nat session-limit

Function

The nat session-limit enable command enables the limitation on the maximum number of user-based NAT sessions that can be established, or sets the maximum number of user-based NAT sessions that can be established.

The undo nat session-limit enable command disables the limitation on the maximum number of user-based NAT sessions that can be established, or restores the default maximum number.

The user-based NAT session number limitation is enabled by default. The default maximum number of user-based NAT sessions for each type of protocols is as follows:

  • TCP or UDP: 10240
  • ICMP: 512
  • Summation of TCP, UDP and ICMP: 8192. If the maximum number of NAT sessions of all protocols is set, this setting takes preference over the setting for a specific type protocol.

This command is supported only on the NetEngine 8000 F1A.

Format

nat session-limit { enable | icmp session-number | tcp session-number | total session-number | udp session-number }

undo nat session-limit { enable | { icmp | tcp | total | udp } [ session-number ] }

Parameters

Parameter Description Value
enable

Enables the limitation on the maximum number of user-based NAT sessions that can be established.

-
icmp session-number

Indicates the maximum number of ICMP sessions for each user.

The value is an integer ranging from 1 to 65535.
tcp session-number

Indicates the maximum number of TCP sessions for each user.

The value is an integer ranging from 1 to 65535.
total session-number

Indicates the maximum number of all sessions for each user.

If the total number of TCP, UDP, and ICMP sessions used for NAT has reached the upper limit, NAT cannot be performed even if the number of TCP, UDP, or ICMP sessions used for NAT has not reached the upper limit.

The value is an integer ranging from 1 to 65535.
udp session-number

Indicates the maximum number of UDP sessions for each user.

The value is an integer ranging from 1 to 65535.

Views

NAT instance view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nat write

Usage Guidelines

Usage Scenario

To enable the limitation on the maximum number of user-based NAT sessions that can be established, run the nat session-limit enable command. This command helps prevent a great number of NAT sessions from adversely affecting the transmission of services that NAT processes.

To set the maximum number of user-based NAT sessions that can be established, run the nat session-limit command in the NAT instance view.

Prerequisites

The limitation on the maximum number of user-based NAT sessions that can be established has been enabled using the nat session-limit enable command.

Configuration Impact

When the number of NAT sessions of a user reaches the upper limit, additional NAT sessions cannot be established. After existing NAT sessions age and the number of established sessions falls below the upper limit, new sessions can be established for the user.

Example

# Enable the limitation on the maximum number of user-based NAT sessions that can be established.
<HUAWEI> system-view
[~HUAWEI] nat instance nat id 1
[*HUAWEI-nat-instance-cpe1] nat session-limit enable
# Set the maximum number of TCP sessions that can be established to 20000 in a NAT instance named cpe1.
<HUAWEI> system-view
[~HUAWEI] nat instance cpe1 id 1
[*HUAWEI-nat-instance-cpe1] nat session-limit tcp 20000
Parent Topic: NAT Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >