Source and Destination NAT Problem
Hello everybody,
I am working for an ISP. We have recently added one rule to our Acceptable Use Policy, stating that our network equipment intercepts all outgoing DNS requests and route them back to our local DNS servers.
In order to do this, I have configured my Cisco ASR to set the next hop of all packets destined to UDP port 53 to a Centos 6.4 virtual machine, which simply destination NAT DNS requests to our DNS server. In order to prevent our DNS server from responding back to the original client with its own IP address, I have configured the NAT virtual machine to also source NAT DNS requests, thus ensuring that our DNS server will send DNS replies to the NAT virtual machine in order for it to place the original IP addresses in the DNS replies.
Everything works well for a small number of intercepted DNS queries, but when I intercept a large number of DNS queries, it seems like the NAT virtual machine starts to drop DNS requests. In addition to that the NAT virtual machine responds to ping requests with high delays (400+ msec) and there are also some timed out ping requests.
The strange thing is that I don't see any interesting thing in /var/log/messages and when a large number of of DNS requests is intercepted, the load average on the NAT virtual machine is not high and the memory consumption is below average!
What do you think the problem is? Is it something related to networking buffers?
Thanks in advance for your help!
Firas
|