Cisco Cisco Packet Data Gateway (PDG) Documentation Roadmaps
Network Address Translation Overview
▀ NAT Feature Overview
▄ Cisco ASR 5000 Series Product Overview
OL-22938-01
In case of many-to-one NAT, it is possible to specify port-chunks usage threshold per NAT IP pool. This threshold
value is applicable to all many-to-one NAT IP pools across the system. However, note that alarms are only generated for
the first 100 many-to-one NAT IP pools from an alphabetical list of all NAT IP pools.
value is applicable to all many-to-one NAT IP pools across the system. However, note that alarms are only generated for
the first 100 many-to-one NAT IP pools from an alphabetical list of all NAT IP pools.
Session Recovery and ICSR
In session recovery, as part of the Private IP assigned to the subscriber:
The public IP address used for the subscriber is recovered. The NAT IP address being used by the subscriber can
be on-demand or not-on-demand. In case of many-to-one NAT, the port-chunks associated with the NAT IP
address for the subscriber needs to check-pointed as well.
address for the subscriber needs to check-pointed as well.
In case Bypass NAT feature is used, then the private IP flow needs to be recovered.
To be recovered the NAT IP addresses need to be checkpointed. The checkpointing can be:
Full Checkpoint
Micro Checkpoint
To recover the bypass NAT flow, the bypass flow needs to be checkpointed. The checkpointing of Bypass NAT flow
can be:
can be:
Full Checkpoint
Micro Checkpoint
In case of not-on-demand, the NAT IP address being used by the subscriber is known after call setup. This gets
checkpointed as part of the normal full checkpoint. In case of on-demand NAT, the NAT IP address being used by the
subscriber is known only in the data-path. This will be checkpointed as part of micro checkpoint.
checkpointed as part of the normal full checkpoint. In case of on-demand NAT, the NAT IP address being used by the
subscriber is known only in the data-path. This will be checkpointed as part of micro checkpoint.
In case of many-to-one NAT, the port-chunks being used will always be checkpointed as part of micro checkpoint.
In case of bypass NAT flow, in most cases the flow gets checkpointed as part of micro checkpoint.
Any information that is checkpointed as part of full checkpoint is always recovered. Data checkpointed through micro
checkpoint cannot be guaranteed to be recovered. The timing of switchover plays a role for recovery of data done
through micro checkpoint. If failover happens after micro checkpoint is completed, then the micro checkpointed data
will get recovered. If failover happens during micro checkpoint, then the data recovered will be the one obtained from
full checkpoint.
checkpoint cannot be guaranteed to be recovered. The timing of switchover plays a role for recovery of data done
through micro checkpoint. If failover happens after micro checkpoint is completed, then the micro checkpointed data
will get recovered. If failover happens during micro checkpoint, then the data recovered will be the one obtained from
full checkpoint.
Once NAT IP/and Port-Chunks/Bypass NAT flow are recovered, the following holds good:
One-to-one NAT: Since NAT IP address being used for one-to-one NAT is recovered, on-going flows will be
recovered as part of Firewall Flow Recovery algorithm as one-to-one NAT does not change the port.
Many-to-one NAT: On-going flows will not be recovered as the port numbers being used for flows across
chassis peers/SessMgr peers are not preserved.
Bypass NAT Flow: On-going flows will be recovered as part of Firewall Flow Recovery algorithm.
All of the above items is applicable for ICSR as well.