Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

CGv6 on ISM: Features Supported Across IOS-XR Releases

Introduction

 

This document answers questions related to CGv6 Features supported on ISM card across different IOS-XR Releases. This document tries to list all the CGv6 on ISM related features in one place in a consolidated manner to help CGv6 on ISM customers. It does not intend to replace official IOS-XR release notes. For official release note document, please select "Release Notes for Cisco ASR 9000 Series Aggregation Services Routers for Cisco IOS-XR Software Release X.Y.Z" link for appropriate IOS-XR release.

 

 

Supported CGv6 features on ISM

1. Q. What all CGv6 features are supported on ISM and from which IOS-XR releases they are available ?

A. Following table captures different CGv6 features supported on ISM and also indicates from which IOS-XR release they are supported.

 

Feature GroupFeature DescriptionSupported on ISM from IOS-XR ReleaseAdditional Comments
Generic (Common to All Applications)Multiple CGv6 Applications on same ISM card4.2.0 
 Active/Standby ISM redundancy (warm)4.3.0 
NAT44Generic / Base support4.2.0 
 Active FTP ALG4.2.0Configurable per NAT44 instance.
 RTSP ALG4.2.1Configurable per NAT44 instance.
 PPTP ALG4.3.1Configurable per NAT44 instance.
 Port limit4.2.0Configurable per NAT44 instance.
 Netflow version 9 (NFv9) logging4.2.0Configurable per inside-VRF.
 Syslog logging4.2.1Configurable per inside-VRF.
 Bulk Port Allocation (BPA)4.2.1Configurable per inside-VRF.
 Destination Based Logging (DBL)4.3.0Configurable per inside-VRF.
 NFv9 logging with BPA4.2.1Configurable per inside-VRF.
 NFv9 logging with DBL4.3.0Configurable per inside-VRF
 Syslog loggging with BPA4.2.1Configurable per inside-VRF
 Syslog logging with DBL4.3.0Configurable per inside-VRF
 One-to-One mapping4.2.3Configurable per inside-VRF. One Public IP address is associated with maximum of one Private IP address. Multiple Private IP addresses are not mapped to single Public IP address, if this option is enabled.
 Many-to-One mapping4.3.2Configurable per inside-VRF. By this option, one Public IP address can be associated with a maximum (configurable) number of Private IP addresses.
 OutsideServiceApp mapping for inside-VRF4.2.3Configurable per inside-VRF. It is a MUST when you have multiple Outside ServiceApp interfaces inside same / single Outside VRF.
 VRF override for O2I traffic4.3.1For Out-to-In traffic (after translation), VRF can be overridden to be default VRF (instead of inside VRF) to perform forwarding lookup.
 Static Port Forwarding4.2.0Configurable per inside-VRF. User can specify a particular Inside/Private IP address, IP protocol and Port number which will be statically mapped to a Public IP address and Port, selected by the CGv6 Application. Usually, port number is preserved, unless there is a conflict (Port number is already in use).
 Active/Standby ISM redundancy (warm)4.3.0Dynamic NAT44 sessions will be re-established after the redundancy switchover. A different public IP address will be
 BNG and NAT44 inter-working4.2.1 
DS-LiteGeneric support4.2.1 
 Active FTP ALG4.3.0Configurable per DS-Lite instance.
 RTSP ALG4.3.0Configurable per DS-Lite instance.
 Port limit4.2.1Configurable per DS-Lite instance. In 4.2.1 release, it was per Private IPv4 address. In 4.3.0 release, it is made per B4 (IPv6 address) element.
 Netflow version 9 (NFv9) logging4.2.1Configurable per DS-Lite instance.
 Syslog logging4.2.1Configurable per DS-Lite instance.
 Bulk Port Allocation (BPA)4.2.1Configurable per DS-Lite instance.
 Destination Based Logging (DBL)4.3.0Configurable per DS-Lite instance.
 NFv9 logging with BPA4.2.1Configurable per DS-Lite instance.
 NFv9 logging with DBL4.3.0Configurable per DS-Lite instance.
 Syslog logging with BPA4.2.1Configurable per DS-Lite instance.
 Syslog logging with DBL4.3.0Configurable per DS-Lite instance.
 Active/Standby ISM redundancy (warm)4.3.0 
 BNG and DS-Lite inter-working4.3.0 
Stateful NAT64Generic support4.3.0  
 Active FTP ALG4.3.1Configurable per NAT64 instance.
 RTSP ALG4.3.1Configurable per NAT64 instance.
 Port limit4.3.0Configurable per NAT64 instance.
 Netflow logging4.3.0Configurable per NAT64 instance.
 Destination Based Logging (DBL)4.3.0Configurable per NAT64 instance.
 NFv9 logging with DBL4.3.1Configurable per NAT64 instance.
 Active/Standby ISM redundancy (warm)4.3.0 
MAP-TGeneric support4.3.0It is also supported Inline for line cards with Typhoon NPU. However, ISM card is needed for configuration, statistics and exception traffic (which are not processed inline).
 Active/Standby ISM redundancy (warm)4.3.0 
 BNG and MAP-T inter-working4.3.0 
MAP-EGeneric support4.3.1It is also supported Inline for line cards with Typhoon NPU. However, ISM card is needed for configuration, statistics and exception traffic (which are not processed inline).
 Active/Standby ISM redundancy (warm)4.3.1 
 BNG and MAP-E inter-working4.3.1 
6RDGeneric support4.3.1It is also supported Inline for line cards with Typhoon NPU. However, ISM card is needed for configuration, statistics and exception traffic (which are not processed inline).
 Active/Standby ISM redundancy (warm)4.3.1 
 BNG and 6RD inter-working4.3.1 

