SRX

Hello,

I have SRX5600 running 11.4R7.5. when I tried to modify in NAT pool config, commit the change, I noticed high CPU, OSPF neighbor down, and zero dynamic routes in routing table.

Seems the committed change has an impact.

Does the change in NAT pool affect the existing session, or just new sessions? And is there any way to force it affecting the new sessions only in case if take place immediately after commit the change?

Thanks,

Dear 

The NAT change (rule or pool) should affect only the concerned sessions and nothing else , if it does affect routing protocols or other sessions which are not related to changed NAT rule or pool , you should check this issue with JTAC or check release notes , you may found it as known issue in specific release.

Regards

Red1

Thanks Red1 for clarification.

I understand that it will affect only the related sessions, but is it scan the existing sessions or new sessions only?

Noting that polocy-rematch not configured.

Thanks,

it will tear down the affected sessions by the committed change

Regards

Red1 

Got it, so this NAT change will impact the CPU if huge number of session exist in session table.

This is what happened I guess, as this change consumed the CPU to scan all SPC for existing sessions, which lead to buffer the OSPF messages and being not proceeded till the dead-interval timer hitter, and this cause lost of OSPF neighboreship, hence the routes which has an invalid next-hope now.

Thanks for support,