Дорожная карта для Cisco Cisco Packet Data Gateway (PDG)
Network Address Translation Overview
▀ NAT Feature Overview
▄ Cisco ASR 5000 Series Product Overview
OL-22938-01
NAT Binding Timer
When all flows using ports from a particular port-chunk get timed out/cleared, the port-chunk gets freed. When the last
port of that port-chunk gets freed, the NAT Binding Timer starts counting. Before the NAT Binding Timer expires, if
any new flows come up, ports are reallocated from the port-chunk, and the timer gets cancelled. The port-chunk cannot
be deallocated as long as there are active flows using that port-chunk. But, if no new flows come and the NAT Binding
Timer expires, the port-chunk gets deallocated.
port of that port-chunk gets freed, the NAT Binding Timer starts counting. Before the NAT Binding Timer expires, if
any new flows come up, ports are reallocated from the port-chunk, and the timer gets cancelled. The port-chunk cannot
be deallocated as long as there are active flows using that port-chunk. But, if no new flows come and the NAT Binding
Timer expires, the port-chunk gets deallocated.
In case of not-on-demand pools, the additional port-chunks that were allocated on demand will be deallocated based on
the NAT binding timeout. However, the last port-chunk will not be deallocated even after the Binding Timer expires.
This last port-chunk will only be deallocated when the NAT IP address is deallocated from the subscriber.
the NAT binding timeout. However, the last port-chunk will not be deallocated even after the Binding Timer expires.
This last port-chunk will only be deallocated when the NAT IP address is deallocated from the subscriber.
In case of on-demand pools, the port-chunks are deallocated based on the NAT binding timeout. When the last port-
chunk gets freed, the NAT IP address also gets deallocated from the subscriber.
chunk gets freed, the NAT IP address also gets deallocated from the subscriber.
It is ensured that a port-chunk is associated with the subscriber as long as a valid NAT IP address is allocated to the
subscriber.
subscriber.
Subscriber Session Disconnect
When a subscriber disconnects, all port-chunks associated with that subscriber are freed.
If the NAT Binding Timer has not expired, the port-chunks will not be usable immediately, only on NAT Binding Timer
expiry will the port-chunks become available for new subscribers.
expiry will the port-chunks become available for new subscribers.
NAT IP Address/Port Allocation Failure
When a packet cannot be translated, the application can be notified by way of ICMP error messages, if configured.
Translation failures may be due to no NAT IP address or port being available for translation.
Translation failures may be due to no NAT IP address or port being available for translation.
Important:
In the case of P-GW, NAT IP Address/Port Allocation Failure notification is not applicable.
TCP 2MSL Timer
NAT does port management only for many-to-one pools. Hence, The TCP 2MSL timer is only available for many-to-
one NAT. It is necessary to ensure that a TCP NAT port in Time Wait state is not reused if there are other free ports
available for the subscriber. If such a reuse happens, then there is a possibility that connections might get terminated by
the server. To avoid such issues, whenever a many-to-one NAT TCP flow gets cleared, the NAT port goes to Time Wait
state (2MSL started for that port). Once 2MSL timer expires, the NAT port becomes usable. The 2MSL timer is started
for every TCP NAT port as soon as the TCP connection gets cleared. This ensures that a NAT TCP port gets reused
only after expiry of the configured TCP 2MSL timer.
one NAT. It is necessary to ensure that a TCP NAT port in Time Wait state is not reused if there are other free ports
available for the subscriber. If such a reuse happens, then there is a possibility that connections might get terminated by
the server. To avoid such issues, whenever a many-to-one NAT TCP flow gets cleared, the NAT port goes to Time Wait
state (2MSL started for that port). Once 2MSL timer expires, the NAT port becomes usable. The 2MSL timer is started
for every TCP NAT port as soon as the TCP connection gets cleared. This ensures that a NAT TCP port gets reused
only after expiry of the configured TCP 2MSL timer.
Consider a case where a single TCP flow is active in a port-chunk. When this connection gets cleared, the TCP NAT
port goes to Time Wait state. Since this is the last flow of the port-chunk, the NAT Binding Timer also gets started.
Assume NAT Binding timer >= TCP 2MSL timer. Once the 2MSL timer expires, the TCP port becomes usable.
However, the NAT Binding Timer keeps counting, and on expiry, the port-chunk is released.
port goes to Time Wait state. Since this is the last flow of the port-chunk, the NAT Binding Timer also gets started.
Assume NAT Binding timer >= TCP 2MSL timer. Once the 2MSL timer expires, the TCP port becomes usable.
However, the NAT Binding Timer keeps counting, and on expiry, the port-chunk is released.