.

2. Q. What are the supported scale numbers related to CGv6 features on ISM ?

A. Following table captures different supported scale numbers related to CGv6 features on ISM.

 

Parameter NameParameter Value per ISMParameter Value per ASR9K ChassisAdditional Comments
Number of CGN/CGv6 Instances16

Under one CGN/CGv6 instance, multiple CGv6 Applications (like, NAT44, DS-Lite, NAT64, etc.) are supported.

Number of ServiceInfra Interfaces16ServiceInfra interface is used to send Management / Control traffic related to CGv6. Hence, only 1 ServiceInfra interface per ISM card is needed.
Number of ServiceApp interfaces244244For running a CGv6 Application instance (like, NAT44, DS-Lite, etc.), you need a pair of ServiceApp interfaces. Hence, you can run at the most 122 CGv6 Application instances (of different types) per ASR9K.
Number of NAT44 instances16Within 1 NAT44 instance, multiple Inside VRFs are possible. Several parameters can be configured on per Inside VRF.
Number of DS-Lite instances6464Each DS-Lite instance would need 1 pair of ServiceApp interfaces.
Number of Stateful NAT64 instances6464Each Stateful NAT64 instance would need 1 pair of ServiceApp interfaces.
Number of MAP-T instances6464Each MAP-T instance would need 1 pair of ServiceApp interfaces.
Number of MAP-E instances6464Each MAP-E instance would need 1 pair of ServiceApp interfaces.
Number of 6RD instances6464Each 6RD instance would need 1 pair of ServiceApp interfaces.
Number of Stateful NAT Translations20 Millions120 MillionsNAT DB is shared across NAT44, Stateful NAT64 and DS-Lite Applications.
Number of NAT Sessions20 Millions120 MillionsNAT Session DB is shared across NAT44, Stateful NAT64 and DS-Lite Applications.
Number of NAT Users1 Million6 MillionsNAT User DB is shared across NAT44, Stateful NAT64 and DS-Lite Applications.
Number of Static Port Forwarding Entries6,00036,000 
Number of Public IPv4 addresses65536 or /16  
Number of VRFs122 (Inside) + 122 (Outside)122 (Inside) + 122 (Outside)

- As we support maximum of 244 ServiceApp interfaces, at the most, we need to have 122 Inside and 122 Outside VRF.

- You can have less number of Outside VRFs as well.

- Please note that ASR9K supports much higher number of VRFs in the chassis. This is only with respect to CGv6 Application on ISM.

Number of IPv4 Prefixes512K Related to forwarding.
Number of IPv6 Prefixes128K Related to forwarding.
Number of MPLS labels256K Related to forwarding. Increased to 256K from 4.3.0 release onwards.

