8.4. Synchronization#
Session synchronization is used to ensure that all vCGNAT instances in the cluster have complete information about all open ports and sessions. In this case, if one vCGNAT instance fails, user sessions are not dropped when traffic moves to another instance. Failure of one or more (depending on the selected network architecture) vCGNAT instances will pass unnoticed by the client. Data exchange is performed over the UDP protocol.
8.4.1. Сonfiguration#
All the settings described below are performed in the configuration mode. Session synchronization should be configured at least on two vCGNATs; otherwise, the messages sent by the first vCGNAT will be dropped by the second one.
- nat sync destination-ip A.B.C.D port (1-65535) [{vrf NAME|source-ip A.B.C.D}]#
Set the destination IP address and port to which data will be sent via UDP protocol. Additionally, VRF and the source IP address can be specified. To send Synchronization messages to multiple devices at once, use a dedicated L2 segment and a broadcast network address as the destination IP address.
- no nat sync#
Disable created synchronization
- <nat|nat64> sync timeout-delay (1-604800000)#
Set a delay interval (in milliseconds) that is added to the timers when sessions are created via sync messages. The lifetime of the sessions will be
timeout-delayms longer than on the server where they are created. The delay is needed so that the primary server has time to send us a message with updates on a given session before we delete it because of recreating a session has much overhead. The default is 1000 ms.
- no <nat|nat64> sync timeout-delay (1-604800000) [vrf NAME]#
Reset timeout delay to the default value.
- nat sync start-delay (1-3600)#
Set start delay in seconds. This delay is necessary for the Active-Active redundancy scenario. It is used at system startup and is needed to add a new instance to the cluster transparently. NAT instance will not respond to ARP request during this delay, respectively traffic will not be redistributed to it. At the same time, other devices will send synchronization messages and this new instance will fill its session table. When delay ends, the new instance, with already full table of sessions, will pick up some traffic without losing users’ connections.
Important! In this case, synchronization must be configured to the broadcast address of the network, because ARP during this delay will not respond.
- no nat sync start-delay#
Disable start delay
If you do not want to wait for the start delay, use this command (in View mode) to start traffic processing immediately:
- nat sync start#
8.4.2. Show commands#
- show <nat|nat64> counters [vrf NAME] sync#
Display NAT or NAT64 counters for synchronization. See Show and Clear Commands for their description.
nfware# show nat counters sync ------------------------------------------------------------ Counter Value ------------------------------------------------------------ Subscriber Creations 0 Address Map Creations 0 Port Map Creations 0 Session Creations 0 Hairpinning Sessions 0 Address Map Entry Limit Drops 0 Address Map Failure Drops 0 No IP Suggested Drops 0 Out of Synchronization Drops 0 Deletion of Non-Existent Session 0 Outdate Messages 0 No NAT Rule Drops 0 No NAT Rule Group Drops 0 No Pool Drops 0 Port Map Entry Limit Drops 0 Port Map Failure Drops 0 Session Entry Limit Drops 0 Subscriber Limit Drops 0 Subscriber Session Limit Drops 0 Subscriber Session Rate Limit Drops 0 ------------------------------------------------------------
- clear <nat|nat64> counters [vrf NAME] sync#
Clear NAT or NAT64 counters for synchronization.
- show nat sync#
Display counters for synchronization.
nfware# show nat sync nat sync destination-ip 172.23.40.50 port 10 source-ip 172.23.40.49 Counters: Sent: Packets: 7 Messages: 7 No packet drops: 0 No VRF drops: 0 Received: Packets: 0 Messages: 0 Invalid msg length: 0 Errors on processing: 0 Unsupported msg type: 0
- clear nat sync#
Clear counters for synchronization.