Problem
You would like to reduce the number of drops in received packets on Cloud NAT.
Environment
- Cloud NAT
- Keepalives already in place
Solution
- Decrease the TCP TIME_WAIT timeout and increase the TCP Established Connection Idle Timeout. Example for setting timeout to 120s:
gcloud compute routers nats update NAT_CONFIG \ --router=NAT_ROUTER \ --region=REGION \ --tcp-established-idle-timeout=120s \ --tcp-time-wait-timeout=120s
Cause
The reason for such packet drops is not related to Cloud NAT resource scarcity nor independent endpoint conflict, but it means that by the time the packet arrived at NAT no matching connection was found.
Each connection has a timeout associated with it and this issue can be caused by no data received for a long time, which results in Cloud NAT dropping the mapping for the connection.
Each connection has a timeout associated with it and this issue can be caused by no data received for a long time, which results in Cloud NAT dropping the mapping for the connection.