SNAT POOL Lists

Question

&nbsp;
 &nbsp;
This is talking about SNAT POOL LISTS on the LTM&nbsp;
 &nbsp;

In this procedure, we configure a SNAT pool. A secure network address translation (SNAT) translates the source IP address within a connection to a &nbsp;
BIG-IP system IP address that you define. A SNAT pool is a group of these IP addresses.&nbsp;
 &nbsp;
Popular websites with heavy traffic (such as Google and Facebook) may require more SNAT addresses than typical websites. To estimate number of &nbsp;
SNAT address you need for these high-traffic sites, you must have a number of SNAT addresses larger than the maximum number of concurrent &nbsp;
connections per destination IP address divided by 64,000 (Number of SNAT address &gt; (maximum concurrent connections per destination IP address / &nbsp;
64,000)). &nbsp;
 &nbsp;
For example, if the destination IP address has 250,000 maximum concurrent connections, you would need 4 SNAT addresses in the SNAT pool &nbsp;
(250,000/64,000 = 3.906). You want to make sure you have enough SNAT addresses to cover the site with the highest expected traffic.&nbsp;
&nbsp;
 &nbsp;
 &nbsp;
If the Destination IP is the interface of the physical server (Node) in the pool, how are the SNATs going to know the connection limit of the server (node)&nbsp;
 &nbsp;
If we are saying facebook needs 1,000,000 conncurrent connections, so we need 16 SNATs address, is this not back towards the F5 ?&nbsp;
 &nbsp;
What connection limit are we trying to fix with SNATS ??&nbsp;
 &nbsp;
Graham&nbsp;
 &nbsp;
 &nbsp;
 &nbsp;

kevin_stewart · Answer

A SNAT or SNAT pool is really irrespective of the server node's capabilities. TCP allows for 65,535 port numbers per IP address. Subtract the 1024 "well known" ports, and you have ~64k ports. The BIG-IP server side connection (in a full proxy configuration) is the client side connection to the server node. A stateful client will establish a connection to a server using a random source port, going to a known listening destination port (ie. port 80). If the client runs out of random ports to a given destination IP address, it can no longer make new connections to that destination address. The SNAT pool, therefore, allows the BIG-IP to spread the connections across multiple source addresses.

pete_71470 · Answer

The number of pool members matters, too.  The F5 can reuse source ports to a degree (sol7820).  The most concurrent connections we've seen with a single SNAT (AutoMap) and a pool of 4 servers is 187,000 (at which point ephemeral port exhaustion was logged).  I'm sure it would have gone higher - but the servers began slowing down, leaving connections open longer and longer.

approxee · Answer

Hi Kevin / Pete,  Thanks very much for the reply. It all makes sence now - Thanks again&nbsp;
 &nbsp;
Graham&nbsp;

Forum Discussion

SNAT POOL Lists

3 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Viprion End of Software Support (EoSS)

Restore configuration to GTM Sync Group device

Questions on device trust

BIG‑IQ: Adding rSeries/Velos Devices through the REST API

AppWorld DC Booth Kiosk Generator

Related Content

SNAT pool persistence

F5 402 Exam reading list and notes

AS3 pool members using a list

Exchange2010 SNAT pool persistence

Apply a Policy to an SNAT list

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS