4

I am curious to know if I need to increase the min (Minimum ports per VM instance) port numbers I have configured for my GCP cloud NAT configuration. I am noticing some connection issue.

Just to give you more context I am using Google Cloud Platform's Cloud NAT.

VMs doesn't have external IP going to use Cloud NAT's IP to communicate with internet.

Nur
  • 386
  • 1
  • 7
userX
  • 123
  • 1
  • 9
  • You're very unlikely to exhaust the very generous limits on Cloud NAT. What is the connection issue that you are having? – Michael Hampton Aug 20 '19 at 03:32
  • @Michael Hampton, I am just trying to check if ports are exhaust or not as I am not sure how to monitor it. But i did noticed some dropped wondering if it is due to availability of ports or not. – userX Aug 22 '19 at 13:02

2 Answers2

4

I believe the number of port requirement depends on the number of connection that is being opened by services using the Cloud NAT to communicate with an external endpoint. If you would like to know if you are exhausting allocated ports, you might want to enable logging from

Go to "NAT gateway details" Click on EDIT then expand "Logging, minimum ports, timeout" and select logging options

Export Cloud NAT logs to Stackdriver:

  • No logging --disable logging
  • Translation and errors -- Will log Translation and error both
  • Translation only ---Will log Translation only
  • Errors only ---Will log error only.

When the logging is enabled, all collected logs are sent to Stackdriver by default. NAT flow logs provide two types of logs:

  • Translation: a VM instance initiates a connection that is successfully allocated to a NAT IP and port and traverses to the internet
  • Error: a VM instance attempts to connect to the internet by sending a packet over the connection, but the NAT gateway can't allocate a NAT IP and port due to port exhaustion

You can also find the details of gcloud command in Configuring logging section under Cloud NAT logging.

user536627
  • 56
  • 2
0

Apart from user538827's response on how to troubleshoot the issue from the logs, here's more background on port reservation here. These are the possible solutions for this issue of connections dropping during traffic bursts.

code4kix
  • 123
  • 8