Configuring half-nat mode – Extreme Networks Px Series User Manual

Page 74

Advertising
background image

6-16

Px Series Application Switch Installation and Configuration Guide

that of the real server, and that the TCP source port for the request is the same as the
port of the network service that is being load balanced. If a request meets these criteria,
it should be sent to the application switch as its next hop.

Advantages of Half-NAT mode are:

Allows the server logs on the real website to reflect the IP address of the real client
making a request, rather than a proxy address of the application switch.

Allows the use of IP address based security methods such as Unix Netgroups. This
is primarily a concern for enterprise data centers.

Half-NAT mode cannot be used if:

Clients and servers are on the same layer 3 network. Policy-based routing occurs at
layer 3 and cannot be applied without crossing a layer 3 network boundary.

Configuring Half-NAT Mode

Half-NAT mode must be configured on both the application switch and the attached
layer 3 switch. To enable half-NAT on the Px series application switch, use the
following command:

config nat-mode server-only

On an Extreme switch, use the following ExtremeWare commands to configure the
policy routes required for half-NAT:

create source-flow <name> source-ip <server ip> source-port

<server-port> protocol tcp destination any

config source-flow <name> next-hop <SLB VIP>

These policy rules route all traffic from the load balanced port on the server to the
application switch. If other locally-attached networks need to use the facility provided
by that port without using the load balancer, more specific rules need to be written to
steer traffic directly back to the correct routers.

For example, if users on the segment 10.1.1.0 are connecting to a Web server on 10.1.2.0
without using the server load balancer, you would need another rule group such as the
following:

create source-flow local-traffic source-ip 10.1.2.0/24 source port 80

protocol tcp destination 10.1.1.0/24

config source-flow local-traffic next-hop 10.1.2.1

Advertising
Popular Brands
Popular manuals