SRX Services Gateway
Highlighted
SRX Services Gateway

how to calculate the total number of sessions supported for source nat pool with PAT on SRX1400

‎12-01-2015 01:49 AM

in KB13427 says below 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB13427&actp=search&viewlocale=en_US&searchid...

my quesiton is

1. the way that calculate the total number that device can supoort  mentioned in KB13427 can only be used in  SRX5600/5800 with 2 SPCs , or it can be used in SRX 1400 ,and other SRX serial with 1 SPC, is there any different between 2 SPCs and 1SPC when calculate this ?

2.if cannot ,  how to calculate  the total number of sessions supported for source nat pool with PAT on SRX1400.

3. the command that mention in KB13427 ,

how to vty onto SPU on SRX1400  and use command 

show usp nat source-pool statistics
show usp nat source-pool id 4 detail

4. why for HA mode,the numpber of possible translation is less than no-HA mode. 

 

 

Environment: SRX 5600/5800 with 2 Service Processing Cards (SPC) configured with 3 IPs within its source NAT pool with PAT. What is the limit on total amount of sessions seen on the box?

According to the implementation, It is supposed that for one pool with only one IP the number of possible translation is about 64k in non-HA mode. For HA mode, it is about 32k.  (Note: 64k does not mean 65536, but 62464 sessions due to twin ports reserved for ALG).

The maximum number of NAT Source Addresses per Pool is 2000.

In this example, there are 3 addresses in the nat-pool. The total NAT'd session should be 3*64k in non-HA mode and 3*32K in HA mode.

Relevant command outputs on SRX:

vty onto SPU which has role of CP:
show usp nat source-pool statistics
show usp nat source-pool id 4 detail
3 REPLIES 3
Highlighted
SRX Services Gateway
Solution
Accepted by topic author caulfiedd@live.cn
‎12-01-2015 02:55 AM

Re: how to calculate the total number of sessions supported for source nat pool with PAT on SRX1400

‎12-01-2015 02:10 AM

1. the way that calculate the total number that device can supoort  mentioned in KB13427 can only be used in  SRX5600/5800 with 2 SPCs , or it can be used in SRX 1400 ,and other SRX serial with 1 SPC, is there any different between 2 SPCs and 1SPC when calculate this ?

 

KB13427, is requesting to collect the outputs from CP. Irrespective of the number of SPCs, there will be only one CP. So this command is valid for all platforms

 

2.if cannot ,  how to calculate  the total number of sessions supported for source nat pool with PAT on SRX1400.

 

Same as 1

 

3. the command that mention in KB13427 ,

how to vty onto SPU on SRX1400  and use command 

show usp nat source-pool statistics
show usp nat source-pool id 4 detail

 

srx>start shell user root

srx%vty fpc1.pic0   ----> if cluster use node0.fpc1.pic0 or node1.fpc1.pic0

 

4. why for HA mode,the numpber of possible translation is less than no-HA mode. 

 

Because NAT pools are shared between both nodes (Active/Active) setup.

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: how to calculate the total number of sessions supported for source nat pool with PAT on SRX1400

‎12-01-2015 02:56 AM

thank you very much for you answer , helps me a lot 

Highlighted
SRX Services Gateway

Re: how to calculate the total number of sessions supported for source nat pool with PAT on SRX1400

‎12-03-2015 05:22 AM

is there any way to expand the session number one public ip can support in source nat ?

Feedback