NAT POOL DEPLETION REPORT USING EEM

Answered Question
Mar 4th, 2008

How can I have a log generated on a router incase of NAT POOL depletion using EEM

The show ip nat statistics command would return the percentage X of addresses used in a NAT pool.

In case the percentage X = or > 80% a logg should be triggered and if possible it has to send a small email notification if possible.

Has anyone done the scripting for this before. If so could you please me know.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 8 years 10 months ago

Then this script should work. It hasn't been thoroughly tested, but it should send a syslog message when the NAT pool usage reaches a certain threshold. To install it you will first need to create a directory on flash called, for example, policies:

Router#mkdir flash:/policies

Then copy the script into that directory:

Router#copy tftp://1.1.1.1/nat-pool-pol.tcl flash:/policies

Then, you will need to set two EEM environment variables: nat_pool_name and nat_pool_threshold. For example:

event manager environment nat_pool_name hotspot

event manager environment nat_pool_threshold 80

Then you will need to tell EEM where to find user policies:

event manager directory policy flash:/policies

Then register the nat-pool-pol.tcl policy:

event manager policy nat-pool-pol.tcl type user

The policy will run every 60 seconds, and check the capacity of the specified NAT pool. If the pool's capacity is at or over the specified threshold, a syslog message will be sent.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dinesh_ramesh Wed, 03/05/2008 - 09:40

Here is a the output..

7206VXR#sh ip nat statistics

** concatinated output **

Hits: 18226897 Misses: 218029

CEF Translated packets: 17341492, CEF Punted packets: 1069060

Expired translations: 539664

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 10 pool hotspot refcount 468

pool hotspot: netmask 255.255.255.0

start X.X.X.10 end X.X.X.254

type generic, total addresses 245, allocated 108 (44%), misses 0

Queued Packets: 0

Correct Answer
Joe Clarke Wed, 03/05/2008 - 14:09

Then this script should work. It hasn't been thoroughly tested, but it should send a syslog message when the NAT pool usage reaches a certain threshold. To install it you will first need to create a directory on flash called, for example, policies:

Router#mkdir flash:/policies

Then copy the script into that directory:

Router#copy tftp://1.1.1.1/nat-pool-pol.tcl flash:/policies

Then, you will need to set two EEM environment variables: nat_pool_name and nat_pool_threshold. For example:

event manager environment nat_pool_name hotspot

event manager environment nat_pool_threshold 80

Then you will need to tell EEM where to find user policies:

event manager directory policy flash:/policies

Then register the nat-pool-pol.tcl policy:

event manager policy nat-pool-pol.tcl type user

The policy will run every 60 seconds, and check the capacity of the specified NAT pool. If the pool's capacity is at or over the specified threshold, a syslog message will be sent.

dinesh_ramesh Wed, 03/05/2008 - 14:20

Thanks a lot !

Will try this out and let you know on the outcome.

Just one question though ? is the tcl script written capable of sending the syslog message to an smtp server so as to send a mail to the operator ?

Joe Clarke Wed, 03/05/2008 - 14:51

This version will send email using the attached template. You must also copy the template to somewhere on flash. Then, you will need to set the following additional EEM environment variables:

nat_pool_email_template : fully-qualified path to the email template in flash

_email_server : SMTP server

_email_from : From email address

_email_to : To email address

_email_cc : Optional email Cc address

If all of those are properly set, the script will send an email and a syslog message when the threshold is reached.

dinesh_ramesh Thu, 03/06/2008 - 02:03

I have applied the scripts and the necessary configuration.

It works fine. I am yet to test the email faciltity for the logs generated.

Thanks once again for your help. Appreciate it !

marcin.pajaczko... Wed, 06/23/2010 - 06:15

Hi

It is possible to modify this script to send message to syslog when Total active translations reaches specified threshold?

Joe Clarke Wed, 06/23/2010 - 11:49

It already does that.  The product if this script is to send a syslog message when the NAT translation pool crosses a configurable threshold.  The message will look like:

NAT pool [pool] is at [usage]% capacity

marcin.pajaczko... Wed, 06/23/2010 - 12:11

But we are using NAT with overload where is only one address in pool so allocated addresses are always 100%

NAT pool is at 100% capacit all the time

for example:

Router#sh ip nat stat
Total active translations: 137 (0 static, 137 dynamic; 137 extended)
Peak translations: 34, occurred 04:10:00 ago
Outside interfaces:
  FastEthernet1/0
Inside interfaces:
  FastEthernet1/1
Hits: 7805  Misses: 0
CEF Translated packets: 7443, CEF Punted packets: 384
Expired translations: 358
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 7 pool pula refcount 1
pool pula: netmask 255.255.255.0
        start 192.168.1.146 end 192.168.1.146
        type generic, total addresses 1, allocated 1 (100%), misses 0

So for us perfect sollution would be send msg to syslog (or trap) when Total active translations exceeds some threshold for example 800.

Joe Clarke Wed, 06/23/2010 - 13:01

I suppose in your case, you could match on the total number of static and dynamic translations, and subtract that from 65536 to get the capacity.

marcin.pajaczko... Wed, 06/23/2010 - 13:54

First sorry for my English.

I tried to modify script nat-pool-pol.tcl but i don't know to much about tcl.

I tried change regexp to get value from "Total active translations:" field and compare to nat_pool_threshold. But i am not programer. I thhink it is simples sollution and could work. But nothing happend.

Could you help me? please.

marcin.pajaczko... Thu, 06/24/2010 - 13:39

I tested this script and I had to add" {" in one place and move "break" to other place, but script is really good and is  working great.

I modify it to send snmp trap when reaches threshold.

Both scripts I upload here for others people. I think it is big problem to monitor NAT translations, because most of cisco IOS doesn't support snmp OID's to monitor NAT translations especially from cisco-ext-nat-mib. 

I would like to thank you Joe for help. You are doing a good job.

Actions

This Discussion