Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1807
Views
0
Helpful
3
Replies

ACE NAT with ANY on the VIP wont pat on one address

Nick Cutting
Level 1
Level 1

‎09-26-2012 01:26 AM

Good morning

We have many instances of configuration across many ace devies where we source nat traffic that is on the server side vlan of the ace module. 

All of the vips in these examples are for tcp 80 or tcp 555 or tcp 443 etc etc

They are configured the usual way:

class-map match-any vip4
  2 match virtual-address 2.2.2.100 tcp eq www

........

policy-map multi-match L7SLBCookie
  class vip4
    loadbalance vip inservice
    loadbalance L7SLB_Cookie
    nat dynamic 2 vlan ServerSideVlan 
.....
interface vlan ServerSideVlan


nat-pool 2 2.2.2 2.2.2.2 netmask 255.255.255.255 pat

This works fine and the sh xlate looks like so:

TCP PAT from ServerSideVlan:2.2.2.3/1214 to ServerSideVlan:2.2.2.2/1368


However nowthat we are going to loadbalance exchange (which uses dynamic changing ports)
we need to use a vip that is configured for "any".

e.g 
class-map match-any vip4
  2 match virtual-address 2.2.2.100 (notice there is NO port, its default any)


 ........


policy-map multi-match L7SLBCookie
  class vip4
    loadbalance vip inservice
    loadbalance L7SLB_Cookie
    nat dynamic 2 vlan ServerSideVlan 
.....
interface vlan ServerSideVlan
nat-pool 2 2.2.2 2.2.2.2 netmask 255.255.255.255 pat




THis will work for ONE client only, and they can have multiple connections.  There is no port address translating at all
sh xlate:



NAT from ServerSideVlan:2.2.2.3 to ServerSideVlan:2.2.2.2 count:3 (<- telnetted to 3 diff ports, same server)
Labels:
0 Helpful
3 Replies 3

Nick Cutting
Level 1
Level 1

‎09-27-2012 02:17 AM

Testing on another device - same version same 6500 versions ... with  the same exact config but with one differece I see TCP PAT....

the difference is

serverfarm Server_Farm

  32 static client source 3.3.3.4 rserver Server01 (not in use - shouldnt affect the problem)

  40 static client source 3.3.3.3 rserver Server02 (not in use - shouldnt affect the problem)

TCP PAT from ServerSideVlan:2.2.2.3/1514 to ServerSideVlan:2.2.2.2/1662
0 Helpful

Nick Cutting
Level 1
Level 1
In response to Nick Cutting

‎09-27-2012 07:14 AM

WORKING

ace#sh nat-fabric policies

NAT object ID:3 mapped_if:19 policy_id:1 type:DYNAMIC nat_pool_id:4

                Pool ID:4 PAT:1 pool_id:5 mapped_if:19 Ref_count:1 ixp_binding:in all IXPs

                lower:2.2.2.2 upper:2.2.2.2 Bitmap-ID:35

                List of NAT object IDs: 3

NON-WORKING

ace#sh nat-fabric policies

NAT object ID:5 mapped_if:20 policy_id:4 type:DYNAMIC nat_pool_id:5

                Pool ID:5 PAT:0 pool_id:6 mapped_if:20 Ref_count:1 ixp_binding:in IXP0

                lower:2.2.2.2 upper:2.2.2.2 Bitmap:0x1

                List of NAT object IDs: 5

0 Helpful

Nick Cutting
Level 1
Level 1
In response to Nick Cutting

‎10-01-2012 12:25 AM

This is now sorted.  I just removed the config, then added the same config back.  maybe a bug

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card