NAT Port Chunk Hold Timer Support

Feature Summary and Revision History

Summary Data

Applicable Product(s) or Functional Area

P-GW

Applicable Platform(s)

  • ASR 5500

  • VPC-DI

  • VPC-SI

Feature Default

Disabled - Configuration Required

Related Changes in This Release

Not Applicable

Related Documentation

  • P-GW Administration Guide

  • Command Line Interface Reference

  • Statistics and Counters Reference

Revision History

Revision Details

Release

First introduced.

21.28.m10

Feature Description

With the availability of the NAT Port Chunk Hold Timer feature in P-GW , a port chunk hold timer can be configured for many-to-one NAT IP Pools. When the last port from a port chunk is released, the chunk is moved from Used to Hold state and the Port Chunk Hold Timer is started. On the expiry of the Port Chunk Hold Timer, the port chunk is released and is made available for new sessions. If any packet is received that results into the port chunk being reused before the expiry of the Port Chunk Hold Timer then the port Chunk Hold Timer is stopped and a port from that port chunk is allocated.

Port chunk can be released in the following ways:

  • When the last flow of the last port in the port chunk becomes idle due to timeout, the port chunk hold timer starts, and upon expiry of the port chunk hold timer, the port chunk is released.

  • When a Subscriber is disconnected.

Release of a NAT IP happens after expiry of NAT Binding timer. This behavior remains same, irrespective of the Port Chunk Hold Timer feature.

How it Works

The following table summarizes the triggering of various timers for a single last flow using a Port chunk.

Table 1. Corresponding Timers in Seconds
Seconds Timer

a

UDP idle timeout

b

TCP idle timeout

c

NAT Binding timeout

d

Mapping timeout

e

Port chunk hold timeout

Table 2. Triggers for Releasing NAT Port, Port Chunk, and NAT IP
Last Flow Protocol in the NAT Port Chunk Release of NAT Port (NAT mapping) to the Chunk Release of Port Chunk (when port-chunk-hold-timer is enabled) Release of NAT IP from the REALM
UDP Released after idle timeout of a seconds + Mapping timeout of "d" seconds

Release after the expiry of Port chunk hold timeout in "e" seconds (port chunk hold timer started after last NAT port release of the chunk)

Total time to release the port chunk from the point when the UDP flow became inactive is (a + d + e) seconds

 Released after NAT binding timer expiry
TCP (graceful) In case TCP flow is closed upon receiving RST/FIN, then the NAT port is released after the flow is cleared. But the port is reusable for the configured NAT 2MSL timeout.

Released after the expiry of Port chunk hold timeout in "e" seconds (port chunk hold timer started after the last NAT port release of the chunk).

2 MSL and port chunk timer run in parallel. If 2MSL is > Port chunk hold timeout, then port is forced to Free state and port chunk is released.

Total time to release port chunk after the last TCP flow gets cleared in Port chunk hold timeout "e" seconds.

 Released after NAT binding timer expiry
TCP (open) No FIN/RST sent; upon expiration of idle-timeout of "b" seconds + Mapping timeout of "d" seconds

Release after expiry of Port chunk hold timeout in "e" seconds (port chunk hold timer started after the last NAT port release of the chunk)

Total time to release the port chunk from the point when the TCP flow became inactive is (b + d + e) seconds

 Released after NAT binding timer expiry

Configuring Port Chunk Hold Timer

Use the following configuration to decouple NAT binding timer and port chunk hold timer separately.

The port chunk hold timer configuration applies to all NAT IP address in the NAT IP pool. 

configure 
   context context_name 
      ip pool nat_pool_name { ip_address subnet_mask | ip_address/mask> | range from_ip_address to_ip_address  } 
      napt-users-per-ip-address users [ alert-threshold [ { pool-free | pool-hold | pool-release | pool-used } low_thresh [ clear high_thresh ] + ] 
      [ max-chunks-per-user chunks] [ nat-binding-timer binding_timer [ port-chunk-hold-timer port-chunk-hold-timeout ] ] 
      [ on-demand ] [ port-chunk-size size ] [ port-chunk-threshold threshold ] [ send-nat-binding-update ] [ srp-activate ] + ]

NOTES:

  • port-chunk-hold-timer [ port-chunk-hold-timeout ] : Configures timeout in seconds after which a freed port chunk can be reused in a NAPT IP pool. If either the value is set to 0 or this is not configured, then to maintain backward compatibility, port chunks are released based on the nat-binding-timer . The minimum value is 0 and the maximum value is 31556926. By default, the Port Chunk Hold Timer is disabled. You can enable the Port Chunk Hold Timer again with a nonzero value but less than a NAT binding timer value.


    Note

    • It is recommended to configure a NAT binding timer value while enabling the port chunk hold timer feature.

    • If you disable the nat-binding-timer and configure the port-chunk-hold timer , the NAT IP address will not be freed, and all NAT port chunks will be released after the port-chunk-hold timer expires.

    • Specify only lesser value for the port-chunk-hold timer than the NAT binding timeout value. If the port chunk hold timeout value is configured higher than the NAT binding timeout, the following CLI error appears. 

      “Failure: NAT port chunk hold timer must be less than NAT binding timer.”

    • Do not configure lesser than 2MSL as the port chunk hold timer.

    • Since Port Chunk Hold Timer value is lower than NAT Binding Timer, use of this feature will result into increased number of NAT Binding Records (NBR). Setting too low a value of this timer results into a high number of NBRs. While actual value depends on traffic profile of the subscribers, keeping a value of 300 seconds for Port Chunk Hold Timer when NAT Binding Timer is 1800 seconds should be acceptable for most deployments.

Modifying Port Chunk Hold Timer

Use the following configuration to modify a port chunk hold timer.

configure 
   context context_name 
      ip pool nat_pool_name [ nat-binding-timer binding_timer  port-chunk-hold-timer port_chunk_hold_timeout  ] 
   exit

NOTES:

  • nat-binding-timer binding_timer port-chunk-hold-timer port_chunk_hold_timeout : Specify a Port chunk hold timeout for modifying port chunk hold timer for the ip pool. As soon as the port chunk hold timer is modified for the ip pool, the new Port Chunk Timer uses the modified value for all subscribers.

Sample Configuration

The following configuration is a sample output.

[local]qvpc-si# configure 
[local]qvpc-si(config)# context egress
[egress]qvpc-si(config-ctx)# ip pool pgw_nat_ps_int01 97.36.232.0 255.255.255.252 napt-users-per-ip-address 2 group-name pgw_nat_ps_int alert-threshold pool-free 20 clear 25 on-demand max-chunks-per-user 1 port-chunk-size 32256 nat-binding-timer 600  port-chunk-hold-timer 300

Downgrade Process

We recommend reconfiguring the ip pool CLI with the exclusion of the port-chunk-hold-timer CLI keyword because if you save the configuration with the port-chunk-hold-timer CLI keyword and downgrade when you reload with the same configuration file in the downgraded image, then the entire ip pool CLI gets ignored.

Monitoring and Troubleshooting

This section provides information to monitor and troubleshoot this feature using show commands and Bulk Statitics.

Show Commands and/or Outputs

This section provides information about the show CLI commands that are available in support of the feature.

show configuration

Use this show configuration CLI command to view the following field that is available in support of Port chunk Timer behaviour for many-to-one NAT feature:

  • port-chunk-hold-timer : Displays timeout in seconds after which a freed port chunk can be reused in a NAPT IP pool.

Sample Output

[local]qvpc-si# show configuration 
Config
  context egress 
    ip pool ipv4-private 10.0.0.1 255.255.0.0 private 0 srp-activate group-name int41 alert-threshold group-available 20 clear 25
    ip pool ipv4-static 11.0.0.1 255.255.0.0 static
    ip pool pgw_nat_ps_int01 97.36.232.0 255.255.255.252 napt-users-per-ip-address 2 group-name pgw_nat_ps_int alert-threshold pool-free 20 clear 25 on-demand port-chunk-size 32256 nat-binding-timer 600 port-chunk-hold-timer 300
  exit

show ip pool nat-realm

Use this show ip pool nat-realm CLI command to view the following field that is available in support of Port chunk Timer behaviour for many-to-one NAT feature:

  • Port-chunk-hold-Timer in seconds : Displays timeout in seconds after which a freed port chunk can be reused in a NAPT IP pool.

Sample output: 


show ip pool nat-realm 
      Group: pgw_nat_ps_int
           Pool: pgw_nat_ps_int01       97.36.232.0      255.255.255.252 
           Pool Status:       Good
           Pool Id: 3         
              Type:            NAPT                    Priority:   0        
              Group:                                   pgw_nat_ps_int
                 Used:            0                     Free:       2                              
                 Hold:            0                     Released:   0         
                 Limit Exceeded:  0                     Total Alloc Req: 0    
                 Total Rel Req:   2         
                    Recovered Alloc Req: 0          Alloc Req by Group:  2         
        User-Plane Id: N/A
        Virtual-FE Id: N/A
        User-Plane Id: N/A
        Virtual-FE Id: N/A
        Vdu group name:
           Number of Users Per-IP: 2
           IP Sharing: Disabled
           Shared IP Size: n/a
           Allocation Mode: On-Demand 
           Port Chunk Size: 32256
           Port Chunk Threshold: 100
           Maximum Number of Chunks per User: 1
           Minimum Number of Chunks per User: 0
           Nat-Binding-Timer: 600                                                                                          
           Send-Nat-Binding-Update: Disabled  
           Nexthop Forwarding Address: Disabled       
              Pool-Free Threshold:  20%                         Clear:  25%
              Pool-Used Threshold: Disabled                     Clear: Disabled
              Pool-Release Threshold: Disabled                  Clear: Disabled
              Pool-Hold Threshold: Disabled                     Clear: Disabled
              cip-local-pool-used Threshold: Disabled           Clear: Disabled
              cip-local-pool-in-use-addr Threshold: Disabled    Clear: Disabled
              Include-Network-Broadcast-Address: Disabled
              Port-chunk-hold-Timer in seconds: 300      
                   Group Summary:
                   Group Used:                         0
                   Group Free:                         2
                   Group Hold:                         0
                   Group Quarantine:                   0
                   Group Released:                     0
                   Group Effective Alarm Threshold %: Disabled
                   Group Effective Clear Threshold %: Disabled
                   Group Current Usage %:             0.00%
                   Group Status:                      Good

show active-charging nat statistics

The show active-charging nat statistics displays the following output. 

[local]qvpc-si# show active-charging nat statistics 
Thursday March 09 23:30:21 EST 2023
NAT Realm Utilization:
---------------------
Realm Name:               pgw_nat_ps_int  Context:                        egress
Current IP Address-In-Use:           n/a  Total IP Address:                    2
Current Calls Using-Realm:           n/a  Current Port-Chunks Available:     n/a
Current Port-Chunks-In-Use:          n/a  Total Port-Chunks:                   4
Current Port-Chunks-On-hold     :    n/a
Port-Chunk size:                     n/a
Statistics:
  Total AAA alloc msgs sent:           0  Total AAA dealloc msgs sent:         0
  Total flows denied no IP:            0  Total flows denied no port:          0
  NAT44 flows denied no IP:            0  NAT44 flows denied no port:          0
  NAT64 flows denied no IP:            0  NAT64 flows denied no port:          0
  Total flows denied no memory:        0
  NAT44 flows denied no memory:        0  NAT64 flows denied no memory:        0
  Total bytes Transferred:             0  Total flows processed:               0
  NAT44 bytes Transferred:             0  NAT44 flows processed:               0
  NAT64 bytes Transferred:             0  NAT64 flows processed:               0
  Average TCP port usage:              0  Average UDP port usage:              0
  Average Others port usage:           0

Realm Name:             pgw_nat_ps_int01  Context:                        egress
Current IP Address-In-Use:             1  Total IP Address:                    2
Current Calls Using-Realm:             0  Current Port-Chunks Available:       3
Current Port-Chunks-In-Use:            0  Total Port-Chunks:                   4
Current Port-Chunks-On-hold     :      1
Total Reserved Port-Chunks:                                                    0
Current Reserved Port-Chunks-In-Use:                                           0
Current Available Reserved Port-Chunks:                                        0
Port-Chunk size:                   32256
Statistics:
  Total AAA alloc msgs sent:           0  Total AAA dealloc msgs sent:         0
  Total flows denied no IP:            0  Total flows denied no port:          0
  NAT44 flows denied no IP:            0  NAT44 flows denied no port:          0
  NAT64 flows denied no IP:            0  NAT64 flows denied no port:          0
  Total flows denied no memory:        0
  NAT44 flows denied no memory:        0  NAT64 flows denied no memory:        0
  Total bytes Transferred:            84  Total flows processed:               1
  NAT44 bytes Transferred:            84  NAT44 flows processed:               1
  NAT64 bytes Transferred:             0  NAT64 flows processed:               0
  Average TCP port usage:              0  Average UDP port usage:              1
  Average Others port usage:           0

Port-Chunks distribution:
Max no.of chunks used   Total no.of subscribers   Current no.of subscribers 
---------------------   -----------------------   ------------------------- 
         1                         1                          1

Ports distribution:
Max no. of ports used   Total no. of subscribers 
---------------------   -----------------------------------  
         [0-8]                         1

Total Realms: 2

Bulk Statistics

This section provides information on the bulk statistics schema.

NAT Realm Schema

The NAT Realm schema provides operational statistics that can be used for monitoring and troubleshooting the NAT Port chunk hold timer feature.

Table 3. Bulk Statistic Variables in the NAT Realm Schema
Variables Description

nat-rlm-port-chunks-on-hold

The total number of port chunks on hold, which are collected per context and for each realm