Forum Discussion

Jenda_40397's avatar
Icon for Nimbostratus rankNimbostratus
Jan 28, 2011

SNAT pool size




I'm playing with a configuration for some kind of large scale NAT on Viprion 3900 with 10.2.0. The requirement is to SNAT a big private network to a smaller public range when mapping of IP addresses has to be fixed. For instance to map a private subnet /8 to a public /14. I use a wildcard VS, a SNAT pool and an irule to manage fixed mapping of IPs. When I work with a small SNAT pool (8 IPs) everything is OK. However if I try a real life example and the SNAP pool is /14 range it doesn't work. Outgoing packet is SNATed without problems, but when a response is going back to the private network it looks that the F5 is not able to match it. I guess that I crossed some internal limitation. In fact even to cerate this big SNAT pool was a bit tricky.



Is there a recommendation on maximum number of SNAT pool members and is it somehow related to HW/SW or not?






2 Replies

  • Are you seeing any SNAT Port Exhaustion messages in the Local Traffic section of your logs?



    Similar to the following:



    01010201:2: Inet port exhaustion on to (proto 17)


  • You can probably do all of this entirely in an iRule, without needing a snat pool per se, although I'd probably need to see the entire configuration in question to know for sure.