Problem
You no tice that received packets on your Cloud NAT are dropped and would like to reduce these incidents.
Environment
- Cloud NAT
- Keepalives already in place
Solution
- Decrease the TCP TIME_WAIT timeout and increase the TCP Established Connection Idle Timeout. Example for setting timeout to 120s:
gcloud compute routers nats update NAT_CONFIG \ --router=NAT_ROUTER \ --region=REGION \ --tcp-established-idle-timeout=120s \ --tcp-time-wait-timeout=120s
Cause
The reason for such packet drops is not related to Cloud NAT resource scarcity nor independent endpoint conflict, but it means that by the time the packet arrived at NAT no matching connection was found.
Each connection has a timeout associated with it and this issue can be caused by no data received for a long time, which results in Cloud NAT dropping the mapping for the connection.
Each connection has a timeout associated with it and this issue can be caused by no data received for a long time, which results in Cloud NAT dropping the mapping for the connection.