View Only
last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

Juniper CGNAT not releasing sessions on port-block "Zombie sessions"

  • 1.  Juniper CGNAT not releasing sessions on port-block "Zombie sessions"

    Posted 05-24-2023 05:44

    We are using Juniper MX480s with SPC3 cards for CGNAT.  Currently we have TCP and UDP ports with specific  inactivity-timeouts, all working well as attended. A port block would be allocated and when the active-block-timeout expires would allocate a new port block and new sessions would use the new block and the sessions that are still open would remain on the old port block. All good and well, but we require the session to eventually also be moved over to the new port block or closed, as the session would keep this port block open and never be released. F5 CGNAT routers call this zombie sessions .
    "A zombie port block, which is a port block that has reached the Block Lifetime limit but cannot be released due to active connections, is released when all active connections become inactive, or when the Zombie Timeout value is reached."

    Would Juniper have a way in which these "Zombie" sessions be released/closed or moved to new allocated port block. Similar to the F5  to timeout a "Zombie" session, or alternatively running  a specific command or script?

    Example of a user which have many "Zombie" sessions.

    Interface: mams-1/0/0

    Pool name: NAT-POOL-1

    Port-overloading-factor:     1     Port block size:  128

    Max port blocks per host:   12     Port block active timeout: 930

    Used/total port blocks per host: 7/12

    Host_IP                       External_IP                    Port_Block          Ports_Used/        Block_State/

                                                                   Range             Ports_Total        Left_Time(s)                          4224-4351              3/128*1        Inactive/-   

    1.2.34                           4992-5119              2/128*1        Inactive/-                          18816-18943            22/128*1          Active/495                            31232-31359             1/128*1        Inactive/-                           39424-39551             3/128*1        Inactive/-                          48640-48767             1/128*1        Inactive/-                        59776-59903             1/128*1        Inactive/-

    Would appreciate your assistance.