[c-nsp] Interesting NAToverload issue

nasir.shaikh at bt.com nasir.shaikh at bt.com
Wed Feb 25 06:58:31 EST 2009


Hi John,
That is indeed a good idea. But there are 2 routers doing this NAT and
the load towards them is being load-balanced by the choke router before
them. I will then have to configure NAT in such a way that each IP from
the NAT pool can only be used for about 32000 sessions (as I cannot
control which specific session will be routed to which NAT router by CEF
on the choke router).
But this is a good option.

Thanks


Nasir Shaikh 
This email contains information from BT Nederland N.V., which may be
privileged or confidential. 
It's meant only for the individual(s) or entity named above. If you are
not the intended recipient, note that disclosing, copying, distributing
or using this information is prohibited.  
If you have received this email in error, please let me know immediately
on the email address above.
We monitor our systems, and may record your emails.

BT Nederland N.V. 
Registered office:  Offices Minerva and Mercurius, Herikerbergweg 2,
1101 CM Amsterdam
Registered at the Amsterdam Chamber of Commerce no:  33296214



-----Original Message-----
From: John Kougoulos [mailto:koug at intracom.gr] 
Sent: 25 February 2009 12:49
To: Shaikh,NM,Nasir,JRS1 R
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Interesting NAToverload issue

Hello,

you could split the usage of nat pools based on statistics of the source
IP addresses eg use 1 ip/overloaded nat pool for even source IPs and
another IP for the odd source IPs

Best Regards,
John

On Wed, 25 Feb 2009, nasir.shaikh at bt.com wrote:

> Hi,
>
> I have a client who has moved their Microsoft Exchange servers to a 
> service provider location (as part of a de-perimeterization strategy).
> These servers are reachable via the Internet. Thus, the client IP are 
> NATted before they cross the corporate boundary. There are about 45000

> users. Each user needs about 17-22 sessions (that's how MS Outlook
> works) and thus as many NAT entries Therefore a NAT pool is used with 
> overload. It was working fine for more than a year now but suddenly 
> the following phenomenon has been noticed. - When a user session is 
> being built up and he has let's say 10 NAT entries using the first IP 
> in the NAT pool and the port numbers run out, the next IP in the NAT 
> pool is used to complete the required number of sessions. - Exchange 
> server is apparently not happy with one client using 2 IP addresses 
> and keeps (re-)building sessions untill all of them are using the same
NATted IP.
> This can sometimes take upto 5 miniutes.
>
> Is there a solution to this problem? There is one single destination 
> global address. Is there a way to force the usage of the same IP from 
> the NAT pool for all NAT requests from a particular source IP? 
> Platform is7206-vxr with NPE-G2
>
> Thanks in advance
>
>
> Nasir Shaikh
> This email contains information from BT Nederland N.V., which may be
privileged or confidential.
> It's meant only for the individual(s) or entity named above. If you
are not the intended recipient, note that disclosing, copying,
distributing or using this information is prohibited.
> If you have received this email in error, please let me know
immediately on the email address above.
> We monitor our systems, and may record your emails.
>
> BT Nederland N.V.
> Registered office:  Offices Minerva and Mercurius, Herikerbergweg 2, 
> 1101 CM Amsterdam Registered at the Amsterdam Chamber of Commerce no:

> 33296214
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list