cgnv6 lsn global

Set Large-Scale NAT config parameters

global Specification

Type Configuration Resource
Element Name global
Element URI /axapi/v3/cgnv6/lsn/global
Element Attributes global_attributes
Statistics Data URI /axapi/v3/cgnv6/lsn/global/stats
Schema global schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/cgnv6/lsn/global

global Attributes

Get Object

GET

/axapi/v3/cgnv6/lsn/global

global Attributes

Modify Object

POST

/axapi/v3/cgnv6/lsn/global

global Attributes

Replace Object

PUT

/axapi/v3/cgnv6/lsn/global

global Attributes

Delete Object

DELETE

/axapi/v3/cgnv6/lsn/global

global Attributes

Get Stats

GET

/axapi/v3/cgnv6/lsn/global/stats

stats data

global Attributes

attempt-port-preservation

Description: Port preservation attempts to use the same source protocol port for a client’s public address (NAT address) that is used in the client’s inside address.

  • disable : Do not attempt port preservation for NAT allocation.

Type: string

Supported Values: disable

hairpinning

Description: Configure filtering for hairpinning.

  • filter-none : Allows for self-hairpinning for UDP packets only. This is the default behavior for UDP packets. TCP will use filter-self-ip-port.
  • filter-self-ip : Drops packets that have the same inside client IP address for both the source and destination.
  • filter-self-ip-port : Drops packets that have the same inside client IP address and protocol port number for both the source and destination. This option may be needed if double NAT is used.

Type: string

Supported Values: filter-none, filter-self-ip, filter-self-ip-port

Default: filter-none

half-close-timeout

Description: Set LSN Half close timeout (Half close timeout in seconds (default not set))

Type: number

Range: 2-3000

icmp

Description: icmp is a JSON Block . Please see below for icmp

Type: Object

inbound-refresh

Description: NAT inbound refresh behavior.

* disable : Disable the session aging time for NAT translation.

Type: string

Supported Values: disable

ip-selection

Description: Specify the method for LSN to use to select IP addresses within a pool.

  • random : Selects addresses randomly, instead of using any of the other methods.
  • round-robin : Selects addresses sequentially.
  • least-used-strict : Selects the address with the fewest NAT ports of any type (TCP or UDP) used. This option is not applicable to ICMP.
  • least-udp-used-strict : Selects the address with the fewest UDP NAT ports used.
  • least-tcp-used-strict : Selects the address with the fewest TCP NAT ports used.
  • least-reserved-strict : Selects the address with the fewest TCP or UDP NAT ports reserved.
  • least-udp-reserved-strict : Selects the address with the fewest UDP NAT ports reserved.
  • least-tcp-reserved-strict : Selects the address with the fewest TCP NAT ports reserved.
  • least-users-strict : Selects the address with the fewest users.

Type: string

Supported Values: random, round-robin, least-used-strict, least-udp-used-strict, least-tcp-used-strict, least-reserved-strict, least-udp-reserved-strict, least-tcp-reserved-strict, least-users-strict

Default: random

logging

Description: logging is a JSON Block . Please see below for logging

Type: Object

port-batching

Description: port-batching is a JSON Block . Please see below for port-batching

Type: Object

syn-timeout

Description: Configure the SYN idle timeout for LSN in seconds.

Type: number

Range: 2-30

Default: 4

uuid

Description: uuid of the object

Type: string

logging

Specification
Type object

default-template

Description: Bind an existing LSN traffic logging template as the default template for all LSN pools.

Type: string

Format: string-rlx

Reference Object: /axapi/v3/cgnv6/template/logging

pool

Description: pool is a JSON List . Please see below for l1024_pool

Type: List

logging.pool

Specification
Type list
Block object keys

pool-name

Description: NAT pool

Type: string

Format: string-rlx

template

Description: Bind a NAT logging template

Type: string

Format: string-rlx

Reference Object: /axapi/v3/cgnv6/template/logging

port-batching

Specification
Type object

size

Description: Enable port batching. Port batching reduces logging by allocating a set of multiple ports to the client at the same time, and generating only a single log message for the batch of ports.

  • 1 : Allocate 1 port at a time.
  • 8 : Allocate 8 ports at a time.
  • 16 : Allocate 16 ports at a time.
  • 32 : Allocate 32 ports at a time.
  • 64 : Allocate 64 ports at a time.
  • 128 : Allocate 128 ports at a time.
  • 256 : Allocate 256 ports at a time.
  • 512 : Allocate 512 ports at a time.
  • 1024 : Allocate 1024 ports at a time.

