Very simple.
Configured a pool with a small number of ports in block (block-size = 32) :
pool NAT-POOL-2 {
address-range low x.x.x.0 high x.x.x.255;
port {
automatic {
random-allocation;
}
deterministic-port-block-allocation block-size 32 include-boundary-addresses;
}
}
and tried initiate 40 sessions from the workstation (connection to a server behind NAT).
> show services nat pool NAT-POOL-2 detail
Interface: ms-5/3/0, Service set: SS-NAT-2
NAT pool: NAT-POOL-2, Translation type: DETERMINISTIC NAPT44
Address range: x.x.x.160-x.x.x.x.251
Configured port range: 1024-65535
Port range: 1024-65535, Ports in use: 32, Out of port errors: 0
Parity port errors: 0, Preserve Range errors: 0
Max ports used: 32
AP-P port allocation errors: 0, AP-P port limit allocation errors: 0
Memory allocation errors: 0
Max number of port blocks used: 1, Current number of port blocks in use: 1, Port block allocation errors: 0
DetNAT subscriber exceeded port limits: 101
Unique pool users: 0
EIF Inbound session count: 0
EIF Inbound session Limit exceeded drops: 0
It is very strange that a Juniper employee participated in the development of RFC7422, but the feature was never implemented. Of course I asked Olivier Vautrin, but so far I have not received an answer.
In general, this idea is a good one. Unfortunately, this feature is not implemented in Juniper. 😞
If it were possible to make a request in Juniper for the implementation of this functionality - it would be great.