I think the original question asked by "Vvk" was regarding module capabilities. Seems that "spuluka" is showing how to see *current/live* sessions in an active network. But regarding how to see current sessions in a live network, I see the following on my MX104 in my lab. Granted, this is on an MX104 w/MS-MIC-16G and not an MX960, which is what "Vvk" is asking about, but this is CGNAT config regardless, so i wonder if this "show services stateful-firewall flows count" command is not a good way to see existing sessions... it isn't working in my case, however this command does work "show services flows count"
. I will be turning up a CGNAT test soon with an MX240 w/MS-MPC-128G and also an MX960 w/MS-MPC-128G in my lab, so I'll have more info on that later.
... does not work...
agould@lab-104> show services stateful-firewall flows count
Interface Service set Flow count
ms-0/0/0 cgn-sset 0
...does work...
agould@lab-104> show services flows count
Interface Service set Flow count
ms-0/0/0 cgn-sset 183
...more info about the question "Vvk" asked about MS-MPC capabilities...(I mention translation/session capabilities below, but throughput (gbps) is a whole other topic)
https://www.juniper.net/documentation/en_US/junos/topics/concept/nat-best-practices.html
The maximum NAT pool size for each slot on an MS-MPC is 256 IP addresses because each slot supports a maximum of 30 million sessions, or 15 million conversations, which require 15 million ports. A total of 15 million ports are available with 256 IP addresses, with each IP address having a port range of 1024-65535.
https://www.omnilink.com.ua/files/juniper-networks-o.prokofiev.pdf
...page 28 mentions 30 million flows per NPU on MS-MPC
one link mentions "slot" for 30 million sessions, and the other link so "NPU" 30 million flows...
like with a lot of things, we have to scale the language barrier...
session - ?
conversation - ?
flow - ?
slot - ?
npu ?
it seems confusing or contradictory. I mean, i understand a flow to be a one-way thing... and a session to be flow*2 pretty much... like if i have an active tcp session with a remote host, i have 1 session, but 2 flows, the session being the overall bidirectional communication tcp channel/session that i have, but that is made up of 2 flows, the flow from inside--->out, and the flow from outside--->in. see my lab mx104 and how the count of flows is 2x the amount of sessions
agould@lab-104> show services sessions count
Interface Service set Sessions count
ms-0/0/0 cgn-sset 20
agould@lab-104> show services flows count
Interface Service set Flow count
ms-0/0/0 cgn-sset 40