Routing

Expand all | Collapse all

Deterministic NAT on MX + MS-MPC (CGNAT)

Jump to Best Answer
  • 1.  Deterministic NAT on MX + MS-MPC (CGNAT)

    Posted 06-23-2020 03:57

    Hi,

     

    In RFC7422 (on page 5 and 7) preset info about :

    Dynamic address pool factor (D), to be added to the compression
          ratio in order to create an overflow address pool

    Is there support for this feature (in addition to determinitic port allocation, be able to allocate dynamic port blocks) in Junos, and if so, in which version. My test on JunOS 17.3R3-S2.2 shows that this is not supported on this version JunOS.

     

    Thank you in advance.

     

     



  • 2.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)
    Best Answer

    Posted 06-23-2020 04:56

    Hello,

    Overflow NAT pool is not supported with JUNOS Deterministic NAT.

    HTH

    Thx

    Alex



  • 3.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)

    Posted 06-23-2020 09:43

    Thanks for the idea! When I first studied the documentation, I saw an option, but already forgot about it:

     

    # set services nat rule NAT-RULE-2 term T1 then translated overload-pool ?
    Possible completions:
      <overload-pool>      NAT pool to be used when source pool is overloaded
      NAT-POOL-1
      NAT-POOL-2
      NAT-POOL-exception

    I will try it.



  • 4.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)

    Posted 06-24-2020 01:58

    Sorry, but overload-pool is a little different 😞

     

    Apparently, the functionality I needed was never implemented by Juniper.

     



  • 5.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)

     
    Posted 06-23-2020 05:01

    Hi Yury,

     

    Can you please share how you verified the absence of the feature?

     

    As of now, I could not find in the public documentation. But this feature must've been implemented is what I suppose.

     

    Let me check more and share here if I find anything.

     

    //Nex



  • 6.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)

    Posted 06-23-2020 09:31

    Very simple.
    Configured a pool with a small number of ports in block (block-size = 32) :

     

    pool NAT-POOL-2 {
        address-range low x.x.x.0 high x.x.x.255;
        port {
            automatic {
                random-allocation;
            }
            deterministic-port-block-allocation block-size 32 include-boundary-addresses;
        }
    }

    and tried initiate 40 sessions from the workstation (connection to a server behind  NAT).

     

    > show services nat pool NAT-POOL-2 detail
    Interface: ms-5/3/0, Service set: SS-NAT-2
      NAT pool: NAT-POOL-2, Translation type: DETERMINISTIC NAPT44
        Address range: x.x.x.160-x.x.x.x.251
        Configured port range: 1024-65535
        Port range: 1024-65535, Ports in use: 32, Out of port errors: 0
        Parity port errors: 0, Preserve Range errors: 0
        Max ports used: 32
        AP-P port allocation errors: 0, AP-P port limit allocation errors: 0
        Memory allocation errors: 0
        Max number of port blocks used: 1, Current number of port blocks in use: 1, Port block allocation errors: 0
        DetNAT subscriber exceeded port limits: 101
        Unique pool users: 0
        EIF Inbound session count: 0
        EIF Inbound session Limit exceeded drops: 0

     

    It is very strange that a Juniper employee participated in the development of RFC7422, but the feature was never implemented. Of course I asked Olivier Vautrin, but so far I have not received an answer.

     

    In general, this idea is a good one. Unfortunately, this feature is not implemented in Juniper. 😞

     

    If it were possible to make a request in Juniper for the implementation of this functionality - it would be great.