Hi Klement, Really appreciate the detailed explanation! That makes sense and I could see that behavior from my tests.
Last question: does "max translations per user" matter any more because the concept of user doesn't exist with new NAT? max translations: 4000000 max translations per user: 500 >From my tests, each ip address can form as many sessions as needed as long as the overall/total sessions stay under "max translations". Thanks! On Mon, Jun 1, 2020 at 12:47 AM Klement Sekera -X (ksekera - PANTHEON TECH SRO at Cisco) <ksek...@cisco.com> wrote: > Hi, > > as you can see almost all of NAT sessions are timed out. NAT will > automatically free and reuse them when needed again. > > this line: > > udp LRU min session timeout 5175 (now 161589) > hints whether immediate reuse is possible. Minimum session timeout in the > LRU list for UDP sessions is 5175, while current vpp internal time is > 161589. This means the first element in LRU list for UDP session is ready > to be reaped. > > To avoid fluctuations in performance due to running periodic cleanup > processes, NAT instead attempts to free one session anytime there is a > request to create a new session. This means that at low steady rate, > maximum number of sessions will peak at some point. E.g. with UDP timeout > of 30 seconds and 100 sessions/second, after 30 seconds there will be > around 3000 sessions and new sessions will also start to force cleanups. > This will then cause the total sessions to remain at around 3000. If you > stop creating new traffic, all of these eventually time out (without > spending any CPU on these timeouts). If again after some time you start > traffic, sessions will be freed and reused as required. > > Regards, > Klement > > > On 31 May 2020, at 22:07, carlito nueno <carlitonu...@gmail.com> wrote: > > > > Hi all, > > > > I am using vpp v20.05 and running NAT44 in end-point dependent mode. > > > > To test NAT, I created 50k tcp and udp sessions and ran packets for 5 > mins. Then I stopped the test. > > > > As soon as the test is stopped, tcp established sessions is 0, tcp > transitory sessions increase and all of the tcp sessions become 0 after > about 7440 seconds. > > But UDP sessions are still "open", as the count is still high even after > 24 hours. As you can see below, udp LRU session timeout is around 161589 > and total udp sessions is around 29k > > > > Any advice? Let me know if I am missing anything. > > > > NAT44 pool addresses: > > 130.44.9.8 > > tenant VRF independent > > 0 busy other ports > > 29058 busy udp ports > > 0 busy tcp ports > > 0 busy icmp ports > > NAT44 twice-nat pool addresses: > > max translations: 4000000 > > max translations per user: 1000 > > udp LRU min session timeout 5175 (now 161589) > > total timed out sessions: 29025 > > total sessions: 29058 > > total tcp sessions: 0 > > total tcp established sessions: 0 > > total tcp transitory sessions: 0 > > total tcp transitory (WAIT-CLOSED) sessions: 0 > > total tcp transitory (CLOSED) sessions: 0 > > total udp sessions: 29058 > > total icmp sessions: 0 > > > > Thanks! > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#16622): https://lists.fd.io/g/vpp-dev/message/16622 Mute This Topic: https://lists.fd.io/mt/74589316/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
