Forum Discussion

Sly_85819's avatar
Sly_85819
Icon for Nimbostratus rankNimbostratus
Dec 28, 2009

inet port exhaustion - urgent help needed

We recently had two outages which involved single system sending lot of DNS queries to LTM causing it to slow down and ultimately resulting in performance degradation for all the apps configured on LT...
config
design
Sly_85819's avatar
Sly_85819
Icon for Nimbostratus rankNimbostratus
Dec 28, 2009
We are not using SNAT for the concerned VIP's. The logged message shows connection directly to the pool member. I am still trying to understand whether it was sending traffic to the VIP or the pool member. Below is the config. The iRule basically allows the servers behind LTM to talk to other VIP's on the same LTM. The inbound_11_route VS allows connection directly to the pool members.

 

 

virtual ns-phx.bmc.com {

 

pool ns-phx.bmc.com

 

destination 172.24.4.252:domain

 

ip protocol udp

 

vlans PRDSRV200

 

PRDVIP100 enable

 

rules ns-phx-snat-iRule1

 

persist source_addr

 

}

 

 

virtual Inbound_11_Route {

 

ip forward

 

destination 172.24.8.0:any

 

mask 255.255.252.0

 

vlans PRDVIP100 enable

 

profiles fastl4_90mins_timeout

 

}

 

 

rule ns-phx-snat-iRule1 {

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::client_addr] equals $::all_server_nodes]} {

 

snat automap

 

}

 

}

 

}