We've encountered a problem were clients behind a NAT firewall device are having intermittent problems accessing shares on the NetApp vfiler. Clinets that are not behind the NAT firewall device have no problems.
We've switched out the OpenBSD NAT device with an F5 BigIP and the problem still exists.
Do you know of a limitation of the NetApp to work correctly with hundreds of CIFS clients coming from a single IP address?
It's a NetApp FAS3070 running OnTap 7.3.5P1.
Thanks,
-Robert
rmcdermo@fhcrc.org
Just a WAG but what about packet fragmentation?
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Robert McDermott Sent: Tuesday, March 22, 2011 1:41 PM To: toasters@mathworks.com Subject: Problems with too many cifs clients behind a single IP NAT device?
We've encountered a problem were clients behind a NAT firewall device are having intermittent problems accessing shares on the NetApp vfiler. Clinets that are not behind the NAT firewall device have no problems.
We've switched out the OpenBSD NAT device with an F5 BigIP and the problem still exists.
Do you know of a limitation of the NetApp to work correctly with hundreds of CIFS clients coming from a single IP address?
It's a NetApp FAS3070 running OnTap 7.3.5P1.
Thanks,
-Robert
rmcdermo@fhcrc.org
Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.
Check this KB article, we had something similar with a limit on connections related to a single Citrix host...
How to increase maximum number of simultaneous outstanding Windows client requests that a filer allowshttps://kb.netapp.com/support/index?page=content&id=1011549
KB article 1011549, in case the link doesn't work...
Best,
Matt
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Page, Jeremy Sent: Tuesday, March 22, 2011 3:09 PM To: Robert McDermott; toasters@mathworks.com Subject: RE: Problems with too many cifs clients behind a single IP NAT device?
Just a WAG but what about packet fragmentation?
-----Original Message-----
From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com]
On Behalf Of Robert McDermott
Sent: Tuesday, March 22, 2011 1:41 PM
To: toasters@mathworks.com
Subject: Problems with too many cifs clients behind a single IP NAT
device?
We've encountered a problem were clients behind a NAT firewall device
are having intermittent problems accessing shares on the NetApp vfiler.
Clinets that are not behind the NAT firewall device have no problems.
We've switched out the OpenBSD NAT device with an F5 BigIP and the
problem still exists.
Do you know of a limitation of the NetApp to work correctly with
hundreds of CIFS clients coming from a single IP address?
It's a NetApp FAS3070 running OnTap 7.3.5P1.
Thanks,
-Robert
rmcdermo@fhcrc.org
Please be advised that this email may contain confidential
information. If you are not the intended recipient, please notify us
by email by replying to the sender and delete this message. The
sender disclaims that the content of this email constitutes an offer
to enter into, or the acceptance of, any agreement; provided that the
foregoing does not invalidate the binding effect of any digital or
other electronic reproduction of a manual signature that is included
in any attachment.
The information contained in this message may be privileged, confidential, and protected from disclosure. If the reader of this message is not the intended recipient, or any employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.
I would think that unless the packets went over a WAN connection, fragmentation wouldn't matter. The exception would be Kerberos which sets the do-not-frag bit...but then you'd always have the problem.
I would think there is a limit being reached either on the netapp or the firewall for # of rpc connections or open TCP ports to a single IP. My guess is that its on the Netapp side.
Sent from my Android phone, please excuse any tyops.
-----Original Message----- From: Page, Jeremy [jeremy.page@gilbarco.com] Received: Tuesday, 22 Mar 2011, 3:35pm To: Robert McDermott [rmcdermo@fhcrc.org]; toasters@mathworks.com [toasters@mathworks.com] Subject: Problems with too many cifs clients behind a single IP NAT device?
Just a WAG but what about packet fragmentation?
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Robert McDermott Sent: Tuesday, March 22, 2011 1:41 PM To: toasters@mathworks.com Subject: Problems with too many cifs clients behind a single IP NAT device?
We've encountered a problem were clients behind a NAT firewall device are having intermittent problems accessing shares on the NetApp vfiler. Clinets that are not behind the NAT firewall device have no problems.
We've switched out the OpenBSD NAT device with an F5 BigIP and the problem still exists.
Do you know of a limitation of the NetApp to work correctly with hundreds of CIFS clients coming from a single IP address?
It's a NetApp FAS3070 running OnTap 7.3.5P1.
Thanks,
-Robert
rmcdermo@fhcrc.org
Please be advised that this email may contain confidential information. If you are not the intended recipient, please notify us by email by replying to the sender and delete this message. The sender disclaims that the content of this email constitutes an offer to enter into, or the acceptance of, any agreement; provided that the foregoing does not invalidate the binding effect of any digital or other electronic reproduction of a manual signature that is included in any attachment.
-
Glenn Dekhayser -
Page, Jeremy -
Robert McDermott -
Weasner, Matthew K