09-29-2010 09:21 AM
Hi All,
I have a scenario where an ACE load balancer needs to load balance to a couple of servers on another subnet not directly connected to the ACE. At first this seems resonable to configure the rservers and create static routes to reach them, my concern is the return path and the rservers being hidden behind the VIP.
Has anyone had a similar scenario?
Has anyone got any comments on this?
Regards
Kris
09-29-2010 09:30 AM
Kris-
You would source NAT the traffic on the ACE. It would translate to a different address that the server would reply to for continued communications. Here's a link that can explain it better than I can
Hope it helps.
09-30-2010 12:59 AM
Thanks Collin,
I have taken a look at the link you sent, so just to confirm,
When a clients request comes in with a destination address of the VIP, the ACE will load balance to the servers (by default the ACE does not translate the clients source address) by routing to the rserver addresses, by default if the clients source address is not source NAT'ed on the ACE the server will route directly back to the client bypassing the ACE.
So i guess to overcome this issue i would need to ensure that the clients source address is NAT'ed by the ACE to ensure that the server response is routed back to the ACE and then routed back to the client.
Also, in general, when a server responds to a client i thought the servers real address is hidden by the VIP by default, does the same apply in this scenario?
Does this sound right?
Kris
09-30-2010 06:38 AM
I would say you are correct on all statements.
10-01-2010 02:03 AM
Thanks again Colin for your feedback,
Regarding source NAT on the ACE, all the example configurations i have seen include configuring a nat pool under the interface.
Do you know if it's possible to source NAT the traffic from the interface alias address of the interface, the reason i ask is the interface subnet i want to source NAT from has no free addresses to allocate to a NAT pool?
Any ideas,
Your help is very much appreciated.
Kris
10-04-2010 11:25 PM
Hi Kris
Whether you can use the interface IP as NAT Pool I cannot answer you (never tried to do so, but I don't think it will work as you have different Interface IP's in a HA ACE Konfig on the active and passiv peer), but you can make a NAT Pool with only one IP. That works great and you just need one IP. You can even reuse this "one IP Pool" in different Classes.
best regards
Simon
11-08-2010 04:02 AM
Hi All,
I can suggest the following link to explain this in detail:
Kris
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide