12-21-2010 01:26 PM
I have several remote servers configured with source-nat. I am running at layer3 and I do not have "server source-ip" configured. for the most part it is using the egress interface's IP address as the source address for the SNAT but i we started to see that during high loads, the source would be another IP configured ont the LB. I enabled source-ip logging and started logging the following error.SNAT: No Norm Ports avail for IP xx.xx.xx.xx
So know i know why I the LB is using another ve to do snat, but I can't find a way of showing what is using all the ports on the egress ve (which is the one I would like to use for SNAT) or show me how to clear the snat table short of reloading the device.
12-30-2010 01:39 PM
I think this is what you are after, note ServerIron must be running code rev 10.2.01 or higher.
In the existing software implementation, when source-ip or source-nat-ip is defined, the total number of 64K ports (of which some are reserved for internal use) per IP address are allocated and shared across all real servers. Each real server will only use portion of the entire port pool. As a net result, the number of connections that the system can handle is limited by the number of source-ip/source-nat-ip defined on the system multiply by maximum port pool per IP.
As global port pool is shared by all real servers, the supply of ports can be quickly exhausted. Defining of
additional source-ip/source-nat-ip may not always be feasible. The release 10.2.01 enhances this function ality and effctively conserves IP addresses.
With this enhancement, the port pool(s) are not shared globally but are allocated to each real server and each real server is able to use the entire pool by itself.
This feature is recommended for deployments with large numbers of real servers, which can lead to a shortage of ports and necessitate configuration of additional source IPs and source NAT IPs.
Enabling Port Allocation Per Real Server for Source NAT IP
To enable port allocation per real server with server source-nat-ip command, use the following command:
ServerIron(config)# server source-nat-ip 10.10.10.5 255.255.255.0 0.0.0.0 port-range
server source-nat-ip <ip-addr> <ip-mask> <default-gateway> port-range <1>|<2>
You should not enable/disable this functionality while the IP addresses are in use by the traffic flow. You must bring the traffic level to zero using this IP address or remove the command and redefine it. You should not enable/disable this functionality while the IP addresses are in use by the traffic flow. You must bring the number of traffic flows utilizing this IP address to zero or remove the command and redefine it.
As an example, for changing from statement #1 to statement #2 below, either bring the traffic level to nil or negate the command first using "no server...." and then re-define it.
statement #1: server ... port-range 1
statement #2: server ... port-range 1 port-alloc-per-real
show source-ip <source ip>
• Show source-ip <source-ip> displays the IP information, free ports, owner, start, and end for port pools for a specific source IP.
• Show source-ip <source IP> <real-server IP> displays the free ports, owner, start, and end for port pools for the specified source IP addresses and real server.
• Show source-ip <source IP> <real-server IP> all displays the free ports, owner, start, and end for port pools for the specified source IP addresses for all real servers.
If show source-ip displays that the IP is a per-real-srcip, then you should use the show source-ip
<source-ip><real-server IP> to view the port allocation and usage information since the ports allocation will be from the real server pool.
ServerIron 4502/1#sh source-ip 184.108.40.206 all
Source IP information
Source IP: 220.127.116.11
flt: Yes standby: No intf ip: No
Real server: real-rs-8.10 (18.104.22.168)
MMS: h: 0 t: 0 m: 23b4fb3c T: 642 f: 642
RTSP: h: 0 t: 0 m: 23b51b54 T: 384 f: 384
NORM: h: 0 t: 0 m: 23b34b24 T: 9216 f: 9216
Real server: real-rs-8.11 (22.214.171.124)
MMS: h: 0 t: 0 m: 23b53b6c T: 642 f: 642
RTSP: h: 0 t: 0 m: 23b55b84 T: 384 f: 384
NORM: h: 0 t: 0 m: 280c1d08 T: 9216 f: 9216
Real server: real-rs-8.12 (126.96.36.199)
MMS: h: 0 t: 0 m: 23b58114 T: 642 f: 642
RTSP: h: 0 t: 0 m: 23b5a12c T: 384 f: 384
NORM: h: 0 t: 0 m: 280dcd20 T: 9216 f: 9216