Packet drop due to source NAT IP/port allocation failed
The main cause is the ippool is heavily used (more than 80% with 8x over-subscription rate).
NAT pools work by hashing the destination address and trying specific buckets (depending on the hash value). If there are no free entries, we will attempt a simple version of brute force search.
If both fail, a failure will be returned.
This means that even though "show running ippool" may still show about 9k free entries, for some destination IPs (like google.com in web browsing) that a host already has many sessions to, we can't build a new session to this destination. However, it may be possible to build a new session to a different destination.
Additional external IP addresses are required to expand the available ippool for identical destinations.