When you use a secure network address translation (SNAT) for
client-initiated (inbound) connections, the availability of ephemeral ports can become diminished
and possibly exhausted, resulting in an inability of the SNAT to process additional connections
until source ports again become available. You can configure the BIG-IP system to accumulate real-time ephemeral-port statistics, and
when usage exceeds a specified threshold level, to log an error and provide a Simple Network
Management Protocol (SNMP) alert notification, thus enabling you to assess an approaching
exhaustion of ephemeral ports and respond accordingly.
When configuring ephemeral port exhaustion functionality, you can enable the
port exhaustion threshold, specify a threshold trigger level, and specify a timeout duration in
seconds. The following commands apply default values.
# tmsh modify ltm global-settings traffic-control port-find-threshold-warning enabled
# tmsh modify ltm global-settings traffic-control port-find-threshold-trigger 8
# tmsh modify ltm global-settings traffic-control port-find-threshold-timeout 30
You can view a summary of the traffic control settings by typing the
following command at the command line:
ltm global-settings traffic-control all-properties
Note that you need to configure logging functionality, for example,
high-speed remote logging, to log any ephemeral port exhaustion error messages. Additionally, you
will want to manage any alert notifications by using SNMP.