Forum Discussion
dragonflymr
Cirrostratus
CirrostratusSNAT, VS and multiple Idle Timeout setting
Hi,
I am a bit lost how Idle Timeout (IT) is managed when there are different object involved for given connection.
VS has Idle Timeout set via TCP profile (let's say it's Standard VS), SNA...
Hannes_Rapp_162
Nacreous
NacreousIn a given scenario, the connection's TCP idle timeout is 5 minutes (300 sec). The difference is that once the connection's record is removed from the Connections Table (due to timeout exceeded), the SNAT translation record will be retained for another 10 minutes (600 sec). In this state, the SNAT record will only consume memory and do nothing useful. For this reason, the SNAT record's Idle Timeout should be equal to the Idle Timeout value set in TCP profile, or less than that.
Hannes_Rapp_162Nacreous
NacreousIn an idle scenario, yes, the SNAT record will be removed before the TCP record. If the SNAT record is not in place while a packet for an existing TCP connection is received, a new SNAT record will be created and the session will not be interrupted. The impact to consider is very similar to TCP Idle Timeout vs. ARP record Idle Timeout - ARP records time out a lot sooner, but the TCP sessions are not interrupted because of that. Only thing you may want to consider is that setting a SNAT Idle Timeout value too low will start to consume CPU (due to the necessity of re-adding those SNAT records).
