Configuring the NAT Address Pool Statistics Function

Configuring the NAT address pool statistics function allows you to understand the usage of addresses in the address pool, facilitating address pool management.

Context

The NAT address pool statistics function enables the device to periodically collect statistics on specific address pools, including the total number of public IP addresses, total number of private IP addresses, maximum number of private IP addresses to which a single public address in the address pool corresponds, maximum number of sessions to which a single public address in the address pool corresponds, and sum of the number of sessions to which each address in the address pool corresponds. With the statistics, you can intuitively understand the usage of addresses in the address pool, which facilitates address pool management.

To reduce system resource consumption, you can set the interval for collecting NAT address pool statistics. The default interval is 30 minutes. After you set the interval for collecting NAT address pool statistics, the first statistics can be viewed immediately after the statistics collection is complete, but subsequent statistics can be viewed only after the interval expires.

Statistics on an address pool are collected only when the NAT address pool statistics function is enabled in the system view and the view of the address pool.

The CPU usage increases within 10s of NAT address pool statistics. After NAT address pool statistics are complete, the CPU usage falls into the normal range.

Procedure

Access the system view.
system-view
Enable the global NAT address pool statistics function.
nat statistics enable
Optional: Set the interval for collecting NAT address pool statistics.
nat statistics interval interval
Access the NAT address pool view.
nat address-group group-name [ group-number ]
Enable the NAT address pool statistics function in the NAT address pool view.
statistics enable

Checking NAT Statistics

Table 1 lists the operations for checking NAT statistics.

**Table 1** Checking NAT statistics
Operation	Command	Description
Check NAT address pool statistics.	display nat statistics { name group-name \| id group-id } [ global-ip ip-address \| { inside-ip \| session } \| verbose ] ^*	The display nat statistics command displays historical data within a specific period. If the configuration changes or data is updated, you cannot use this command to view the latest statistics until the next measurement period starts. You can run the display nat statistics information command to view the start time of the next measurement period or run the nat statistics interval command to set the interval for collecting NAT address pool statistics. Example: [sysname] display nat statistic NAT statistics time: 2015/9/24 17:51:14 address group 3: nop1, vsys: public total global ip: 200, total section: 2 total inside ip: 1, average inside ip: 0 max inside ip: 1, global ip: 1.0.0.1, section: 0, session: 1 total session: 100, average session: 0 max session: 1, global ip: 1.0.0.1, section: 0, inside ip: 1 smart-ip session number: 0
Check the No-PAT mode NAT address pool statistics.	display nat no-pat statistics address-group { name group-name \| id group-id } [ session \| verbose ] ^*	Example: [sysname] display nat no-pat statistics address-group name group1 No-PAT statistics for address group "group1" [2015/9/24 17:51:14]: No-PAT statistics for section 0: ----------------------------------------------------------------- IP address: Total:100 Used:0 Unused:100 Usage:0% No-PAT statistics for section 1: ----------------------------------------------------------------- IP address: Total:100 Used:0 Unused:100 Usage:0% [The IP Address 1.0.0.1 has been reserved for PAT]
Check the resource usage of the NAT address pool.	display nat resource usage address-group { name group-name \| id group-id } [ verbose \| global-ip ip-address ]	Example: <sysname> display nat resource usage address-group name abc verbose Resource statistics for vsys "public" address group abc :"portrng" ----------------------------------------------------------------------------------- IP-address Section-id Total Resource Used Resource Usage 10.10.0.1 0 7936 2313 29% 10.10.0.2 0 7936 2329 29% 10.10.0.3 0 7936 2533 31% 10.10.0.4 0 7936 2462 31% 10.10.0.5 0 7936 2390 30%

Table 1 Checking NAT statistics

Operation

Command

Description

Check NAT address pool statistics.

display nat statistics { name group-name | id group-id } [ global-ip ip-address | { inside-ip | session } | verbose ] ^*

The display nat statistics command displays historical data within a specific period. If the configuration changes or data is updated, you cannot use this command to view the latest statistics until the next measurement period starts. You can run the display nat statistics information command to view the start time of the next measurement period or run the nat statistics interval command to set the interval for collecting NAT address pool statistics.

Example:

[sysname] display nat statistic
NAT statistics time: 2015/9/24 17:51:14
address group 3: nop1, vsys: public
 total global ip: 200, total section: 2
 total inside ip: 1, average inside ip: 0
 max inside ip: 1, global ip: 1.0.0.1, section: 0, session: 1
 total session: 100, average session: 0
 max session: 1, global ip: 1.0.0.1, section: 0, inside ip: 1
smart-ip session number: 0

Check the No-PAT mode NAT address pool statistics.

display nat no-pat statistics address-group { name group-name | id group-id } [ session | verbose ] ^*

Example:

[sysname] display nat no-pat statistics address-group name group1
 No-PAT statistics for address group "group1" [2015/9/24 17:51:14]:
 No-PAT statistics for section 0:
 -----------------------------------------------------------------
 IP address:   Total:100     Used:0       Unused:100     Usage:0%   
 No-PAT statistics for section 1:
 -----------------------------------------------------------------
 IP address:   Total:100     Used:0       Unused:100     Usage:0%
 [The IP Address 1.0.0.1 has been reserved for PAT]

Check the resource usage of the NAT address pool.

display nat resource usage address-group { name group-name | id group-id } [ verbose | global-ip ip-address ]

Example:

<sysname> display nat resource usage address-group name abc verbose
Resource statistics for vsys "public" address group abc :"portrng"                                                                  
  -----------------------------------------------------------------------------------                                               
  IP-address         Section-id    Total Resource    Used Resource    Usage                                                         
  10.10.0.1          0             7936              2313             29%                                                           
  10.10.0.2          0             7936              2329             29%                                                           
  10.10.0.3          0             7936              2533             31%                                                           
  10.10.0.4          0             7936              2462             31%                                                           
  10.10.0.5          0             7936              2390             30%

Clearing Source NAT Policy Statistics

Table 2 lists the command that you can execute in the user view to clear source NAT policy statistics.

**Table 2** Clearing source NAT policy statistics
Action	Command	Description
Clear source NAT policy statistics. After the statistics are cleared, the statistics value counts from zero.	reset nat-policy counter { all \| rule rule-name }	-