We are using Juniper MX480s with SPC3 cards for CGNAT. Currently we have TCP and UDP ports with specific inactivity-timeouts, all working well as attended. A port block would be allocated and when the active-block-timeout expires would allocate a new port block and new sessions would use the new block and the sessions that are still open would remain on the old port block. All good and well, but we require the session to eventually also be moved over to the new port block or closed, as the session would keep this port block open and never be released. F5 CGNAT routers call this zombie sessions .
"A zombie port block, which is a port block that has reached the Block Lifetime limit but cannot be released due to active connections, is released when all active connections become inactive, or when the Zombie Timeout value is reached."
Would Juniper have a way in which these "Zombie" sessions be released/closed or moved to new allocated port block. Similar to the F5 to timeout a "Zombie" session, or alternatively running a specific command or script?
Example of a user which have many "Zombie" sessions.
Interface: mams-1/0/0
Pool name: NAT-POOL-1
Port-overloading-factor: 1 Port block size: 128
Max port blocks per host: 12 Port block active timeout: 930
Used/total port blocks per host: 7/12
Host_IP External_IP Port_Block Ports_Used/ Block_State/
Range Ports_Total Left_Time(s)
1.2.3.4 5.6.7.8 4224-4351 3/128*1 Inactive/-
1.2.34 5.6.7.8 4992-5119 2/128*1 Inactive/-
1.2.3.4 5.6.7.8 18816-18943 22/128*1 Active/495
1.2.3.4 5.6.7.8 31232-31359 1/128*1 Inactive/-
1.2.3.4 5.6.7.8 39424-39551 3/128*1 Inactive/-
1.2.3.4 5.6.7.8 48640-48767 1/128*1 Inactive/-
1.2.3.4 5.6.7.8 59776-59903 1/128*1 Inactive/-
Would appreciate your assistance.
------------------------------
Christiaan
------------------------------