show services nat pool
Syntax
show services nat pool <brief | detail> <pool-name> pgcp <ports-per-session | remotely-controlled>
Description
Display information about Network Address Translation (NAT) pools.
On MS-MPCs and MS-MICs, if the line cards receive a packet immediately
after the active port block timeout interval has expired, a new port
block is allocated and the old port block is released thereafter (if
no more ports are being used from that block). In such a scenario,
you might notice that the Max number of port blocks
used field displays a higher value than the value
shown for the Unique pool users field
in the output of the show services nat pool detail command.
This behavior is expected with port block allocation.
With MS-MPCs and MS-MICs, in the output of the show services
nat pool detail command, the Max ports used and the Ports in use fields display
values that indicate a higher number than the number of active subscribers
on the member interfaces of an ams interface. This behavior
of an increased value displayed for the number of ports allocated
and maximum number of ports used is expected after you perform a Graceful
Routing Engine switchover (GRES) and a restart of the MPC.
With MS-MPCs and MS-MICs on MX Series routers with AMS interfaces,
it is observed that the subscriber and port count details are displayed
only after a long time in the output of the show services nat
pool detail command. This behavior is expected with NAT pool
counters and occurs, regardless of port block allocation being configured.
Options
| none | Display standard information about all NAT pools. |
| brief | detail | (Optional) Display the specified level of output. |
| pool-name | (Optional) Display information about the specified NAT pool. |
| pgcp | (Optional) Display information about a NAT pool that is exclusive to the BGF. |
| ports-per-session | (Optional) Display the number of ports allocated per session from the NAT pool. |
| remotely-controlled | (Optional) Display if the NAT pool is explicitly specified by the gateway controller. |
Required Privilege Level
view
Output Fields
Table 1 lists the output fields for the show services nat pool command. Output fields are listed in the approximate order in which
they appear.
Field Name |
Field Description |
Level of Output |
|---|---|---|
|
Name of an adaptive services interface. |
All levels |
|
Name of a service set. Individual empty service sets are not displayed, but if none of the service sets has any flows, a flow table header is printed for each service set. |
All levels |
|
Name of the Network Address Translation pool. |
All levels |
|
Address translation type: |
All levels |
|
IPv4 address range of the pool. |
All levels |
|
Port range of the pool. Applicable only for dynamic NAT pools. Not displayed for static NAT pools. |
All levels |
|
Number of ports allocated in this pool with this name. Applicable only for dynamic NAT pools. Not displayed for static NAT pools. |
All levels |
|
Type of port block allocation: secured or deterministic |
All levels |
|
Number of free addresses in the NAT pool. |
|
|
The range of ports configured to be used for NAT pool. |
|
|
Number of port allocation errors. Applicable only for dynamic NAT pools. Not displayed for static NAT pools. |
|
|
Number of port allocations that failed because a port number of the desired parity was not available. |
|
|
Number of port allocations that failed because a port in the desired range was not available. |
|
|
Maximum number of ports used. Applicable only for dynamic NAT pools. Not displayed for static NAT pools. |
|
|
Number of addresses in use for dynamic source address NAT pools. |
|
|
When address pooling paired (AP-P) is configured, a private IP is paired to a public IP. This is a counter of translation errors where there are free ports available in the NAT pool, but none for the NAT IP to which the private IP is paired. |
|
|
When AP-P is configured, this is a counter of out-of-port
errors that are due to a configured limit for the number of allocated
ports in the |
|
|
Number of memory allocation failures. |
|
|
Current number of EIF inbound sessions. |
|
|
Number of inbound connections that were dropped because the EIF limit was exceeded. |
|
|
Number of ports in a port block. |
none |
|
Maximum number of port blocks per private address. |
none |
|
Activity timeout of port block. |
none |
|
Effective range of port numbers. |
none |
|
Effective number of port blocks. |
none |
|
Effective number of ports. |
none |
|
Port block efficiency. |
none |
|
The total number of times when a request for more than the allowed port blocks allocated for a user arrives from a user. |
All levels |
|
Whether the capability to preserve the privileged port range after translation is enabled. One of the following is displayed:
|
|
|
When AP-P is configured, a private IP is paired to a public IP. This is a counter of translation errors where there are free ports available in the NAT pool, but none for the NAT IP to which the private IP is paired. |
|
|
The maximum number of port blocks used. |
All levels |
|
Current count of the port blocks that are being used. |
|
|
The consolidated number of port block allocation errors. |
All levels |
|
The number of memory allocation errors for port blocks. |
All levels |
|
The number of times a subscriber exceeded its port limits for a NAT pool that uses deterministic port block allocation. |
All levels |
|
The number of different users of the NAT pools. |
All levels |
|
Current count of EIF inbound flows, including all EIF flows per pool. |
|
|
Current number of flow drops due to exceeded flow limit. This number is per pool, not per EIF mapping. |
|
Sample Output
- show services nat pool brief
- show services nat pool detail
- show services nat pool (Secured Port Block Allocation)
- show services nat pool detail (Deterministic Port Block Allocation)
- show services nat pool (Deterministic Port Block Allocation)
- show services nat pool detail (Port Block Allocation)
show services nat pool brief
user@host> show services nat pool brief Interface: ms-1/0/0, Service set: s1 NAT pool Type Address Port Ports used dest-pool DNAT-44 10.10.10.2-10.10.10.2 napt-pool NAPT-44 50.50.50.1-50.50.50.254 1024-63487 0 source-dynamic-pool DYNAMIC NAT44 40.40.40.1-40.40.40.254 source-static-pool BASIC NAT44 30.30.30.1-30.30.30.254
show services nat pool detail
user@host> show services nat pool detail Interface: ms-4/0/0, Service set: ss1 NAT pool: srcpool, Translation type: NAPT-44 Address range: 100.0.0.1-100.0.0.254 Available addresses: 254 Configured port range: 1024-65535 Port range: 1024-65535, Ports in use: 0, Out of port errors: 0 Parity port errors: 0, Preserve Range errors: 0 Max ports used: 0 AP-P port allocation errors: 0, AP-P port limit allocation errors: 0 Memory allocation errors: 0 EIF Inbound session count: 0 EIF Inbound session Limit exceeded drops: 0
show services nat pool (Secured Port Block Allocation)
user@host> show services nat pool
Interface: sp-2/0/0, Service set: in
NAT pool Type Address Port Ports used
mypool dynamic 3.3.3.3-3.3.3.10 512-65535 0
3.3.3.15-3.3.3.20
3.3.3.25-3.3.3.30
3.3.3.95-3.3.3.200
Port block size: 64, Max port blocks per address: 1, Active block timeout: 86400, Effective port range: 1024-65471,
Effective number of port blocks: 126882, Effective number of ports: 8120448, Port block efficiency: nan
Interface: sp-2/1/0, Service set: in1
NAT pool Type Address Port Ports used
mypool1 dynamic 9.9.9.1-9.9.9.254 512-65535 0
Port block size: 64, Max port blocks per address: 1, Active block timeout: 86400, Effective port range: 1024-65471,
Effective number of port blocks: 255778, Effective number of ports: 16369792, Port block efficiency: nanshow services nat pool detail (Deterministic Port Block Allocation)
user@host> show services nat pool detail
Interface: sp-2/0/0, Service set: ss1
NAT pool: napt_pool, Translation type: dynamic
Address range: 5.5.5.1-5.5.5.254
Configured port range: 1-60000, Preserve range enabled: Is active
Port range: 2000-2002, Ports in use: 2, Out of port errors: 0, Max ports used: 2
AP-P out of port errors: 188
Max number of port blocks used: 1, Current number of port blocks in use: 1, Port block allocation errors: 0,
Port block memory allocation errors: 0
DetNAT subscriber exceeded port limits: 1
Unique pool users: 1
show services nat pool (Deterministic Port Block Allocation)
user@host> show services nat pool Interface: sp-2/0/0, Service set: ss2 NAT pool Type Address Port Ports Used pba dynamic 33.33.33.1-33.33.33.128 512-65535 6604 Port block type: Deterministic port block, Port block size: 200
show services nat pool detail (Port Block Allocation)
user@host> show services nat pool detail
Interface: sp-2/0/0, Service set: s
NAT pool: napt_pool, Translation type: dynamic
Address range: 44.1.1.1-44.1.1.1
Configured port range: 1-60000
Port range: 1024-65535, Ports in use: 0, Out of port errors: 0,
Max ports used: 0
AP-P out-of-port errors: 0
Current EIF Inbound flows count: 0
EIF flow limit exceeded drops: 0
Release Information
Command introduced before Junos OS Release 7.4.
pgcp option added in Junos OS Release 8.5.