Forum Discussion

Jenda_40397's avatar
Jenda_40397
Icon for Nimbostratus rankNimbostratus
Jan 28, 2011

SNAT pool size

Hi,

 

 

I'm playing with a configuration for some kind of large scale NAT on Viprion 3900 with 10.2.0. The requirement is to SNAT a big private network to a smaller public range when mapping of IP addresses has to be fixed. For instance to map a private subnet /8 to a public /14. I use a wildcard VS, a SNAT pool and an irule to manage fixed mapping of IPs. When I work with a small SNAT pool (8 IPs) everything is OK. However if I try a real life example and the SNAP pool is /14 range it doesn't work. Outgoing packet is SNATed without problems, but when a response is going back to the private network it looks that the F5 is not able to match it. I guess that I crossed some internal limitation. In fact even to cerate this big SNAT pool was a bit tricky.

 

 

Is there a recommendation on maximum number of SNAT pool members and is it somehow related to HW/SW or not?

 

 

Thanks,

 

Jan

2 Replies

  • Are you seeing any SNAT Port Exhaustion messages in the Local Traffic section of your logs?

     

     

    Similar to the following:

     

     

    01010201:2: Inet port exhaustion on 10.1.21.26 to 172.28.21.71:53 (proto 17)

     

  • You can probably do all of this entirely in an iRule, without needing a snat pool per se, although I'd probably need to see the entire configuration in question to know for sure.

     

     

    -Matt