cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2150
Views
0
Helpful
3
Replies
Highlighted
Engager

Why do you need NAT on a load-balancer

Hello,

Id be grateful if someone could explain why NAT is required on an ACE LB. I've been reading, but still dont quite understand. Is it NAT for the clients or the Server

thank you

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

The NAT pool can be any set of IP addresses. The key thing to understand is that the NAT pool must be routed to the LB. It doesn't matter whether it is part of the interface range or a separate pool altogether, you are simply forcing traffic back to the LB as the LB is not inline to the traffic flow.

As long as that NAT range is routed to the LB it will work fine.

Jon

View solution in original post

3 REPLIES 3
Highlighted
VIP Mentor

The ACE supports both NAT for the client and the server. In general, NAT is not a needed function for the load-balancer. But in some designs NAT can help you to control the traffic-flow. One scenario is where you have more than one load-balancer and you need to make sure that the return-traffic comes back to the right LB. There client-NAT can solve that problem.

And don't be confused with the virtual IP. If you look at the packets in front and behind the LB, it seems like the LB does NAT. But in the ACE that function is not the NAT-config.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

Highlighted

How does it come in to play with a one arm configuration? I understand what the NAT does, but does the NAT pool have to be specifically an IP on an interface? I took a look at other peoples config and the NAT pool seems to have addresses that doesn't even live on the load balancer. Is it just any address that the client or server can respond to? and if so why is it not NAT'ed as the source being one of its own IP's?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Highlighted

The NAT pool can be any set of IP addresses. The key thing to understand is that the NAT pool must be routed to the LB. It doesn't matter whether it is part of the interface range or a separate pool altogether, you are simply forcing traffic back to the LB as the LB is not inline to the traffic flow.

As long as that NAT range is routed to the LB it will work fine.

Jon

View solution in original post

Content for Community-Ad