Michael Shuey wrote:

> In this scenario, think about the tuple for a moment.  Since all clients
> and the natbox are mounting the same NFS server, selecting the same port by
> default, using UDP across the board, the connection tuples are (after SNAT)
> going to be very similar - they only differ in srcport.  Normally that
> would be just fine; however, with a high level of traffic the NAT system
> would occaisionally select a srcport that was already in use by the NFS
> client local to natbox.  That's not fine - it causes quite a few NFS
> timeouts, retransmits, etc. on natbox.

This is handled fine in all tests I have done provided your SNAT rule applies 
to both forwarded and locally originating packets.

If however your UDP nat entries times out from conntrack, which they can 
easily do for a idle NFS mount, then all bets is off.. The default udp 
timeout is only 180 seconds which is not by far sufficient for multi-client 
NAT of NFS. A typical case where conntrack by default cannot easily know a 
suitable timeout without additional information.

Regards
Henrik

Reply via email to