Network Address Translation (NAT)
-
Monitor subscriber port utilization (cSRX, MX240, MX480, MX960, SRX1500, SRX1600, SRX2300, SRX4200, SRX4300, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX3.0)―Use Carrier Grade Network Address Translation (CGNAT) to monitor and manage port utilization. Configure threshold limits to receive notifications when port or port block usage exceeds these thresholds.
If a pool is configured as Port Block Allocation (PBA) and a subscriber uses more port blocks than the threshold, a notification is generated.
For Deterministic NAT (DETNAT) pools, if a subscriber uses more ports than the threshold in the allocated block, a notification is generated.
[See pool-utilization-alarm (Security Source NAT Pool) and pool (Security Source NAT).]
-
Distinct NAT ports for the same IP address on PCP and DS-Lite (MX240, MX480, and MX960)―Junos OS Release 24.4R1 supports distinct NAT port and pool mapping for Port Control Protocol (PCP) and Dual-Stack Lite (DS-Lite).
The PCP and DS-Lite can use the same NAT IP address with different port and NAT pools if the traffic originates from the same subscriber.
Ensure that PCP and DS-Lite are configured with:
-
Address pooling, or address pooling paired (APP)
-
Endpoint independent mapping (EIM)
-
Endpoint independent filtering (EIF)
You must configure the
allow-distinct-port-pools
at[set services nat source]
hierarchy to assign same NAT IP address with different ports from different NAT pools.[See allow-distinct-port-pools, Port Control Protocol and IPv6 Dual-Stack Lite.]
-