Symptom
Under scale scenario with continuous creation & deletion of TCP NAT translations over a long period where the number of NAT translations keep exceeding the max translations possible in hardware with atomic update configured ("hardware access-list update atomic" - with make before break programming of NAT translation hardware TCAM entries) some NAT translations may be stuck in stale state in software DB and in hardware ACL TCAM.
Conditions
Scale scenario with continuous creation & deletion of TCP NAT translations over a long period where the number of NAT translations to be setup keep exceeding the max translations possible with atomic update ("hardware access-list update atomic") configured -> which is 50% of the (NAT TCAM region size - TCP NAT region size).
Workaround
Configure software limit for number of NAT translations equal to 50% of number of carved NAT TCAM region divided by 2 in case of atomic update configured.
For example, with 1024 NAT TCAM region and 100 TCAM entries for TCP-NAT region configure max translations as (1024-100)/4 = 230.
switch# ip nat translation max-entries
Further Problem Description
