cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1662
Views
0
Helpful
15
Replies

NAT POOL DEPLETION REPORT USING EEM

dinesh_ramesh
Level 1
Level 1

How can I have a log generated on a router incase of NAT POOL depletion using EEM

The show ip nat statistics command would return the percentage X of addresses used in a NAT pool.

In case the percentage X = or > 80% a logg should be triggered and if possible it has to send a small email notification if possible.

Has anyone done the scripting for this before. If so could you please me know.

1 Accepted Solution

Accepted Solutions

Then this script should work. It hasn't been thoroughly tested, but it should send a syslog message when the NAT pool usage reaches a certain threshold. To install it you will first need to create a directory on flash called, for example, policies:

Router#mkdir flash:/policies

Then copy the script into that directory:

Router#copy tftp://1.1.1.1/nat-pool-pol.tcl flash:/policies

Then, you will need to set two EEM environment variables: nat_pool_name and nat_pool_threshold. For example:

event manager environment nat_pool_name hotspot

event manager environment nat_pool_threshold 80

Then you will need to tell EEM where to find user policies:

event manager directory policy flash:/policies

Then register the nat-pool-pol.tcl policy:

event manager policy nat-pool-pol.tcl type user

The policy will run every 60 seconds, and check the capacity of the specified NAT pool. If the pool's capacity is at or over the specified threshold, a syslog message will be sent.

View solution in original post

15 Replies 15

Joe Clarke
Cisco Employee
Cisco Employee

Please post an example output of the show ip nat statistics.

Here is a the output..

7206VXR#sh ip nat statistics

** concatinated output **

Hits: 18226897 Misses: 218029

CEF Translated packets: 17341492, CEF Punted packets: 1069060

Expired translations: 539664

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 10 pool hotspot refcount 468

pool hotspot: netmask 255.255.255.0

start X.X.X.10 end X.X.X.254

type generic, total addresses 245, allocated 108 (44%), misses 0

Queued Packets: 0

What version of IOS is this?

The image on the router is :

12.3(14) T4

Then this script should work. It hasn't been thoroughly tested, but it should send a syslog message when the NAT pool usage reaches a certain threshold. To install it you will first need to create a directory on flash called, for example, policies:

Router#mkdir flash:/policies

Then copy the script into that directory:

Router#copy tftp://1.1.1.1/nat-pool-pol.tcl flash:/policies

Then, you will need to set two EEM environment variables: nat_pool_name and nat_pool_threshold. For example:

event manager environment nat_pool_name hotspot

event manager environment nat_pool_threshold 80

Then you will need to tell EEM where to find user policies:

event manager directory policy flash:/policies

Then register the nat-pool-pol.tcl policy:

event manager policy nat-pool-pol.tcl type user

The policy will run every 60 seconds, and check the capacity of the specified NAT pool. If the pool's capacity is at or over the specified threshold, a syslog message will be sent.

Thanks a lot !

Will try this out and let you know on the outcome.

Just one question though ? is the tcl script written capable of sending the syslog message to an smtp server so as to send a mail to the operator ?

This version will send email using the attached template. You must also copy the template to somewhere on flash. Then, you will need to set the following additional EEM environment variables:

nat_pool_email_template : fully-qualified path to the email template in flash

_email_server : SMTP server

_email_from : From email address

_email_to : To email address

_email_cc : Optional email Cc address

If all of those are properly set, the script will send an email and a syslog message when the threshold is reached.

I have applied the scripts and the necessary configuration.

It works fine. I am yet to test the email faciltity for the logs generated.

Thanks once again for your help. Appreciate it !

Hi

It is possible to modify this script to send message to syslog when Total active translations reaches specified threshold?

It already does that.  The product if this script is to send a syslog message when the NAT translation pool crosses a configurable threshold.  The message will look like:

NAT pool [pool] is at [usage]% capacity

But we are using NAT with overload where is only one address in pool so allocated addresses are always 100%

NAT pool is at 100% capacit all the time

for example:

Router#sh ip nat stat
Total active translations: 137 (0 static, 137 dynamic; 137 extended)
Peak translations: 34, occurred 04:10:00 ago
Outside interfaces:
  FastEthernet1/0
Inside interfaces:
  FastEthernet1/1
Hits: 7805  Misses: 0
CEF Translated packets: 7443, CEF Punted packets: 384
Expired translations: 358
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 7 pool pula refcount 1
pool pula: netmask 255.255.255.0
        start 192.168.1.146 end 192.168.1.146
        type generic, total addresses 1, allocated 1 (100%), misses 0

So for us perfect sollution would be send msg to syslog (or trap) when Total active translations exceeds some threshold for example 800.

I suppose in your case, you could match on the total number of static and dynamic translations, and subtract that from 65536 to get the capacity.

First sorry for my English.

I tried to modify script nat-pool-pol.tcl but i don't know to much about tcl.

I tried change regexp to get value from "Total active translations:" field and compare to nat_pool_threshold. But i am not programer. I thhink it is simples sollution and could work. But nothing happend.

Could you help me? please.

This version should do what you want.  It is quite specialized, though.  It assumes one PAT pool with only one address.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco