[c-nsp] Interesting NAToverload issue

John Kougoulos koug at intracom.gr
Wed Feb 25 06:48:58 EST 2009 

Hello,

you could split the usage of nat pools based on statistics of the source 
IP addresses eg use 1 ip/overloaded nat pool for even source IPs and 
another IP for the odd source IPs

Best Regards,
John

On Wed, 25 Feb 2009, nasir.shaikh at bt.com wrote:

> Hi,
>
> I have a client who has moved their Microsoft Exchange servers to a 
> service provider location (as part of a de-perimeterization strategy). 
> These servers are reachable via the Internet. Thus, the client IP are 
> NATted before they cross the corporate boundary. There are about 45000 
> users. Each user needs about 17-22 sessions (that's how MS Outlook 
> works) and thus as many NAT entries Therefore a NAT pool is used with 
> overload. It was working fine for more than a year now but suddenly the 
> following phenomenon has been noticed. - When a user session is being 
> built up and he has let's say 10 NAT entries using the first IP in the 
> NAT pool and the port numbers run out, the next IP in the NAT pool is 
> used to complete the required number of sessions. - Exchange server is 
> apparently not happy with one client using 2 IP addresses and keeps 
> (re-)building sessions untill all of them are using the same NATted IP. 
> This can sometimes take upto 5 miniutes.
>
> Is there a solution to this problem? There is one single destination 
> global address. Is there a way to force the usage of the same IP from 
> the NAT pool for all NAT requests from a particular source IP? Platform 
> is7206-vxr with NPE-G2
>
> Thanks in advance
>
>
> Nasir Shaikh
> This email contains information from BT Nederland N.V., which may be privileged or confidential.
> It's meant only for the individual(s) or entity named above. If you are not the intended recipient, note that disclosing, copying, distributing or using this information is prohibited.
> If you have received this email in error, please let me know immediately on the email address above.
> We monitor our systems, and may record your emails.
>
> BT Nederland N.V.
> Registered office:  Offices Minerva and Mercurius, Herikerbergweg 2, 1101 CM Amsterdam
> Registered at the Amsterdam Chamber of Commerce no:  33296214
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list