Nat Ip Pool Groups - Cisco ASR 5000 series Product Overview

Network Address Translation Overview
Maximum Users per NAT IP Address: Applicable only to many-to-one NAT IP pools. Specifies the maximum
number of subscribers sharing one NAT IP address. A maximum of 2016 subscribers can be configured per
NAT IP address.
Port Chunk Size: Applicable only to many-to-one NAT IP pools. Specifies the block size of contiguous ports to
be assigned to a many-to-one NAT subscriber. This number has to be divisible by 32 up to a maximum of
32,256.
Maximum Port-chunks per User: Applicable only to many-to-one NAT IP pools. Specifies the maximum number
of port-chunks allowed for an individual subscriber from the same NAT IP address. This will limit subscribers
from dominating all the available ports in a many-to-one NAT IP. A maximum of 2016 port-chunks can be
configured per subscriber.
Consider a case where a single TCP flow is active in a port-chunk. When this connection gets cleared, the TCP
NAT port goes to Time Wait state. Since it is the last flow of the port-chunk, the NAT Binding Timer also gets
started. Assume NAT Binding Timer >= TCP 2MSL Timer. Once the 2MSL Timer expires, the TCP port
would go to Free state. However, the NAT Binding Timer keeps running. On NAT Binding Timer expiry, the
port-chunk is deallocated. If this was the last port-chunk for that subscriber, the NAT IP address is also
deallocated along with this port-chunk.
In case NAT Binding Timer < TCP 2MSL Timer, at NAT Binding Timer expiry, the TCP port is forcefully
moved to Free state from Time Wait state and the port-chunk deallocated.
Port Chunk Thresholds: Applicable only to many-to-one NAT IP pools. Specifies threshold in terms of
percentage of allocated port-chunks against total port-chunks available. Once the threshold is reached, new
subscribers will not be allocated the same NAT IP address.
AAA Binding Update Message Required: Applicable only to one-to-one NAT IP pools. Enables AAA binding
messages for one-to-one NAT IP pools. This is not supported for many-to-one NAT IP pools.
Alert Thresholds: Threshold limits can be specified to trigger alarms for NAT IP pools for pool-used, pool-free,
pool-hold, and pool-release cases.
SRP-Activate: Applicable to both one-to-one and many-to-one NAT IP pools. When configured, the NAT IP
pool will become usable only when the SRP state is active.

NAT IP Pool Groups

Similar NAT IP pools can be grouped into NAT IP pool groups. This enables to bind discontiguous IP address blocks in
individual NAT IP pools to a single NAT IP pool group.
OL-22938-02
In one-to-one allocation, for a given NAT IP address, the NAT Binding Timer starts counting down
when there are no active flows using that NAT IP address. When the NAT Binding Timer expires, the
NAT IP address gets deallocated.
In many-to-one allocation, wherein subscribers are allocated port-chunks rather than individual ports, as
long as a port-chunk is allocated to a subscriber, all ports from that port-chunk are reserved for that
subscriber. When all flows using ports from that port-chunk get timed out/cleared, the NAT Binding
Timer starts counting down. If any new flows come up before the NAT Binding Timer expires, ports
are once again allocated from that port-chunk, and the NAT Binding Timer gets cancelled. As long as
there are active flows using the port-chunk it cannot be deallocated. But, if no new flows come and the
NAT Binding Timer expires, the port-chunk gets deallocated. In the case of on-demand NAT, if it is
the last port-chunk for the NAT IP address, on NAT Binding Timer expiry, the NAT IP address gets
deallocated along with the last port-chunk.
NAT Feature Overview ▀
Cisco ASR 5000 Series Product Overview ▄