12-09-2009 01:12 AM
HI, I want to get source port of client from Real server, but it is changed by ACE
matched port of VIP set to 8070 same as RIP, it is fine.
I want to know is it posible to keep souce port unchanged when port translation is configured
any help will be appreciated
below is the config
------------------------------------------------
probe udp udp-8070
port 8070
interval 5
rserver server01
ip address 192.168.1.15
inservice
rserver server02
ip address 192.168.1.16
inservice
serverfarm host sf-UDP-8070
failaction purge
probe udp-8070
rserver server01 8070
inservice
rserver server02 8070
inservice
policy-map type loadbalance first-match pL7-UDP-8070
class class-default
serverfarm sf-UDP-8070
class-map match-any c4-UDP-1270
match virtual-address 192.168.2.100 udp eq 1270
policy-map multi-match pL4-UDP
class c4-UDP-1270
loadbalance vip inservice
loadbalance policy pL7-UDP-8070
loadbalance vip icmp-reply
interface vlan 211
service-policy input pL4-UDP
Solved! Go to Solution.
12-09-2009 03:52 AM
This is called implicit pat. It is happening to guarantee that the response from the server is handled by the same IXP.
The ACE module contains 2 x IXP and each one of them perform the loadbalancing functions indepently.
So, it is required that the 2 flows of a connection are handled by the same IXP. The function that select the IXP does it base on the destination and source port. Therefore it is sometimes required to change the source port.
There is no way to prevent this.
The appliance does not have this problem because there is only a single processor.
Gilles.
12-09-2009 03:52 AM
This is called implicit pat. It is happening to guarantee that the response from the server is handled by the same IXP.
The ACE module contains 2 x IXP and each one of them perform the loadbalancing functions indepently.
So, it is required that the 2 flows of a connection are handled by the same IXP. The function that select the IXP does it base on the destination and source port. Therefore it is sometimes required to change the source port.
There is no way to prevent this.
The appliance does not have this problem because there is only a single processor.
Gilles.
01-14-2010 02:19 AM
Hello
I have the same problem.
I found that it is possible to disable implicit-PAT for UDP/TCP traffic with the Admin context command "hw-module cde-same-port-hash". There is not information in the documentation about the performance impact of such change. Do you know what I could expect when configuring this option ?
Thank you in advance for your answer.
Regards
Lukas
03-15-2010 10:32 PM
Dears,
I had this issue with SIP traffic
to solve the Impicit PAT issue you may try the following,
1) Direct Server Return on ACE Configure servers with VIP address as a secondary IP address on interfaces
directly connected to the ACE (that is, interfaces which have an ARP entry
for the ACE.) Then configure the ACE to forward to that VIP address as a
transparent serverfarm.
or 2) Configure the "hw-module cde-same-port-hash" on the Admin context, this will disable Hashing based on Src. and Dst. port the ACE will use a new Hash method
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: