Forum Discussion

F5-Oetti's avatar
F5-Oetti
Icon for Nimbostratus rankNimbostratus
Mar 29, 2018

Performance decrease using a S-NAT Pool

Hello F5 Experts,

 

I have a funny problem. I setup at my i4600 a VS (FastL4) what should balance traffic on TCP-Port 3299 to two SAP-Routers. When I do SNAT Automap it is performing quite well. Start SAP-GUI and I am immediately connected.

 

Because of many users are using SAP I created a S-NAT Pool what consists on round 25 IP addresses out of the same subnet range where the two SAP-Router Servers are placed in. The SNAT-Pool is bound to the VS. The LTM has one of it's VLAN interfaces also in the server vlan. I can ping that IP-addresses defined in the SNAT - pool from that SAP-Routers also without any problem. But when I now try connect with my SAP-GUI it either takes up to 10 seconds until I am connected to the SAPServer or it fails sometimes to connect...

 

So what cause that slow connect or that the connect fails many times?

 

Regards Jerry

 

application delivery
LTM

4 Replies

Sort By
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Mar 29, 2018

    Hello,

    I'm just curious, Did you isolated the issue enabling only one SAP-Routers per test?

    Did you tried to put just the float ip, same as the automap, into the snat pool and check it?

    Did you tried to connect from advanced bash testing with a snat ip as source address? e.g. 

    nc -v -s  -w 3  3299

    And finally, why do you need 25 ip address on the pool? Is it not too much?

    Regards.

  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    Apr 01, 2018

    Can you please provide capture details before enabling S-NAT pool and after enabling S-NAT pool.

     

  • F5-Oetti's avatar
    F5-Oetti
    Icon for Nimbostratus rankNimbostratus
    Apr 03, 2018

    Hello,

     

    Thank you for your answer. I have now only one SAP-router in the pools active and the same behavior. I takes round 10 Seconds to connect. I have actually no float-ip setup. From advanced bash I can connect in time when I use the Interface IP of the LTM as in your exapmple. As soon as I use one of the IP's defined in the SNAT pool I get

     

    nc -v -s 10.24.101.8 -w 3 10.24.100.69 3299 nc: bind failed: Cannot assign requested address

     

    OK you are right there is not really a need for such a big range... but I expected that it is not important if take 3 or 25 ...

     

    Regards Gerhard

     

  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Apr 03, 2018

    Sorry my mistake about trying your snat address as source to nc test, I just intent to force BIG-IP to run with snat origin. Yes, 25 items is not a problem, I asked just because I was curious since the combination 25*65k (ip x port) is a big number to reach. So, my last question is if the SNAT pool is on the same selfip network range? Better if you share your setup (virtual server, pool, snat, etc) and maybe a tcpdump capture. Respectfully.