Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 5
Registered: ‎05-19-2010

source-nat on ServerIron450

I have several remote servers configured with source-nat. I am running at layer3 and I do not have "server source-ip" configured. for the most part it is using the egress interface's IP address as the source address for the SNAT but i we started to see that during high loads, the source would be another IP configured ont the LB. I enabled source-ip logging and started logging the following error.SNAT: No Norm Ports avail for IP xx.xx.xx.xx

So know i know why I the LB is using another ve to do snat, but I can't find a way of showing what is using all the ports on the egress ve (which is the one I would like to use for SNAT) or show me how to clear the snat table short of reloading the device.

any ideas?

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: source-nat on ServerIron450

Hi erick,

I think this is what you are after, note ServerIron must be running code rev 10.2.01 or higher.

In the existing software implementation, when source-ip or source-nat-ip is defined, the total number of 64K ports (of which some are reserved for internal use) per IP address are allocated and shared across all real servers. Each real server will only use portion of the entire port pool. As a net result, the number of connections that the system can handle is limited by the number of source-ip/source-nat-ip defined on the system multiply by maximum port pool per IP.

As global port pool is shared by all real servers, the supply of ports can be quickly exhausted. Defining of

additional source-ip/source-nat-ip may not always be feasible. The release 10.2.01 enhances this function ality and effctively conserves IP addresses.

With this enhancement, the port pool(s) are not shared globally but are allocated to each real server and each real server is able to use the entire pool by itself.

This feature is recommended for deployments with large numbers of real servers, which can lead to a shortage of ports and necessitate configuration of additional source IPs and source NAT IPs.

Enabling Port Allocation Per Real Server for Source NAT IP

To enable port allocation per real server with server source-nat-ip command, use the following command:

ServerIron(config)# server source-nat-ip 10.10.10.5 255.255.255.0 0.0.0.0 port-range

2 portalloc-per-real

Syntax:

server source-nat-ip <ip-addr> <ip-mask> <default-gateway> port-range <1>|<2>

NOTE:

You should not enable/disable this functionality while the IP addresses are in use by the traffic flow. You must bring the traffic level to zero using this IP address or remove the command and redefine it. You should not enable/disable this functionality while the IP addresses are in use by the traffic flow. You must bring the number of traffic flows utilizing this IP address to zero or remove the command and redefine it.

As an example, for changing from statement #1 to statement #2 below, either bring the traffic level to nil or negate the command first using "no server...." and then re-define it.

statement #1: server ... port-range 1

statement #2: server ... port-range 1 port-alloc-per-real

show source-ip <source ip>

• Show source-ip <source-ip> displays the IP information, free ports, owner, start, and end for port pools for a specific source IP.

• Show source-ip <source IP> <real-server IP> displays the free ports, owner, start, and end for port pools for the specified source IP addresses and real server.

• Show source-ip <source IP> <real-server IP> all displays the free ports, owner, start, and end for port pools for the specified source IP addresses for all real servers.

EXAMPLE:

NOTE:

If show source-ip displays that the IP is a per-real-srcip, then you should use the show source-ip

<source-ip><real-server IP> to view the port allocation and usage information since the ports allocation will be from the real server pool.

ServerIron 4502/1#sh source-ip 4.4.4.101 all

Source IP information

*********************

Source IP: 4.4.4.101

flt: Yes standby: No intf ip: No

Real server: real-rs-8.10 (8.8.8.10)

MMS: h: 0 t: 0 m: 23b4fb3c T: 642 f: 642

RTSP: h: 0 t: 0 m: 23b51b54 T: 384 f: 384

NORM: h: 0 t: 0 m: 23b34b24 T: 9216 f: 9216

Real server: real-rs-8.11 (8.8.8.11)

MMS: h: 0 t: 0 m: 23b53b6c T: 642 f: 642

RTSP: h: 0 t: 0 m: 23b55b84 T: 384 f: 384

NORM: h: 0 t: 0 m: 280c1d08 T: 9216 f: 9216

Real server: real-rs-8.12 (8.8.8.12)

MMS: h: 0 t: 0 m: 23b58114 T: 642 f: 642

RTSP: h: 0 t: 0 m: 23b5a12c T: 384 f: 384

NORM: h: 0 t: 0 m: 280dcd20 T: 9216 f: 9216

Thanks

Michael.

Frequent Contributor
Posts: 177
Registered: ‎02-14-2011

Re: source-nat on ServerIron450

Hi Erick,

Was your question answered? If so, please mark the answer as either helpful or correct.

Thanks!

Cheers,

Grace Chang

Community Moderator

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.