Routing
Highlighted
Routing

Deterministic NAT on MX + MS-MPC (CGNAT)

3 weeks ago

Hi,

 

In RFC7422 (on page 5 and 7) preset info about :

Dynamic address pool factor (D), to be added to the compression
      ratio in order to create an overflow address pool

Is there support for this feature (in addition to determinitic port allocation, be able to allocate dynamic port blocks) in Junos, and if so, in which version. My test on JunOS 17.3R3-S2.2 shows that this is not supported on this version JunOS.

 

Thank you in advance.

 

 

5 REPLIES 5
Highlighted
Routing
Solution
Accepted by topic author yury.yaroshevsky@gmail.com
2 weeks ago

Re: Deterministic NAT on MX + MS-MPC (CGNAT)

3 weeks ago

Hello,

Overflow NAT pool is not supported with JUNOS Deterministic NAT.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Deterministic NAT on MX + MS-MPC (CGNAT)

3 weeks ago

Hi Yury,

 

Can you please share how you verified the absence of the feature?

 

As of now, I could not find in the public documentation. But this feature must've been implemented is what I suppose.

 

Let me check more and share here if I find anything.

 

//Nex

Highlighted
Routing

Re: Deterministic NAT on MX + MS-MPC (CGNAT)

[ Edited ]
2 weeks ago

Very simple.
Configured a pool with a small number of ports in block (block-size = 32) :

 

pool NAT-POOL-2 {
    address-range low x.x.x.0 high x.x.x.255;
    port {
        automatic {
            random-allocation;
        }
        deterministic-port-block-allocation block-size 32 include-boundary-addresses;
    }
}

and tried initiate 40 sessions from the workstation (connection to a server behind  NAT).

 

> show services nat pool NAT-POOL-2 detail
Interface: ms-5/3/0, Service set: SS-NAT-2
  NAT pool: NAT-POOL-2, Translation type: DETERMINISTIC NAPT44
    Address range: x.x.x.160-x.x.x.x.251
    Configured port range: 1024-65535
    Port range: 1024-65535, Ports in use: 32, Out of port errors: 0
    Parity port errors: 0, Preserve Range errors: 0
    Max ports used: 32
    AP-P port allocation errors: 0, AP-P port limit allocation errors: 0
    Memory allocation errors: 0
    Max number of port blocks used: 1, Current number of port blocks in use: 1, Port block allocation errors: 0
    DetNAT subscriber exceeded port limits: 101
    Unique pool users: 0
    EIF Inbound session count: 0
    EIF Inbound session Limit exceeded drops: 0

 

It is very strange that a Juniper employee participated in the development of RFC7422, but the feature was never implemented. Of course I asked Olivier Vautrin, but so far I have not received an answer.

 

In general, this idea is a good one. Unfortunately, this feature is not implemented in Juniper. Smiley Sad

 

If it were possible to make a request in Juniper for the implementation of this functionality - it would be great.

 

Highlighted
Routing

Re: Deterministic NAT on MX + MS-MPC (CGNAT)

2 weeks ago

Thanks for the idea! When I first studied the documentation, I saw an option, but already forgot about it:

 

# set services nat rule NAT-RULE-2 term T1 then translated overload-pool ?
Possible completions:
  <overload-pool>      NAT pool to be used when source pool is overloaded
  NAT-POOL-1
  NAT-POOL-2
  NAT-POOL-exception

I will try it.

Highlighted
Routing

Re: Deterministic NAT on MX + MS-MPC (CGNAT)

2 weeks ago

Sorry, but overload-pool is a little different Smiley Sad

 

Apparently, the functionality I needed was never implemented by Juniper.