I have a scenario where an ACE load balancer needs to load balance to a couple of servers on another subnet not directly connected to the ACE. At first this seems resonable to configure the rservers and create static routes to reach them, my concern is the return path and the rservers being hidden behind the VIP.
Has anyone had a similar scenario?
Has anyone got any comments on this?
You would source NAT the traffic on the ACE. It would translate to a different address that the server would reply to for continued communications. Here's a link that can explain it better than I can
Hope it helps.
I have taken a look at the link you sent, so just to confirm,
When a clients request comes in with a destination address of the VIP, the ACE will load balance to the servers (by default the ACE does not translate the clients source address) by routing to the rserver addresses, by default if the clients source address is not source NAT'ed on the ACE the server will route directly back to the client bypassing the ACE.
So i guess to overcome this issue i would need to ensure that the clients source address is NAT'ed by the ACE to ensure that the server response is routed back to the ACE and then routed back to the client.
Also, in general, when a server responds to a client i thought the servers real address is hidden by the VIP by default, does the same apply in this scenario?
Does this sound right?
Thanks again Colin for your feedback,
Regarding source NAT on the ACE, all the example configurations i have seen include configuring a nat pool under the interface.
Do you know if it's possible to source NAT the traffic from the interface alias address of the interface, the reason i ask is the interface subnet i want to source NAT from has no free addresses to allocate to a NAT pool?
Your help is very much appreciated.
Whether you can use the interface IP as NAT Pool I cannot answer you (never tried to do so, but I don't think it will work as you have different Interface IP's in a HA ACE Konfig on the active and passiv peer), but you can make a NAT Pool with only one IP. That works great and you just need one IP. You can even reuse this "one IP Pool" in different Classes.