09-29-2010 09:21 AM
I have a scenario where an ACE load balancer needs to load balance to a couple of servers on another subnet not directly connected to the ACE. At first this seems resonable to configure the rservers and create static routes to reach them, my concern is the return path and the rservers being hidden behind the VIP.
Has anyone had a similar scenario?
Has anyone got any comments on this?
09-29-2010 09:30 AM
You would source NAT the traffic on the ACE. It would translate to a different address that the server would reply to for continued communications. Here's a link that can explain it better than I can
Hope it helps.
09-30-2010 12:59 AM
I have taken a look at the link you sent, so just to confirm,
When a clients request comes in with a destination address of the VIP, the ACE will load balance to the servers (by default the ACE does not translate the clients source address) by routing to the rserver addresses, by default if the clients source address is not source NAT'ed on the ACE the server will route directly back to the client bypassing the ACE.
So i guess to overcome this issue i would need to ensure that the clients source address is NAT'ed by the ACE to ensure that the server response is routed back to the ACE and then routed back to the client.
Also, in general, when a server responds to a client i thought the servers real address is hidden by the VIP by default, does the same apply in this scenario?
Does this sound right?
09-30-2010 06:38 AM
I would say you are correct on all statements.
10-01-2010 02:03 AM
Thanks again Colin for your feedback,
Regarding source NAT on the ACE, all the example configurations i have seen include configuring a nat pool under the interface.
Do you know if it's possible to source NAT the traffic from the interface alias address of the interface, the reason i ask is the interface subnet i want to source NAT from has no free addresses to allocate to a NAT pool?
Your help is very much appreciated.
10-04-2010 11:25 PM
Whether you can use the interface IP as NAT Pool I cannot answer you (never tried to do so, but I don't think it will work as you have different Interface IP's in a HA ACE Konfig on the active and passiv peer), but you can make a NAT Pool with only one IP. That works great and you just need one IP. You can even reuse this "one IP Pool" in different Classes.
11-08-2010 04:02 AM
I can suggest the following link to explain this in detail:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: