ServerIron ADX Server Load Balancing Guide
Release 12.0.00
June 15, 2009

Table of Contents Previous Next Print


Server Load Balancing > Source NAT
Source NAT
Source NAT configuration is useful where a ServerIron is connected in one-armed mode; for example where it is connected to the network infrastructure through an uplink as shown in Figure 2.5.
In this situation the ServerIron ADX passes the source IP address of the client to a backend application server. If these servers have a direct path to the client, (as would be the case in one-armed design) the response will bypass the ServerIron ADX in the return path. This breaks the traffic flow because the client sees the response coming from the IP address of the real server instead of the IP address of the virtual server.
With Source NAT configured, a ServerIron ADX replaces the IP address of a client IP with the IP address of the ServerIron ADX in request packets forwarded to the real server. This forces the real server to forward replies to the ServerIron ADX instead of bypassing it.
Figure 2.5 provides an example of what can occur when a real server has a path back to a client that bypasses a ServerIron ADX without Source NAT enabled as described in the following.
1.
A request from the Client arrives at the ServerIron through a Layer-2 switch.
2.
The ServerIron translates the VIP IP address to the IP address of the real server and forwards the request to the real server.
3.
The real server sees the request coming from the IP address of the client and replies back directly through the Layer-2 switch bypassing the ServerIron.
4.
The Client sees the response coming from and unknown IP address (other than the one that it sent the request to) and drops the packet.
Figure 2.5
Scenario without Source NAT Configured
In Figure 2.6 the traffic flow of the configuration is changed by enabling Source NAT as described in the following.
1.
A request from the Client arrives at the ServerIron through a Layer-2 switch.
2.
The ServerIron translates the VIP IP address to the IP address of the real server, replaces the IP address of the client with it’s own IP address and forwards the request to the real server.
3.
The real server sees the request coming from the IP address of the ServerIron and replies back. through the layer2 switch to the ServerIron.
4.
The ServerIron translates the IP address of the real server to the VIP IP address and replies to the client.
Figure 2.6
Scenario with Source NAT Configured
Source NAT can be configured either globally or per Real Server as described in the following sections: “Enabling Source NAT Globally” and “Enabling Source NAT on a Real Server”.
 
Server Load Balancing > Source NAT

Table of Contents Previous Next Print
Copyright © 2009 Brocade Communications Systems, Inc.