Source nat – Brocade Virtual ADX Server Load Balancing Guide (Supporting ADX v03.1.00) User Manual
Page 47
Brocade Virtual ADX Server Load Balancing Guide
31
53-1003247-01
Source NAT
2
The tcp/udp-portnum variable specifies the application port you want to make stateless.
NOTE
The Brocade Virtual ADX supports port translation for stateless SLB. Port translation is useful when
clients connect to real servers directly. Without port translation, if a client connects to a real server
directly, the Brocade Virtual ADX automatically replaces the source IP address to a VIP. When you
configure port translation, the Brocade Virtual ADX overcomes the limitation of performing NAT on
all packets initiated from the real server. NAT does not occur because the Brocade Virtual ADX does
not match the port number.
NOTE
The Brocade Virtual ADX supports stateless SLB for any TCP and UDP application protocols. For a
TCP application, hashing must be enabled on the Brocade Virtual ADX. For a UDP application, you
can enable or disable hashing on the Brocade Virtual ADX.
Source NAT
Source NAT configuration is useful where a Brocade Virtual ADX is connected in one-armed mode;
for example where it is connected to the network infrastructure through an uplink as shown in
.
In this situation the Brocade Virtual ADX passes the source IP address of the client to a back-end
application server. If these servers have a direct path to the client, (as would be the case in
one-armed design) the response will bypass the Brocade Virtual ADX in the return path. This bypass
breaks the traffic flow because the client sees the response coming from the IP address of the real
server, instead of the IP address of the virtual server.
With Source NAT configured, a Brocade Virtual ADX replaces the IP address of a client IP with the IP
address of the Brocade Virtual ADX in request packets forwarded to the real server. This action
forces the real server to forward replies to the Brocade Virtual ADX instead of bypassing it.
provides an example of what can occur when a real server has a path back to a client that
bypasses a Brocade Virtual ADX without Source NAT enabled as described in the following.
1. A request from the Client arrives at the Brocade Virtual ADX through a Layer 2 switch.
2. The Brocade Virtual ADX translates the VIP IP address to the IP address of the real server and
forwards the request to the real server through the Layer 2 switch.
3. The real server sees the request coming from the IP address of the client and replies back
directly through the Layer-2 switch bypassing the Brocade Virtual ADX.