SRX

last person joined: 13 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  how to calculate the total number of sessions supported for source nat pool with PAT on SRX1400

    Posted 12-01-2015 01:50

    in KB13427 says below 

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB13427&actp=search&viewlocale=en_US&searchid=1236027318581

    my quesiton is

    1. the way that calculate the total number that device can supoort  mentioned in KB13427 can only be used in  SRX5600/5800 with 2 SPCs , or it can be used in SRX 1400 ,and other SRX serial with 1 SPC, is there any different between 2 SPCs and 1SPC when calculate this ?

    2.if cannot ,  how to calculate  the total number of sessions supported for source nat pool with PAT on SRX1400.

    3. the command that mention in KB13427 ,

    how to vty onto SPU on SRX1400  and use command 

    show usp nat source-pool statistics
    show usp nat source-pool id 4 detail

    4. why for HA mode,the numpber of possible translation is less than no-HA mode. 

     

     

    Environment: SRX 5600/5800 with 2 Service Processing Cards (SPC) configured with 3 IPs within its source NAT pool with PAT. What is the limit on total amount of sessions seen on the box?

    According to the implementation, It is supposed that for one pool with only one IP the number of possible translation is about 64k in non-HA mode. For HA mode, it is about 32k.  (Note: 64k does not mean 65536, but 62464 sessions due to twin ports reserved for ALG).

    The maximum number of NAT Source Addresses per Pool is 2000.

    In this example, there are 3 addresses in the nat-pool. The total NAT'd session should be 3*64k in non-HA mode and 3*32K in HA mode.

    Relevant command outputs on SRX:

    vty onto SPU which has role of CP:
    show usp nat source-pool statistics
    show usp nat source-pool id 4 detail


  • 2.  RE: how to calculate the total number of sessions supported for source nat pool with PAT on SRX1400
    Best Answer

     
    Posted 12-01-2015 02:11

    1. the way that calculate the total number that device can supoort  mentioned in KB13427 can only be used in  SRX5600/5800 with 2 SPCs , or it can be used in SRX 1400 ,and other SRX serial with 1 SPC, is there any different between 2 SPCs and 1SPC when calculate this ?

     

    KB13427, is requesting to collect the outputs from CP. Irrespective of the number of SPCs, there will be only one CP. So this command is valid for all platforms

     

    2.if cannot ,  how to calculate  the total number of sessions supported for source nat pool with PAT on SRX1400.

     

    Same as 1

     

    3. the command that mention in KB13427 ,

    how to vty onto SPU on SRX1400  and use command 

    show usp nat source-pool statistics
    show usp nat source-pool id 4 detail

     

    srx>start shell user root

    srx%vty fpc1.pic0   ----> if cluster use node0.fpc1.pic0 or node1.fpc1.pic0

     

    4. why for HA mode,the numpber of possible translation is less than no-HA mode. 

     

    Because NAT pools are shared between both nodes (Active/Active) setup.



  • 3.  RE: how to calculate the total number of sessions supported for source nat pool with PAT on SRX1400

    Posted 12-01-2015 02:56

    thank you very much for you answer , helps me a lot 



  • 4.  RE: how to calculate the total number of sessions supported for source nat pool with PAT on SRX1400

    Posted 12-03-2015 05:23

    is there any way to expand the session number one public ip can support in source nat ?