 

 

3. Q. What is the roadmap of CGv6 features on ISM?

A. Please contact your Cisco Account Team or ASR9K Product Marketing team (whichever you have access to).

 

4. Q. When a specific feature will be supported on ISM?

A. Please contact your Cisco Account Team or ASR9K Product Marketing team (whichever you have access to).

 

 

 

Note:

 

 

Version history
Revision #:
1 of 1
Last update:
‎10-31-2013 08:51 PM
Updated by:
 
Labels (1)
Comments
Bronze

Hi,

nice document, it will help me a lot because I have to configure NAT44 on a BNG for PPPoE subscribers.

We are using dualstack with IPv4 and IPv6 on the same session.

IPv4 address space is private RFC1918 and it has to be translated to a public one. IPv6 is of course public.

Subscribers are in a VRF and because NAT44 requires two VRFs, we will create an outside vrf.

My question is what happens with the IPv6 traffic? Does it just pass transparently throught the serviceapp interface to another service app interface, and then to the public internet?

I hope yes.

Cisco Employee

Your v4 traffic will be subject to translation, your v6 will not.

Note that there is only one vrf on the sub for both v4 and v6 traffic so you may want to use ABF or some other directive traffic mechanism to move the v4 traffic to the NAT engine and let v6 pass through and move via the general routing table.

(so comes down to a v4 access-group definition on the sub)

cheers!

xander

Bronze

Hi Xander,

I see that you cover everything

I checked my prepared config and I see that I have only a static route for ADF IPv4. If I don't forward IPv6 to service app then it will just not go through the ISM. Stupid me, too tired and  too much reading

Cisco Employee

Actually, you don't really need an outisde-VRF, you can perfectly use the Global Routing Table.

But indeed you may need to use an inside-VRF.

If your ingress physical interface (for i2o traffic) is assigned to this VRF, then you will need:

- a static (probably default) route to push your v4 traffic to the serviceApp inside (to the CGN engine)

- a static to "leak" your IPv6 traffic from the inside-VRF to the GRT (or the outside-VRF if you decide to use one).

If your ingress physical interface (for i2o traffic) is not assigned to this inside-VRF, then you will need:

- nothing for your v6 traffic, it will be routed naturally in the Global Routing Table to its destination

- an ABF matching the source/destination of your v4 traffic and pointing to the serviceApp interface in the inside-VRF (basically, a leak from GRT to inside-VRF via an ABF).

Finally, even if not used here, keep in mind that ABF for v6 traffic is not working on the first generation line cards (trident based).

Cheers,

N.

Bronze

Hi Nicolas,

yes I understand, I can use the global RT (vrf default) as outside vrf.

In my case it is a little bit different. The BNG is a multi-vrf device and we are using vrf-lite, and in vrf default is only a static route for RADIUS traffic.

I will just leak the IPv6 traffic from inside to outside vrf. I have a couple more ideas and I will test it tomorrow.

Thank you!

Bronze

Hi again,

CGN is working for one inside vrf (dualstack) which is PPPoE. Now I need to add a new inside vrf (ipoe) which is IPoE

but NAT is working only for vrf dualstack. I have to check with you if this is a valid config. I checked the config guide and I see that it's possible to add multiple inside vrfs, but in the guide different outside-vrf are used.

service cgn CGN44

service-location preferred-active 0/0/CPU0

service-type nat44 NAT44_1

  portlimit 65535

  alg ActiveFTP

  alg rtsp

  alg pptpAlg

  inside-vrf ipoe

   map outside-vrf hsi address-pool 195.x.x.232/29

  !

  inside-vrf dualstack

   map outside-vrf hsi address-pool 195.x.x.240/29   -----------   THIS ONE IS WORKING FINE

interface ServiceApp1

vrf dualstack

ipv4 address 172.31.31.1 255.255.255.252

service cgn CGN44 service-type nat44

!

interface ServiceApp2

vrf hsi

ipv4 address 172.31.31.5 255.255.255.252

service cgn CGN44 service-type nat44

interface ServiceApp3

vrf ipoe

ipv4 address 172.31.31.9 255.255.255.252

service cgn CGN44 service-type nat44

interface ServiceApp4    ---------------  I tried without this ServiceApp4, where I used ServiceApp2 for second inside-vrf, but                                                           it was not working, so I added ServiceApp4

vrf hsi

ipv4 address 172.31.31.13 255.255.255.252

service cgn CGN44 service-type nat44

router static

!

vrf hsi

  address-family ipv4 unicast

   80.65.81.64/29 Null0

   195.x.x.232/29 ServiceApp4

   195.x.x.240/29 ServiceApp2

vrf ipoe

  address-family ipv4 unicast

   0.0.0.0/0 ServiceApp3

   10.120.20.1/32 100.127.0.25

   10.120.20.59/32 100.127.0.25

!

vrf dualstack

  address-family ipv4 unicast

   0.0.0.0/0 ServiceApp1

Both public subnet are in the RIB of the PE, so it's not a routing issue.

The working inside vrf is PPPoE, and the one which is NOT working is IPoE. I can ping the GW (loopback) and the DHCP server but Internet is not working.

PPoE private subnet is a /16, and IPoE is a /16, too. Public subnets are /29, but port limit is at max.

Maybe you have an idea.

p.s. ISM module has been reloaded twice. The second time because "show cgn nat44 NAT44_1 statistics" was giving an error "core response failure".

Bronze

Here is the "show cgn trace master-agent apply reverse" output. I see some messages about no free ports etc.

I tried with a large public subnet 5.0.0.0/19 but still no translations on the ISM module. Only the working one...

Feb 13 15:01:25.854 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 15:01:25.854 cgn/ma/apply 0/RSP0/CPU0 t4  config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command

Feb 13 15:01:25.853 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 15:01:25.853 cgn/ma/apply 0/RSP0/CPU0 t4  Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x960', start-addr: '195.222.57.232', end-addr: '195.222.57.239'

Feb 13 15:01:25.851 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0

Feb 13 15:01:25.851 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_cfg_apply.c Line:909 cgn inst: CGN44 :Fail to get intf details for VRF: value:ipoe value:

Feb 13 15:00:48.044 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 15:00:48.044 cgn/ma/apply 0/RSP0/CPU0 t4  config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command

Feb 13 15:00:48.043 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 15:00:48.040 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0

Feb 13 14:58:02.458 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:58:02.458 cgn/ma/apply 0/RSP0/CPU0 t4  config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command

Feb 13 14:58:02.457 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:58:02.457 cgn/ma/apply 0/RSP0/CPU0 t4  Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x960', start-addr: '5.0.0.0', end-addr: '5.0.31.255'

Feb 13 14:58:02.456 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0

Feb 13 14:58:02.456 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_cfg_apply.c Line:909 cgn inst: CGN44 :Fail to get intf details for VRF: value:ipoe value:

Feb 13 14:57:25.346 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgnma_ip_prefix_validate Line:941 :Error 'cgn' detected the 'warning' condition 'Prefix value is out of range for this platform'

Feb 13 14:57:05.538 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:57:05.538 cgn/ma/apply 0/RSP0/CPU0 t4  config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command

Feb 13 14:57:05.537 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:57:05.534 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0

Feb 13 14:31:33.180 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_imc.c Line:2812 cgn inst:  :Interface not found in Database value:ServiceApp4 value:

Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_msg_handler Line:1355 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_avl_search_global_intf Line:132 :Error 'lib-avl' detected the 'warning' condition 'not found in avl tree'

Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_msg_handler Line:1355 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_avl_search_global_intf Line:132 :Error 'lib-avl' detected the 'warning' condition 'not found in avl tree'

Feb 13 14:31:33.170 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_rsi_intf_handler Line:2130 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:31:33.166 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_intf_query_sysdb Line:271 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:31:33.162 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_intf_query_sysdb Line:271 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:27:22.061 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:27:22.061 cgn/ma/apply 0/RSP0/CPU0 t4  config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command

Feb 13 14:27:22.060 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:27:22.060 cgn/ma/apply 0/RSP0/CPU0 t4  Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x960', start-addr: '195.222.57.232', end-addr: '195.222.57.239'

Feb 13 14:27:22.059 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0

Feb 13 14:27:22.059 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_cfg_apply.c Line:909 cgn inst: CGN44 :Fail to get intf details for VRF: value:ipoe value:

Feb 13 14:26:50.397 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_msg_handler Line:1355 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:26:50.397 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_avl_search_global_intf Line:132 :Error 'lib-avl' detected the 'warning' condition 'not found in avl tree'

Feb 13 14:26:50.397 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_msg_handler Line:1355 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:26:50.397 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_avl_search_global_intf Line:132 :Error 'lib-avl' detected the 'warning' condition 'not found in avl tree'

Feb 13 14:26:05.810 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:26:05.810 cgn/ma/apply 0/RSP0/CPU0 t4  config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command

Feb 13 14:26:05.809 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:26:05.805 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0

Feb 13 14:23:38.222 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_rsi_intf_handler Line:2130 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:23:38.218 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_intf_query_sysdb Line:271 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:23:38.214 cgn/ma/apply 0/RSP0/CPU0 t1  Function cgn_ma_intf_query_sysdb Line:271 :Error 'cgn' detected the 'warning' condition 'Requested data not found'

Feb 13 14:21:53.655 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:21:53.655 cgn/ma/apply 0/RSP0/CPU0 t4  config ip one to one-0x2f fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:Invalid command

Feb 13 14:21:53.654 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:21:53.654 cgn/ma/apply 0/RSP0/CPU0 t4  Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x960', start-addr: '195.222.57.232', end-addr: '195.222.57.239'

Feb 13 14:21:53.653 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0

Feb 13 14:21:53.653 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_cfg_apply.c Line:909 cgn inst: CGN44 :Fail to get intf details for VRF: value:ipoe value:

Feb 13 14:21:53.651 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:19:17.291 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:19:17.291 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:755 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to active location'

Feb 13 14:19:17.291 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:19:17.286 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:19:17.286 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:755 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to active location'

Feb 13 14:19:17.285 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:19:17.280 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:19:17.274 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 14:19:17.224 cgn/ma/apply 0/RSP0/CPU0 t1  cgn_ma_nat44_build_msg.c Line:2083 cgn inst: CGN44 :Both refbits are set value:0

Cisco Employee

Hi,

Please take a look at https://supportforums.cisco.com/docs/DOC-37514#Multiple_Outside_ServiceApps_sharing_same_Outside_VRF. You need to use "outsideServiceApp <>" option in "map" CLI command.

regards,

Somnath.

Bronze

Hi,

thanks Somnath. I tried this to a few hours ago and it was not working.

I tried it again and I have the same problem. Only IPs in the dualstack vrf with PPPoE are being translated.

I have this config now and I for example this show command is working only for dualstack, and not for ipoe.

show cgn nat44 NAT44_1 pool-utilization inside-vrf dualstack address-range 195.222.57.240 195.222.57.247

Thu Feb 13 16:50:58.379 CET

Public address pool utilization details

-------------------------------------------------------

NAT44 instance    : NAT44_1

VRF               : dualstack

-------------------------------------------------------

Outside             Number        Number

Address             of            of

                    Free ports    Used ports

-------------------------------------------------------

195.222.57.240      65535         0                  

195.222.57.244      65535         0                  

195.222.57.241      65535         0                  

195.222.57.245      65532         3                  

195.222.57.242      65535         0                  

195.222.57.246      65535         0                  

195.222.57.243      65535         0                  

195.222.57.247      65535         0                  

show cgn nat44 NAT44_1 pool-utilization inside-vrf ipoe address-range 195.222.57.233 195.222.57.238    

Thu Feb 13 16:51:21.399 CET

Sysdb datalist failed. Error: 'No such file or directory'

I also do not see any traffic on ServiceApp4, only on ServiceApp2.

service cgn CGN44

service-location preferred-active 0/0/CPU0

service-type nat44 NAT44_1

  portlimit 32000

  alg ActiveFTP

  alg rtsp

  alg pptpAlg

  inside-vrf ipoe

   map outside-vrf hsi outsideServiceApp ServiceApp4 address-pool 195.222.57.232/29

  !

  inside-vrf dualstack

   map outside-vrf hsi outsideServiceApp ServiceApp2 address-pool 195.222.57.240/29

_________________________

I still see this "no free ports available" error!

