CGNAT allocation calculations may sometimes be incorrect
set nat cgnat pool external ext-01 external-port-range '1024-65535' set nat cgnat pool external ext-01 per-user-limit port '12096' set nat cgnat pool external ext-01 range 192.168.122.121/32 set nat cgnat pool external ext-01 range 192.168.122.222/32 set nat cgnat pool external ext-01 range 192.168.122.223/32 set nat cgnat pool internal int-01 range '100.64.0.0/28' set nat cgnat rule 10 source pool 'int-01' set nat cgnat rule 10 translation pool 'ext-01'
We get unexpected address 100.64.0.15 allocation with duplicated external address 192.168.122.121 and port range, already allocated to 100.64.0.0
vyos@r4# run show nat cgnat allocation Internal IP External IP Port range ------------- --------------- ------------ 100.64.0.0 192.168.122.121 1024-13119 <=== First correct allocation 100.64.0.1 192.168.122.121 13120-25215 100.64.0.2 192.168.122.121 25216-37311 100.64.0.3 192.168.122.121 37312-49407 100.64.0.4 192.168.122.121 49408-61503 100.64.0.5 192.168.122.222 1024-13119 100.64.0.6 192.168.122.222 13120-25215 100.64.0.7 192.168.122.222 25216-37311 100.64.0.8 192.168.122.222 37312-49407 100.64.0.9 192.168.122.222 49408-61503 100.64.0.10 192.168.122.223 1024-13119 100.64.0.11 192.168.122.223 13120-25215 100.64.0.12 192.168.122.223 25216-37311 100.64.0.13 192.168.122.223 37312-49407 100.64.0.14 192.168.122.223 49408-61503 100.64.0.15 192.168.122.121 1024-13119 <=== UNEXPECTED entry [edit] vyos@r4#
But if we try to set port limit 12097 (the next port range allocation), the calculation looks good:
vyos@r4# set nat cgnat pool external ext-01 per-user-limit port '12097' [edit] vyos@r4# commit [ nat cgnat ] Not enough ports available for the specified parameters! [[nat cgnat]] failed Commit failed [edit] vyos@r4#