Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  Deterministic NAT on MX + MS-MPC (CGNAT)

    Posted 06-23-2020 03:57

    Hi,

     

    In RFC7422 (on page 5 and 7) preset info about :

    Dynamic address pool factor (D), to be added to the compression
      ratio in order to create an overflow address pool

    Is there support for this feature (in addition to determinitic port allocation, be able to allocate dynamic port blocks) in Junos, and if so, in which version. My test on JunOS 17.3R3-S2.2 shows that this is not supported on this version JunOS.

     

    Thank you in advance.

     

     



  • 2.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)
    Best Answer

    Posted 06-23-2020 04:56

    Hello,

    Overflow NAT pool is not supported with JUNOS Deterministic NAT.

    HTH

    Thx

    Alex



  • 3.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)

    Posted 06-23-2020 09:43

    Thanks for the idea! When I first studied the documentation, I saw an option, but already forgot about it:

     

    # set services nat rule NAT-RULE-2 term T1 then translated overload-pool ?
Possible completions:
  <overload-pool>      NAT pool to be used when source pool is overloaded
  NAT-POOL-1
  NAT-POOL-2
  NAT-POOL-exception

    I will try it.



  • 4.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)

    Posted 06-24-2020 01:58

    Sorry, but overload-pool is a little different 😞

     

    Apparently, the functionality I needed was never implemented by Juniper.

     



  • 5.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)

     
    Posted 06-23-2020 05:01

    Hi Yury,

     

    Can you please share how you verified the absence of the feature?

     

    As of now, I could not find in the public documentation. But this feature must've been implemented is what I suppose.

     

    Let me check more and share here if I find anything.

     

    //Nex



  • 6.  RE: Deterministic NAT on MX + MS-MPC (CGNAT)

    Posted 06-23-2020 09:31

    Very simple.
    Configured a pool with a small number of ports in block (block-size = 32) :

     

    pool NAT-POOL-2 {
    address-range low x.x.x.0 high x.x.x.255;
    port {
        automatic {
            random-allocation;
        }
        deterministic-port-block-allocation block-size 32 include-boundary-addresses;
    }
}

    and tried initiate 40 sessions from the workstation (connection to a server behind  NAT).

     

    > show services nat pool NAT-POOL-2 detail
Interface: ms-5/3/0, Service set: SS-NAT-2
  NAT pool: NAT-POOL-2, Translation type: DETERMINISTIC NAPT44
    Address range: x.x.x.160-x.x.x.x.251
    Configured port range: 1024-65535
    Port range: 1024-65535, Ports in use: 32, Out of port errors: 0
    Parity port errors: 0, Preserve Range errors: 0
    Max ports used: 32
    AP-P port allocation errors: 0, AP-P port limit allocation errors: 0
    Memory allocation errors: 0
    Max number of port blocks used: 1, Current number of port blocks in use: 1, Port block allocation errors: 0
    DetNAT subscriber exceeded port limits: 101
    Unique pool users: 0
    EIF Inbound session count: 0
    EIF Inbound session Limit exceeded drops: 0

     

    It is very strange that a Juniper employee participated in the development of RFC7422, but the feature was never implemented. Of course I asked Olivier Vautrin, but so far I have not received an answer.

     

    In general, this idea is a good one. Unfortunately, this feature is not implemented in Juniper. 😞

     

    If it were possible to make a request in Juniper for the implementation of this functionality - it would be great.