Symptom
IOS XE NAT device allocates only single chunk of ports for the dynamic NAT translation in the privileged range.(reserved range)
For the TCP it allocates 545 to 617 port range and for UDP it is 512 to 584. It means TPM allocates only 72 ports in the privileged range for NAT purpose.
Due to this limited port availability, applications using the privileged ports are running out of NAT ports and cannot use the NAT functionality.
show ip nat portblock dynamic global
tcp
7110 -8133 rfcnt 86 6086 -7109 rfcnt 86 5062 -6085 rfcnt 86 545 -617 rfcnt 86<<<
udp:
9833 -10856 rfcnt 86 8809 -9832 rfcnt 86 7785 -8808 rfcnt 86 512 -584 rfcnt 86 <<<
causing low-port-range in dynamic portblock
Further Problem Description
Use case example NFS
NFS cross mounting of transport is failing frequently. Time out happens always while trying to do cross mounting and this is impacting migration work for customers.
NFS mounting is affected. NFS mount uses ports the low range ports 665-1023.
This first time they are doing bulk migration. Up to 72 connections works for LoB, when there are more than 72 connections, it fails due to unavailable NAT ports
