12-11-2016 10:15 AM - edited 03-05-2019 07:39 AM
SET UP:
R1 and R2 are acting as servers , hosting the identical contents. These servers from outside are represented by a single IP 100.100.100.100
All traffic ( TCP TELNET) destined to 100.100.100.100 arriving on g1/0 from OUTSIDE , must be load balanced across these R1 and R2 by R3-NAT router using " ip nat inside destination list 1 pool ZEE"
EXPECTED BEHAVIOR:
All traffic with destination IP 100.100.100.100 arriving on g1/0 ( IP NAT OUTSIDE)will be checked against NAT translation table first, if there is an entry, NAT will be performed accordingly and then resulting IP packet will be routed . If there is no ENTRY in NAT table, entry will be created, NAT will be performed on the arriving packet, then routing.
But this is not happening!!
Below I generate TCP traffic by teleneting 100.100.100.100, on R4 but R3 does not create a NAT entry in NAT table, thus the packet is discarded.
R3-NAT CONFIG:
interface FastEthernet0/0
ip address 10.10.10.3 255.255.255.0
ip nat inside
duplex full
!
interface GigabitEthernet1/0
ip address 34.34.34.3 255.255.255.0
ip nat outside
negotiation auto
ip nat pool ZEE 10.10.10.1 10.10.10.2 prefix-length 24
ip nat inside destination list 1 pool ZEE
access-list 1 permit 100.100.100.100
Debug ip nat detailed on R3 shows NAT is not even attempted:
R3#debug ip nat detailed
IP NAT detailed debugging is on
R3#
R4#telnet 100.100.100.100
Trying 100.100.100.100 ...
% Connection timed out; remote host not responding
What am I missing here?
Have a nice weekend!!
Solved! Go to Solution.
12-11-2016 11:03 AM
Hi Sarah,
Hope you are doing well.
Can you add "type rotary" to the end and test again?
ip nat pool ZEE 10.10.10.1 10.10.10.2 prefix-length 24 type rotary
Also, can you post "sh run"?
Thanks,
Reza
12-11-2016 11:51 AM
Hi Sarah,
Glad to know its working for you now.
I think you are the seeing the correct behavior that only TCP traffic is being translated.
From the NAT documentation:
Destination Address Rotary Translation
12-11-2016 11:03 AM
Hi Sarah,
Hope you are doing well.
Can you add "type rotary" to the end and test again?
ip nat pool ZEE 10.10.10.1 10.10.10.2 prefix-length 24 type rotary
Also, can you post "sh run"?
Thanks,
Reza
12-11-2016 11:42 AM
Hi Reza,
How are you doing?
Worked like a charm!!
I did see " rotary " type ( as name indicates) assign IP in round-robin fashion as expected.
But question is : if we do not use this option what behavior should one expect? In my example, if this option is not configured no load balancing occurs. IOS does logs a message" Unexpected behavior will result type rotary is missing"
Based on some blogs in Cisco support community, it only works for TCP, I am trying to find the answer why TCP only.
R4#telnet 100.100.100.100
Trying 100.100.100.100 ... Open
User Access Verification
Password:
R1-90>exit
[Connection to 100.100.100.100 closed by foreign host]
R4#telnet 100.100.100.100
Trying 100.100.100.100 ... Open
User Access Verification
Password:
R2-100>
Thanks and have a nice weekend!!
12-11-2016 11:51 AM
Hi Sarah,
Glad to know its working for you now.
I think you are the seeing the correct behavior that only TCP traffic is being translated.
From the NAT documentation:
Destination Address Rotary Translation
12-11-2016 12:12 PM
Thanks for the link, it answers my question.
have a nice weekend!!
12-11-2016 11:09 AM
Hi -
A few comments and questions...
PSC
12-11-2016 11:41 AM
yes,
Thanks , i will see it
That is debatable, granted router main job is to route traffic, but over the years we have assigned other many functions such as: DHCP server, TFTP server, CME ( call processing agent) load balancing using NAT as in my example, to name the few . It is working as expected, though we can only load balance TCP , still trying to figure out why this limitation.
Appreciate your input, have a nice weekend!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide