Всем доброго дня, коллеги!
Имеем Cisco ASR-1001 со странным поведением
Cisco IOS XE Software, Version 03.13.10.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(3)S10, RELEASE SOFTWARE (fc1)
BGP FW с двумя провайдерами.
С недавних пор возникла проблема с NAT (после ребута оборудования) - упираемся в какое-то ограничение:
rtr-i-dc-www-01#sh ip nat tra tot
Total number of translations: 26238
rtr-i-dc-www-01#sh ip nat tra tot
Total number of translations: 26239
При этом ранее их было около 40к.
Конфиг NAT:
Код:
ip nat translation tcp-timeout 300
ip nat translation udp-timeout 30
ip nat translation finrst-timeout 30
ip nat translation syn-timeout 30
ip nat translation dns-timeout 10
ip nat translation icmp-timeout 10
ip nat translation max-entries 48000
ip nat translation max-entries all-host 500
ip nat translation max-entries host 10.1.11.18 1000
ip nat translation max-entries host 10.2.30.4 10000
ip nat translation max-entries host 10.1.11.19 1000
ip nat translation max-entries host 10.2.20.4 1000
ip nat translation max-entries host 10.1.11.25 1000
ip nat translation max-entries host 10.4.32.4 20000
ip nat translation max-entries host 10.1.16.93 1500
ip nat translation max-entries host 10.1.16.92 1500
ip nat translation max-entries host 10.1.16.77 1500
ip nat translation max-entries host 10.1.16.76 1500
ip nat translation max-entries host 10.1.16.110 1000
ip nat translation max-entries host 10.1.16.109 1000
ip nat translation max-entries host 10.1.16.148 1500
ip nat translation max-entries host 10.0.208.69 1000
ip nat translation max-entries host 10.0.219.19 1000
ip nat translation max-entries host 10.0.219.15 1000
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service gatekeeper
ip nat pool nat-pool x.x.x.x x.x.x.x prefix-length 30
ip nat inside source list ACL-FOR-NAT-PI pool nat-pool overload
Собственно, в чем может быть проблема? При превышении количества NAT-трансляций (бомбим изнутри наружу) - начинают отваливаться BGP-сессии с удаленными площадками, что очень странно...