[Netscaler] Nitro API: Intermittent Incomplete /nitro/v1/config/rnat Responses
Article ID: CTX628937
Updated On:
Description
You might observe less data than expected in the response from NetScaler when calling the Nitro API /nitro/v1/config/rnat under the following conditions:
- NetScaler versions before 13.1 Build 53.24
- NetScaler versions before 14.1 Build 21.57
- Simultaneous 'show' calls are made from different sessions.
Resolution
We've since improved the underlying code logic to robustly manage this concurrent scenario, thereby preventing data discrepancies. Fix is available in following versions :
- 13.1 Build 53.24 and later builds
- 14.1 Build 21.57 and later builds
Build 53.24 | NSHELP-36253
The "show rnat" command might display an incomplete list of RNAT entities configured on NetScaler.
Problem Cause
The data discrepancy was primarily observed when multiple UI sessions concurrently initiated 'show rnat' commands.
Issue/Introduction
Additional Information
Example Scenario:
To illustrate this, consider a scenario where you expect 40 RNAT rules.
Working Scenario (Expected Results): When the API call to /nitro/v1/config/rnat is made under normal circumstances, the expected response includes all 40 RNAT rules, similar to this structure:
{
"errorcode": 0,
"message": "Done",
"severity": "NONE",
"rnat": [
{ "name": "rnat1", "td": "0", "aclname": "NA", "srcippersistency": "DISABLED", "useproxyport": "ENABLED", "connfailover": "ENABLED" },
{ "name": "rnat2", "td": "0", "aclname": "NA", "srcippersistency": "DISABLED", "useproxyport": "ENABLED", "connfailover": "ENABLED" },
// ... (up to rnat39)
{ "name": "rnat40", "td": "0", "aclname": "NA", "srcippersistency": "DISABLED", "useproxyport": "ENABLED", "connfailover": "ENABLED" }
]
}
Non-Working Scenario (Issue Occurs): However, when the issue occurs under the conditions mentioned above, NetScaler may return fewer than the expected number of RNAT rules. For instance, it might return only 39 rules, even if 40 are configured:
{
"errorcode": 0,
"message": "Done",
"severity": "NONE",
"rnat": [
{ "name": "rnat1", "td": "0", "aclname": "NA", "srcippersistency": "DISABLED", "useproxyport": "ENABLED", "connfailover": "ENABLED" },
{ "name": "rnat2", "td": "0", "aclname": "NA", "srcippersistency": "DISABLED", "useproxyport": "ENABLED", "connfailover": "ENABLED" },
// ... (up to rnat38)
{ "name": "rnat39", "td": "0", "aclname": "NA", "srcippersistency": "DISABLED", "useproxyport": "ENABLED", "connfailover": "ENABLED" }
]
}
This discrepancy indicates that not all configured RNAT rules are being returned in the API response, which can lead to unexpected behavior in applications relying on this data.
