Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ASR 9000 ISM No translation entry drops

Hi all!!

We set up ISM on ASR 9000 in nat44 mode. All works fine, but No translation entry drops grows as I can see in

sh cgn nat44 NAT1 statistics

Can you explain me why does it happens and which troubles will I expect?

Or may be there is a way to avoid these drops....


service cgn CGN1

service-location preferred-active 0/7/CPU0

service-type nat44 NAT1

  portlimit 5000

  alg ActiveFTP

  inside-vrf insidevrf1

   map outsideServiceApp ServiceApp2 address-pool x.x.x.x/25

   external-logging netflow version 9

    server

     address 10.11.13.28 port 9996

sh cgn nat44 NAT1 statistics

Statistics summary of NAT44 instance: 'NAT1'

Number of active translations: 11016

Number of sessions: 650

Translations create rate: 47

Translations delete rate: 0

Inside to outside forward rate: 1122

Outside to inside forward rate: 1595

Inside to outside drops port limit exceeded: 0

Inside to outside drops system limit reached: 0

Inside to outside drops resource depletion: 0

No translation entry drops: 15579

PPTP active tunnels: 0

PPTP active channels: 0

PPTP ctrl message drops: 0

Number of subscribers: 1726

Drops due to session db limit exceeded: 0

Drops due to source ip not configured: 0

Pool address totally free: 0

Pool address used: 128

2 REPLIES
Cisco Employee

ASR 9000 ISM No translation entry drops

Hi Andrew,

This counter indicates:

Number of times Outside-to-Inside packets (TCP + UDP + ICMP, Static + Dynamic) dropped because there is no NAT DB entry corresponding to the Destination IP and L4 Port.

Please check your static route and ensure only the packets with destination address matching with public IP pool is sent to outside service app interface.

Alternatively, some of those entries could be timed out as well so when the O2I packets reach, it does not find a NAT DB entry and gets dropped.

You can refer the following guides as well to check out some other relevant commands (like, 'show .. outside-translations'):

Config guide - http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/cg_nat/configuration/guide/cgnat_43.html

Command Ref guide - http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/cg_nat/command/reference/b_cgnat_cr43xasr9k.html

regards,

Somnath.

ASR 9000 ISM No translation entry drops

Hi Somnath!

May be these drops appears because of small sesion timeout of port translations?

I.e. translation is already closed but traffic from internet still comes to it.

All timeout values are default.

552
Views
0
Helpful
2
Replies
CreatePlease to create content