ServerIron ADX Server Load Balancing Guide
Release 12.0.00
June 15, 2009

Table of Contents Previous Next Print


Server Load Balancing > Enabling Use of the Client MAC Address

Enabling Use of the Client MAC Address
By default, the ServerIron ADX uses the MAC address of its default gateway as the destination MAC address for server replies (TCP SYN and TCP SYN ACK) to a client. This works well in some configurations but can cause difficulties in configurations where there are multiple VLANs and multiple instances of VRRP are running in each VLAN on upstream routers.
You can enable use of the client MAC address instead of the default gateway address, by entering the following command:
ServerIron(config)# server l7-dont-use-gateway-mac
Syntax: [no] server l7-dont-use-gateway-mac
Enabling Reverse NAT
Reverse NAT allows the ServerIron ADX to change the source IP address of some traffic initiated by a real server. Specifically, the [no] server reverse-nat command causes the ServerIron ADX to change the source IP address for traffic that the real server initiates on TCP or UDP ports that are bound to a VIP.
By default, the ServerIron ADX does not perform address translation for any traffic initiated by the real server. However, if you enable Reverse NAT, the ServerIron ADX does perform address translation for connections that the server initiates on ports that are bound to a VIP on the ServerIron ADX.
Reverse NAT works with any port number you use for binding the real server to the VIP. However, TCP and UDP traffic initiated by a real server uses a source port that is chosen by the server when the traffic is sent. As a result, it is not easy to predict the source port numbers the real server will use. You can ensure that the ServerIron ADX translates the source address of the traffic by binding the real server to a VIP using the “default” port. For example, if you configure VIP1 and bind it to real server RS1 using the default port, the ServerIron ADX translates the source IP address in all TCP and UDP traffic initiated by RS1 from the real server’s IP address into the VIP address.
Even when Reverse NAT is enabled, the ServerIron ADX does not translate the source address for traffic that the real server initiates over ports that are not bound to a VIP.
If you bind a real server to more than one VIP, the ServerIron ADX will use the address of the VIP that is bound to the server using the default port. For example, if you bind a real server to VIP1 using TCP port 80 and bind the same server to VIP2 using the default port, the ServerIron ADX always uses VIP2 for Reverse NAT.
NOTE: Reverse NAT does not affect reply traffic from the server. The feature applies only to traffic initiated by the server. In addition, the feature applies only to traffic on the TCP and UDP ports that are used to bind the real server to a VIP configured on the ServerIron ADX. If the real server and VIP are bound using the default port, Reverse NAT applies to all TCP and UDP traffic initiated by the server.
The server reverse-nat command is disabled by default.
ServerIron(config)# server real R1 10.10.10.1
ServerIron(config-rs-RS1)# port http
ServerIron(config-rs-RS1)# exit
ServerIron(config)# server virtual-name-or-ip VIP1 192.168.1.10
ServerIron(config-vs-VIP1)# bind http RS1 http
ServerIron(config-rs-RS1)# exit
ServerIron(config)# server virtual-name-or-ip VIP2 192.168.1.69
ServerIron(config-vs-VIP1)# bind default RS1 default
ServerIron(config)# server reverse-nat
 
The commands in this example create real server R1 and VIPs VIP1 and VIP2. VIP1 is bound to RS1 using TCP port 80 (HTTP). VIP2 is bound to RS1 using the default port. When RS1 initiates TCP or UDP traffic, the ServerIron ADX translates the source IP address from 10.10.10.1 to 192.168.1.69. The ServerIron ADX uses VIP2’s IP address instead of VIP1’s IP address for Reverse NAT because VIP2 is bound using the default port.
Syntax: server reverse-nat
Dynamic NAT for Real Servers Using Virtual Server Address
A ServerIron ADX can use a virtual server address as a dynamic NAT address for real servers. This enables the use of virtual server IP address for outbound connections from real servers.

Server Load Balancing > Enabling Use of the Client MAC Address

Table of Contents Previous Next Print
Copyright © 2009 Brocade Communications Systems, Inc.