Feb 13 16:51:21.419 cgn/ma/show 0/RSP0/CPU0 t1  Function cgn_ma_edm_pool_util_datalist Line:3236 :Error No such file or directory

Feb 13 16:49:36.781 cgn/ma/show 0/RSP0/CPU0 t1  Function cgn_ma_edm_pool_util_datalist Line:3236 :Error No such file or directory

the 'warning' condition 'Could not send the configuration to active location'

Feb 13 16:46:03.584 cgn/ma/apply 0/RSP0/CPU0 t4  Function cgn_ma_nat44_cfg_send Line:806 :Error 'cgn' detected the 'warning' condition 'Could not send the configuration to standby location'

Feb 13 16:46:03.584 cgn/ma/apply 0/RSP0/CPU0 t4  Add VRF map-0x0e fail for CGN44 locn ACTIVE core 0x00 Error:0x4 CGN Error: No Free Ports Available reqmsg:in-vrf-id: '0x60000007', in-if-hdl: '0xf8a0', out-vrf-id: '0x60000002', out-if-hdl: '0x920', start-addr: '195.222.57.232', end-addr: '195.222.57.239'

Any idea?

Bronze

Here is the solution/workaround...thanks to Cisco TAC and Cisco developers.

Hardware programming was wrong on ISM card for VRF IPOE where both

ServiceApp3 and ServiceApp4 where programmed as Outside.

Normally App3 should be inside and App4 should be outside.

[root@localhost ~]# debugger -m 0xc0

Service I/F Configuration Details

Service I/F  UIDB (Peer) Application  Direction  VRF ID  I/F Handle  App Data IPv4 Address / IPv6 Address

--------------------------------------------------------------------------

--------------------------------

      Mgmt      0              NATIVE       N/A        0  0x00000000

0x0000   NIL / NIL

     Infra      8               INFRA       N/A        0  0x000003e0

0x0000   172.31.31.253 / NIL

      App1     12 ( 13)         NAT44    Inside       18  0x000008e0

0x0000   172.31.31.1 / NIL

      App2     13 ( 12)         NAT44   Outside       17  0x00000960

0x0000   172.31.31.5 / NIL

      App3     14               NAT44   Outside       22  0x000009e0

0x0000   172.31.31.9 / NIL  <---- WRONG

      App4     15               NAT44   Outside       17  0x00000920

0x0000   172.31.31.13 / NIL

//


Workaround:

=================

Restarting "cgn_ma" process resolved the problem.

Cisco is working on a fix for this issue.

I never tried to restart the proces because first inside VRF was always working. I reloaded the ISM three times.

A simple proces restart solves the problem

Cisco Employee

hey Smail, what I really appreciate in what you do is that you follow up with both thumbs up or down and provide solutions that come out of the Q&A. This is very beneficial for me, us and everyone involved.

So THANK you for your contributions and working with us!!

cheers

xander

Bronze

Well, I am glad that this issue is solved now.

I knew it's serious when I saw three developers in the webex session .

Now I know why we had this message: No Free Ports Available reqmsg:in-vrf-id: '0x60000007

And of course that I will update this thread so I can help others like they are helping me by sharing such information.

Bronze

Hi,

 

one question. 

Do you plan to add source based NAT? 

e.g. we match a subnet and this subnet is translated to a public pool 1

Second subnet is matched and translated to public pool 2.

 

For now we can do this with different inside VRF's, but this is not scalable.

And different customer will get an address from different pools (I am talking about BNG and RADIUS).

We have a service where we are routing some customers to SCE and later to Ironport (now WSA) for inspection and filtering.

 

I checked the config guide of 4.3.x and 5.1.x and could not find anything.

 

 

Cisco Employee

Hi,

An alternate solution exists to this requirement.

You still need to have one inside-VRF per map-pool or group of map-pools (in the future), that's true. But we can rely on ABF to push the traffic to one or another pool based on source addresses. You can have hundreds of access-list entries in your ABF, each one matching a source range and using a Next-Hop address in the proper VRF.

I don't know your particular needs, so you may have hundreds of translation pools and that's why you consider it non-scalable. But most of the customers I know are using a few ranges for translation (less than a dozen), so it's an acceptable effort to configure the inside-VRF. Then you can have super large ACL for your ABF pointing in these VRFs.

HTH,

N.

Bronze

Hi,

 

you are right about ABF. I had a conversation with our customer regarding ABF. We can use that, but in my opinion source based NAT, just like we are using it on regular IOS (matching ACL) whould be nice.

It makes things more simple to be honest.

 

Many thanks for the quick reply.