cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
747
Views
0
Helpful
2
Replies

ACE Routed / One-ARM Design

robert.horrigan
Level 2
Level 2

This question is on ACE 4710 design, specifically the NAT statement offten used on the server vlan interfaces.  What is the maximum number of connections to a group of servers I can get with only using a single nat address?  Is it ~65000 ie the number of ethereal ports available?  Do i need to use multiple addresses if I expect more than 65000 connections on a VIP?

interface vlan x

  description server vlan
  ip address xx.xx.xx.20 255.255.255.224
  access-group input ACL1
  access-group output ACL1

  nat-pool 1 xx.xx.xx.1 xx.xx.xx.1 netmask 255.255.255.224 pat
  service-policy input remote-mgmt
  service-policy input CLIENT-VIPS
  no shutdown

1 Accepted Solution

Accepted Solutions

rocash
Cisco Employee
Cisco Employee

The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html

You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/execmds.html#wp1703221

View solution in original post

2 Replies 2

rocash
Cisco Employee
Cisco Employee

The ACE provides 64 K minus 1 K ports for each IP address for PAT. Ports 0 through 1024 are reserved and cannot be used for PAT. Therefore a nat-pool with a single IP address will support ~63K simultaneous translations. See:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/security/guide/nat.html

You can check the current port translations being performed by the ACE-4710 using the "show xlate" command, which is documented here:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_x/command/reference/execmds.html#wp1703221

thanks a lot

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: