Solved: Re: Can you load balance NAT'd addresses-w/out load balancer

nygenxny123 · ‎04-14-2008

Is it possible to load balance w/out a load balancer?

Here is the scenario..

Our global email address is NAT'd internally...to two email servers..im wondering how it is possible to load balance between the two private IP addresses without a load balancer in the picture..would this be done at the firewall level, or is a router capable of doing this

lamav · ‎04-15-2008

Hi:

I recommend you read the document I sent you because it has a lot of useful information regarding requirements and restrictions and design implementations.

The quick answer to your question is that you are correct on both counts.

1.) SLB will forward traffic sent to its virtual server farm address to each of the real server addresses and maintain a state table for all the connections. No NATing between the virtual server farm address and the real server addresses needs to be explicity configured.

However, (and this is why I suggested that you read the document), you can incorporate a reference to NAT in the configuration, which will allow you more flexibility by not having the requirement that the real servers be directly connected to the SLB switch. You won;t configure an actual NAT statement, however.

2.) You will configure a static NAT statement between the advertised global address for the email service and the virtual server farm address.

Example:

ip nat outside source static

HTH

Victor

View solution in original post

lamav · ‎04-14-2008

Hi:

You can use IOS-based SLB on Cisco routers. It's sort of a poor man's version of server load balancing.

Basically, you create a 'real' server farm and place the physical servers in it, and reference their NIC ip addresses (real address).

Then you create the virtual server farm, reference the 'real' server farm group, and define the virtual address for the server farm group.

Take a look below at a sample config.

ip slb serverfarm MTA

real 10.120.22.11

retry 10

inservice

real 10.120.22.12

retry 10

inservice

ip slb vserver MTA

virtual 10.120.41.202 tcp smtp

serverfarm MTA

inservice

There are other features and some design and implementation considerations, too. Please check out this link:

http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfsflb_ps1835_TSD_Products_Configuration_Guide_Chapter.html

HTH

Victor

nygenxny123 · ‎04-15-2008

great..so the NAT would really not be involved in the load balancing..i would simply

statically map the 'real' global address

to the virtual server ip address?

lamav · ‎04-15-2008

Hi:

I recommend you read the document I sent you because it has a lot of useful information regarding requirements and restrictions and design implementations.

The quick answer to your question is that you are correct on both counts.

1.) SLB will forward traffic sent to its virtual server farm address to each of the real server addresses and maintain a state table for all the connections. No NATing between the virtual server farm address and the real server addresses needs to be explicity configured.

However, (and this is why I suggested that you read the document), you can incorporate a reference to NAT in the configuration, which will allow you more flexibility by not having the requirement that the real servers be directly connected to the SLB switch. You won;t configure an actual NAT statement, however.

2.) You will configure a static NAT statement between the advertised global address for the email service and the virtual server farm address.

Example:

ip nat outside source static

HTH

Victor

nygenxny123 · ‎04-15-2008

thx!!!

s.debenito · ‎05-07-2008

Hi victor,

Do you know how can I use more than one virtual server address? I mean something like a "secondary" option when configuring 2 IP addresses on typical interfaces.

I know there is an optional parameter called "group", but it is used for an entire subnet. The problem is that I have some servers on that subnet wich don't need to be balanced.

Thanks in advance.