NAT Information
The ACLI can display NAT table information and the NAT table itself in a variety of formats: by entry range, by table entry range in tabular form, by matching source and destination addresses. This information is used primarily for debugging purposes.
NAT information is displayed using the show nat command with the appropriate arguments.
show nat info
The show nat info command allows displays general NAT table information. The output is used for quick viewing of the system’s overall NAT functions, including the maximum number of NAT table entries, the number of used NAT table entries, the length of the NAT table search key, the first searchable NAT table entry address, the length of the data entry, the first data entry address, and whether or not aging and policing are enabled in the NAT table.
ORACLE# show nat info -- NAT table info -- Maximum number of entries : 7768 Number of used entries : 0 Length of search key : 2 (x 64 bits) First search entry address : 0x0 length of data entry : 4 (x 64 bits) First data entry address : 0x0 Enable aging : 1 Enable policing : 0 ORACLE#
show nat by-addr
The show nat by-addr command displays NAT table information that matches source and destination addresses. When using this command, you can specify the entries to display according to source address (SA) and/or destination address (DA) values.
The system matches these values to the NAT table entries and shows the pertinent information. If no addresses are entered, the system shows all of the table entries. NAT entries can be matched according to SA or DA or both.
show nat by-addr <source IPv4 address> <destination IPv4 address>
The table below explains the output of the show nat by-addr command.
| Parameter | Description |
|---|---|
| SA_flow_key | Source IPv4 or !Pv6 address key used for matching in the look-up process. |
| DA_flow_key | Destination IPv4 or IPv6 address key used for matching in the look-up process. |
| SP_flow_key | UDP source port used for matching in the look-up process. |
| DP_flow_key | UDP destination port used for matching in the look-up process. |
| VLAN_flow_key | If this is a non-zero value, then there is an associated VLAN. If this value is zero, then there is no associated VLAN. |
| SA_prefix | This value determines how many bits in the key are considered in the look-up process for a match, where SA is the source IPv4 address. |
| DA_prefix | This value determines how many bits in the key are considered in the look-up process for a match, where DA is the destination IPv4 address. |
| SP_prefix | This value determines how many bits in the key are considered in the look-up process for a match, where SP is the UDP source port. |
| DP_prefix | This value determines how many bits in the key are considered in the look-up process for a match, where DP is the UDP destination port. |
| Protocol_flow_key | This value stands for the protocol used, where
the following values and protocols correspond:
• 1 = ICMP • 6 = IP • 17 = UDP |
| Ingress_flow_key | This value uniquely identifies from where the packet came, and it is a combination of the Ingress Slot and Ingress Port values. |
| Ingress Slot | Together with the Ingress Port, this value makes up the Ingress_flow_key. |
| Ingress Port | Together with the Ingress Slot, this value makes up the Ingress_flow_key. |
| XSA_data_entry | This is the translated (i.e., post-lookup) source IPv4 or IPv6 address value. |
| XDA_data_entry | This is the translated (i.e., post-lookup) destination IPv4 or IPv6 address value. |
| XSP_data_entry | This is the translated (i.e., post-lookup) source port value. |
| XDP_data_entry | This is the translated (i.e., post-lookup) destination port value. |
| Egress_data_entry | This value uniquely identifies the outbound interface for the packet, and it is a combination of the Egress Slot and Egress Port values. This is the functional equivalent to the Ingress_flow_key. |
| Egress Slot | Together with the Egress Port, this value makes up the Egress_data_entry. |
| Egress Port | Together with the Egress Slot, this value makes up the Egress_data_entry. |
| flow_action | This value displays the defined flow_action
(i.e., flag) bits. The flow action bit mask includes the following bit options:
• bit 1 - 1=MPLS strip • bit 2 - 1=Diffserv clear • bit 5 - 1=Latch source address • bit 6 - 1=Collapse flow • bit 7 - 1=Slow Path • bit 8 - 1=QoS Requirement • bit 9 - 1=RTCP, 0=RTP is bit 8 is set • bit 10 - 1=packet capture if bit 8 is set • bit 11 - 1=full packet capture, 0=header packet capture, if bit 9 is set Bits 8 through 11 only apply to QOS. |
| optional_data | This value is related to the flow_action value.
If the flow_action Slow Path bit (bit 7) is set, then the optional_data value is the UDP destination port for delivery to the host. The optional_data value may also contain DSCP markings. |
| VLAN_data_entry | This value refers to the outbound VLAN look-up process. A non-zero value means that there is an associated VLAN, while a zero value means that there is no associated VLAN. |
| host_table_index | This value refers to the virtual index for the host management of CAM processing. |
| init_flow_guard | This timer is used to age the entries in the CAM. |
| inact_flow_guard | This timer is used to age the entries in the CAM. |
| max_flow_guard | This timer is used to age the entries in the CAM. |
In the above table, the following values are equivalent:
- SA = Source IPv4 or IPv6 Address
- DA = Destination IPv4 or IPv6 Address
- SP = UDP Source Port
- DP = UDP Destination Port
- X = Translated
Using a zero in the source address location of the command execution line is a wildcard value. This is used for displaying NAT information by destination address only.
show nat by-index
The show nat by-index command displays a specified range of entries in the NAT table, with a maximum of 5024 entries. The syntax for using the show nat by-index command is:
show nat by-index <starting entry> <ending entry>
To view lines 10 through 50 of the NAT table, you would enter the following:
show nat by-index 10 50
If you do not specify a range, the system uses the default range of 1 through 200. The range you enter corresponds to line numbers in the table, and not to the number of the entry itself.
show nat in-tabular
The show nat in-tabular command displays a specified range of entries in the NAT table display in table form, with a maximum of 5024 entries. This tabular output allows for ease in viewing the sometimes lengthy NAT table information. The syntax is modeled on the show nat by-index command:
show nat in-tabular 10 50
In this abbreviated display, the fields that are shown for each NAT entry are:
- SA_key—equivalent to SA_flow_key in other show nat commands. Displayed in hexadecimal format.
- DA_key—equivalent to DA_flow_key in other show nat commands. Displayed in hexadecimal format.
- SP_key—equivalent to SP_flow_key in other show nat commands. Displayed in hexadecimal format.
- DP_key—equivalent to DP_flow_key in other show nat commands. Displayed in hexadecimal format.
- VLAN_key—equivalent to VLAN_data_entry in other show nat commands.
- ING—equivalent to Ingress_flow_key in other show nat commands.
- PROTO—equivalent to Protocol_flow_key in other show nat commands.
- WEIGHT—Flow weight.
The display of the show nat in-tabular requires a 132-column display. Please adjust your terminal program appropriately.