Type: string

Supported Values: 1, 8, 16, 32, 64, 128, 256, 512

Default: 1

tcp-time-wait-interval

Description: Configure the timeout interval in minutes before TCP NAT ports can be reused after they have been released.

Type: number

Range: 0-10

Default: 2

icmp

Specification
Type object

send-on-port-unavailable

Description: Sends ICMP Destination Unreachable message when there are no protocol ports available for NAT mappings.

  • host-unreachable : Send ICMP destination host unreachabl. Sends code type 3, code 1 for IPv4, and type 1 code 3 for IPv6.
  • admin-filtered : Send ICMP admin filtered. Sends code type 3, code 13, administratively filtered.
  • disable : Disable ICMP Unreachable messages for the specified event (default).

Type: string

Supported Values: host-unreachable, admin-filtered

send-on-user-quota-exceeded

Description: Sends ICMP Destination Unreachable message when a a user quota is exceeded.

  • host-unreachable : Send ICMP destination host unreachabl. Sends code type 3, code 1 for IPv4, and type 1 code 3 for IPv6.
  • admin-filtered : Send ICMP admin filtered. Sends code type 3, code 13, administratively filtered.
  • disable : Disable ICMP Unreachable messages for the specified event.

Type: string

Supported Values: host-unreachable, disable

stats data

Counter Size Description
data_session_freed 8 Data Session Freed
port_overloading_smp_free_tcp 8 TCP Port Overloading Session Freed
total_udp_overloaded 8 UDP Port Overloaded
endpoint_indep_filter_match 8 Endpoint-Independent Filtering Matched
udp_fullcone_freed 8 UDP Full-cone Session Freed
nat_pool_unusable 8 nat_pool_unusable
nat_port_unavailable_udp 8 UDP NAT Port Unavailable
lid_pass_through 8 LSN LID Pass-through
total_icmp_freed 8 Total ICMP Ports Freed
hairpin 8 Hairpin Session Created
tcp_fullcone_created 8 TCP Full-cone Session Created
nat_port_unavailable_icmp 8 ICMP NAT Port Unavailable
udp_fullcone_created 8 UDP Full-cone Session Created
extended_quota_matched 8 Extended User-Quota Matched
icmp_user_quota_exceeded 8 ICMP User-Quota Exceeded
ha_nat_pool_unusable 8 HA NAT Pool Unusable
port_overloading_smp_free_udp 8 UDP Port Overloading Session Freed
total_tcp_allocated 8 Total TCP Ports Allocated
tcp_user_quota_exceeded 8 TCP User-Quota Exceeded
port_overloading_smp_inserted_tcp 8 TCP Port Overloading Session Created
eif_limit_exceeded 8 Endpoint-Independent Filtering Inbound Limit Exceeded
port_overloading_smp_inserted_udp 8 UDP Port Overloading Session Created
tcp_fullcone_freed 8 TCP Full-cone Session Freed
user_quota_failure 8 User-Quota Creation Failed
total_udp_freed 8 Total UDP Ports Freed
nat_port_unavailable_tcp 8 TCP NAT Port Unavailable
total_tcp_overloaded 8 TCP Port Overloaded
fullcone_failure 8 Full-cone Session Creation Failed
user_quota_created 8 User-Quota Created
data_sesn_user_quota_exceeded 8 Data Session User-Quota Exceeded
nat_ip_max_udp_ports_allocated 8 NAT IP UDP Max Ports Allocated
data_sesn_rate_user_quota_exceeded 8 Conn Rate User-Quota Exceeded
nat_ip_max_tcp_ports_allocated 8 NAT IP TCP Max Ports Allocated
fullcone_self_hairpinning_drop 8 Self-Hairpinning Drop
nat_mismatch_drop 8 NAT Pool Mismatch Drop
new_user_resource_unavailable 8 New User NAT Resource Unavailable
extended_quota_exceeded 8 Extended User-Quota Exceeded
total_udp_allocated 8 Total UDP Ports Allocated
data_session_created 8 Data Session Created
user_quota_put_in_del_q 8 User-Quota Freed
endpoint_indep_map_match 8 Endpoint-Independent Mapping Matched
udp_user_quota_exceeded 8 UDP User-Quota Exceeded
no_radius_profile_match 8 No RADIUS Profile Match
total_icmp_allocated 8 Total ICMP Ports Allocated
no_class_list_match 8 No Class-List Match
inbound_filtered 8 Endpoint-Dependent Filtering Drop
total_tcp_freed 8 Total TCP Ports Freed
lid_drop 8 LSN LID Drop