Solved: ACE Drop (Dest nat fail):

mruuth · ‎05-12-2011

Hi All,

I'm using ACE module A2(2.4)

I'm trying to use parameter server-conn reuse, but clients get sometimes statuscode 503.

A#1/Test1# show np 1 me-stats "-socm -v"
OCM Statistics: (Current)
--------------
Errors:                                           0             0
Connection create received:               231121503          1142
LB dest decision received:                365473159          1473
Nat app fixup recieved:                           0             0
Connection unproxy received:               52997475           393
Connection reproxy received:               51249279           375
IPCP received:                                83227             2
ACK trigger received:                      52733008           390
TCP connected received                    218498529          1065
Unknown message received:                         0             0
Drop [LB dest decision fail]:                 29392             0
Drop [invalid ifid]                               0             0
Drop [Out of buffers]:                            0             0
Dest decision transmitted:                248735645          1174
TCP connect transmitted:                  212827881           828
ACK trigger transmitted:                         12             0
IPCP transmitted:                             83227             2
NAT[static mapped]:                               0             0
NAT[static real]:                                 0             0
NAT[xlate alloc fail]:                            0             0
NAT[xlate real hit]:                              0             0
NAT[xlate mapped hit]:                            0             0
NAT[invalid xlate]:                               0             0
NAT[dump xlate]:                                  0             0
NAT[xlate release failed]:                        0             0
NAT Pool Alloc [fail]:                            0             0
NAT Pool Alloc [addr]:                            0             0
NAT Pool Alloc [addr/port]:                33689970            81
NAT Pool Free [addr]:                             0             0
NAT Pool Free [addr/port]:                 33689214            88
NAT Pool Free [orphan IP]:                        0             0
Reuse retrieve link update conn invalid           0             0
Reuse retrieve link update conn not on r          0             0
Reuse retrieve success but conn invalid:          0             0
Drop [Next Hop queue full]:                       0             0
Reuse retrieve miss:                         845627             3
OCM Packet count (Hi & Lo):               976499360          4850
Packet forward received:                    4343180            10
NAF Error [no route or unresolved adjace          0             0
NAF Error [nat resp fail]:                        0             0
UDP Chaser received:                          10406             0
(Context 1 Statistics)
Drop [out of connections]:                        0             0
Drop [out of proxies]:                            0             0
Drop [out of ssl]:                                0             0
Drop [mac lookup fail]:                           0             0
Drop [route lookup fail]:                         0             0
Drop [nat fail]                                   0             0
Drop [ip sanity check fail]                       0             0
Drop [acl deny]:                                  0             0
Drop [redundant connection]:                      0             0
Connection inserted:                         862670             3
Packet message transmitted:                 6409302           230
Reuse conns retrieved:                      6390611           238
Drop [Reproxy fail]:                            171             0
Drop [dest nat fail]:                         58286             2

The last counter is increasing. What does it mean? Can this be the problem?

I do not get 503 in the retcode map of the servers.

Regards

Mats

Daniel Arrondo Ostiz · ‎05-12-2011

Hi Mats,

I find it very strange that the ACE is sending a 503 message back to the client, because, in case of issues, it normally just resets the connection. With that in mind, we should also investigate the server itself. This is not trivial, so, you should open a TAC case.

Let me just explain the meaning of the "Drop [dest nat fail]" counter. It will be incremented if, after a connection has been natted, one of the servers tries to open a new connection against the natted IP and port. This shouldn't happen unless you are using a protocol composed of several connections (for example, FTP)

Regards

Daniel

View solution in original post

Daniel Arrondo Ostiz · ‎05-12-2011

Hi Mats,

I find it very strange that the ACE is sending a 503 message back to the client, because, in case of issues, it normally just resets the connection. With that in mind, we should also investigate the server itself. This is not trivial, so, you should open a TAC case.

Let me just explain the meaning of the "Drop [dest nat fail]" counter. It will be incremented if, after a connection has been natted, one of the servers tries to open a new connection against the natted IP and port. This shouldn't happen unless you are using a protocol composed of several connections (for example, FTP)

Regards

Daniel

mruuth · ‎05-12-2011

Hi Daniel,

Thanks for this extremy fast response (13 min.)

With your description of the error counter I'm going to investigate further.

Once again

Thank you

Mats

Message was edited by: mruuth Daniel, How do I give You rating? Mats