 10.254.9.112 0.0.0.7 host xxx.xxx.xxx.xxx
30 deny ip 10.254.9.112 0.0.0.7 host xxx.xxx.xxx.xxx
40 permit tcp 10.254.9.112 0.0.0.7 any
50 permit udp 10.254.9.112 0.0.0.7 any
60 permit icmp 10.254.9.112 0.0.0.7 any
!
Status of VIA subinterface:
!
interface Virtual-Access2.1343
mtu 1500
ip nat inside
ip tcp adjust-mss 1452
end
!
Uplink configuration:
inte giga0/1
ip add xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
desc ** UPLINK***
ip nat outside
!
The only error sometime the ASR show is:
%IOSXE-6-PLATFORM: F0: cpp_cp: QFP:0.0 Thread:100 TS:00002894077329767228 %NAT-6-ADDR_ALLOC_FAILURE: Address allocation failed; pool 275 may be exhausted
No debug output if using the following commands:
IP NAT debugging is on for access list NAT_POOL_PRIVATE_10_254_9_112
IP NAT detailed debugging is on for access list NAT_POOL_PRIVATE_10_254_9_112
IP NAT max-limit debugging is on for access list NAT_POOL_PRIVATE_10_254_9_112
IP NAT mapping debugging is on for access list NAT_POOL_PRIVATE_10_254_9_112
IP NAT dynamic binding debugging is on for access list NAT_POOL_PRIVATE_10_254_9_112
IP NAT session debugging is on for access list NAT_POOL_PRIVATE_10_254_9_112
IP NAT pool debugging is on for access list NAT_POOL_PRIVATE_10_254_9_112
IP NAT Drops debugging is on for access list NAT_POOL_PRIVATE_10_254_9_112
Show Ver:
Cisco IOS XE Software, Version 03.10.03.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.3(3)S3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Sun 01-Jun-14 09:08 by mcpre
ROM: IOS-XE ROMMON
System image file is "bootflash:/asr1000rp1-adventerprisek9.03.10.03.S.153-3.S3-ext.b"
cisco ASR1002 (2RU) processor with 1666531K/6147K bytes of memory.
9 Gigabit Ethernet interfaces
1 Ten Gigabit Ethernet interface
1 ATM interface
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
7757823K bytes of eUSB flash at bootflash:.
Any ideas ?
Many thanks.