Nat Support For Fragmented Packets; Table 7 Session Resource Utilization Alarms - Alcatel-Lucent 7705 Configuration Manual

NAT Support for Fragmented Packets

The NAT functionality on the 7705 SAR can process UDP packet fragments; however, the
fragment containing the header must arrive first. If this condition is not met, the following
actions occur:
7705 SAR OS Router Configuration Guide
Table 7: Session Resource Utilization Alarms
Event Description
All security This event is generated if all
session resources session resources have been
have been exhausted (utilization reaches
exhausted 100%)
Security session This event is generated when a
resource alarm resource alarm state is detected.
detected The alarm state is detected when
either the high watermark is
crossed (if configured) or all
session resources have been
exhausted.
Security session This event is generated when a
resource alarm security session resource alarm
cleared state is cleared. This alarm state is
cleared when either the low
watermark is crossed (if
configured) or all sessions have
been cleared.
Security session This event is generated when the
resource alarm high or low thresholds for the
threshold alarm state are modified.
modified
• For source NAT packets traversing from a private network to a public network,
fragmented packets that do not contain the UDP header are dropped.
• For source NAT packets traversing from a public network to a private network and
destined to a local IP address on the 7705 SAR, fragmented packets that do not
contain the UDP header are extracted to the CSM for processing and an ICMP error
message is sent to the sender.
IP Router Configuration
SNMP Notification
aluSecSessionsExhausted
aluSecSessionHiWtrMrkCrossed
aluSecSessionLoWtrMrkCrossed
aluSecSessionWtrMrkModified
53