3. Status¶
3.1. State¶
To review the CG-NAT state, use the following command.
vrouter> show state / vrf main cg-nat
cg-nat
enabled true
pool mypool
address 32.96.119.0-32.96.119.255
block-size 256
port-range 1024 65535
..
rule 1
match
source
ipv4-address 100.64.0.0/10
..
outbound-interface wan
..
translate-to
pool-name mypool
max-conntracks-per-user 0
max-blocks-per-user 2
active-block-timeout 0
user-timeout 120
port-algo parity
endpoint-mapping independent
endpoint-filtering independent
hairpinning false
algo stateful-nat44
..
..
conntrack
behavior tcp-window-check enabled true
behavior tcp-rst-strict-order enabled true
timeouts
icmp closed 0
icmp new 30
icmp established 60
udp closed 0
udp new 30
udp established 120
gre-pptp closed 0
gre-pptp new 600
gre-pptp established 18000
tcp syn-sent 30
tcp simsyn-sent 30
tcp syn-received 60
tcp established 7440
tcp fin-sent 120
tcp fin-received 120
tcp close-wait 60
tcp fin-wait 120
tcp last-ack 30
tcp time-wait 120
tcp closed 10
..
nat64
option update-tcp-mss true
option force-frag-ipv4 false
option force-frag-ipv6 false
option drop-udp-zero-checksum true
mtu lowest-ipv6 0
..
..
logging
enabled false
..
..
3.2. Statistics¶
To display the CG-NAT statistics, the following command can be used.
vrouter> show cg-nat statistics
Packets passed:
0 default pass
33317355 ruleset pass
260836153 state pass
Packets blocked:
0 default block
0 ruleset block
Hairpining Stats:
0 hairpin packets
0 loop-hairpin drop
0 self-hairpin drop
State and NAT entries:
33077173 state allocations
0 state reverse
39496338 state destructions
0 state allocation failures
9726101 NAT entry allocations
13127681 NAT entry destructions
0 NAT entry allocation failures
0 NAT port allocation failures
CGNat entries:
0 USER allocations
20000 USER destructions
0 USER allocation failures
120000 Block allocations
180000 Block destructions
0 Block allocation failures
0 No IP Public
0 Full IP Public
NAT64 Stats:
0 udp null checksum packet drops
Invalid packet state cases:
1310 cases in total
1310 TCP case invalid first packet
0 TCP case RST
1310 TCP case invalid transition
0 TCP case I
0 TCP case II
0 TCP case III
Packet race cases:
0 USER association race
0 USER creation race
0 NAT association race
0 duplicate state race
State/NAT/BLOCK/USER allocation statistics increase when the vRouter processes traffic properly.
3.3. Listing users¶
The following command can be used to list the current users of the CG-NAT.
vrouter> show cg-nat user rule-id 1
100.64.0.1 -> 32.96.119.54
1/2 tcp blocks, 0/2 udp blocks, 0/2 icmp blocks, 0/2 gre blocks
0 no port errors, 0 no block errors, 0 full public ip errors
For each user, we can see how many port blocks are used.
The different possible errors are:
no port: A new session has been rejected because no ports were available in the active block.
no block: A new session has been rejected because no blocks are available in the block memory pool.
full public IP: A new session has been rejected because the public IP allocated to this user doesn’t have any more blocks available.