NAT misses incrementing

Answered Question
Aug 20th, 2003
User Badges:

Can you explain what is happening when the "misses" field is incrementing on a "show ip nat statistics"? The command refernece explanation is "Number of times the software does a translations table lookup, fails to find an entry, and must try to create one".

Correct Answer by seilsz about 13 years 12 months ago

I *probably* wouldn't consider this a problem. The "misses" are normal behavior. When the router performs a dynamic translation, it inserts an entry for that translation into the NAT table. Additional packets that match that translation just use the existing entry in the NAT table (and are logged as "hits"). If the entry times out, or a packet needs to be translated that doesn't have an entry in the NAT table, IOS increments the "misses" counter and performs the translation.


Depending on your configuration, it may be possible to reduce the number of misses by increasing the timeout values for the entries in the NAT table.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
seilsz Thu, 08/21/2003 - 00:41
User Badges:
  • Bronze, 100 points or more

Basically traffic is passing through the router that should be translated, but an existing translation (either static or dynamic) doesn't already exist the in NAT table. IOS increments the "misses" field, as opposed to "hits", and performs the translation.


~Zach

mforthman Thu, 08/21/2003 - 06:05
User Badges:

If you were seeing a high number of misses would this be considered a problem? Do you have any idea what would normally cause the misses? If so what would be the fix for it?

Correct Answer
seilsz Thu, 08/21/2003 - 08:40
User Badges:
  • Bronze, 100 points or more

I *probably* wouldn't consider this a problem. The "misses" are normal behavior. When the router performs a dynamic translation, it inserts an entry for that translation into the NAT table. Additional packets that match that translation just use the existing entry in the NAT table (and are logged as "hits"). If the entry times out, or a packet needs to be translated that doesn't have an entry in the NAT table, IOS increments the "misses" counter and performs the translation.


Depending on your configuration, it may be possible to reduce the number of misses by increasing the timeout values for the entries in the NAT table.

Actions

This Discussion