Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3563
Views
0
Helpful
3
Replies

Why do you need NAT on a load-balancer

Go to solution
Bilal Nawaz
VIP Alumni
VIP Alumni

‎09-24-2012 02:08 PM - edited ‎03-07-2019 09:04 AM

Hello,

Id be grateful if someone could explain why NAT is required on an ACE LB. I've been reading, but still dont quite understand. Is it NAT for the clients or the Server

thank you

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Bilal Nawaz

‎09-25-2012 02:41 AM

The NAT pool can be any set of IP addresses. The key thing to understand is that the NAT pool must be routed to the LB. It doesn't matter whether it is part of the interface range or a separate pool altogether, you are simply forcing traffic back to the LB as the LB is not inline to the traffic flow.

As long as that NAT range is routed to the LB it will work fine.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

‎09-24-2012 02:49 PM

The ACE supports both NAT for the client and the server. In general, NAT is not a needed function for the load-balancer. But in some designs NAT can help you to control the traffic-flow. One scenario is where you have more than one load-balancer and you need to make sure that the return-traffic comes back to the right LB. There client-NAT can solve that problem.

And don't be confused with the virtual IP. If you look at the packets in front and behind the LB, it seems like the LB does NAT. But in the ACE that function is not the NAT-config.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
Bilal Nawaz
VIP Alumni
VIP Alumni
In response to Karsten Iwen

‎09-25-2012 01:54 AM

How does it come in to play with a one arm configuration? I understand what the NAT does, but does the NAT pool have to be specifically an IP on an interface? I took a look at other peoples config and the NAT pool seems to have addresses that doesn't even live on the load balancer. Is it just any address that the client or server can respond to? and if so why is it not NAT'ed as the source being one of its own IP's?

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Bilal Nawaz

‎09-25-2012 02:41 AM

The NAT pool can be any set of IP addresses. The key thing to understand is that the NAT pool must be routed to the LB. It doesn't matter whether it is part of the interface range or a separate pool altogether, you are simply forcing traffic back to the LB as the LB is not inline to the traffic flow.

As long as that NAT range is routed to the LB it will work fine.

Jon

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card