Cisco Cisco IOS Software Release 12.2(14)ZA
Functions and Capabilities
17
Cisco IOS Release 12.2(14)ZA4
Client NAT
If you use more than one load-balancing device in your network, replacing the client IP address with an
IP address associated with one of the devices results in proper routing of outbound flows to the correct
device. Client NAT also requires that the ephemeral client port be modified since many clients can use
the same ephemeral port. Even in cases where multiple load-balancing devices are not used, client NAT
can be useful to ensure that packets from load-balanced connections are not routed around the device.
IP address associated with one of the devices results in proper routing of outbound flows to the correct
device. Client NAT also requires that the ephemeral client port be modified since many clients can use
the same ephemeral port. Even in cases where multiple load-balancing devices are not used, client NAT
can be useful to ensure that packets from load-balanced connections are not routed around the device.
Static NAT
With static NAT, address translations exist in the NAT translation table as soon as you configure static
NAT commands, and they remain in the translation table until you delete the static NAT commands.
NAT commands, and they remain in the translation table until you delete the static NAT commands.
You can use static NAT to allow some users to utilize NAT and allow other users on the same Ethernet
interface to continue with their own IP addresses. This option enables you to provide a default NAT
behavior for real servers, differentiating between responses from a real server, and connection requests
initiated by the real server.
interface to continue with their own IP addresses. This option enables you to provide a default NAT
behavior for real servers, differentiating between responses from a real server, and connection requests
initiated by the real server.
For example, you can use server NAT to redirect Domain Name System (DNS) inbound request packets
and outbound response packets for a real server, and static NAT to process connection requests from that
real server.
and outbound response packets for a real server, and static NAT to process connection requests from that
real server.
Note
Static NAT is not required for DNS, but it is recommended, because it hides your real server IP addresses
from the outside world.
from the outside world.
IOS SLB supports the following static NAT options, configured using the ip slb static command:
•
Static NAT with dropped connections—The real server is configured to have its packets dropped by
IOS SLB, if the packets do not correspond to existing connections. This option is usually used in
conjunction with the subnet mask or port number option on the real command in static NAT
configuration mode, such that IOS SLB builds connections to the specified subnet or port, and drops
all other connections from the real server.
IOS SLB, if the packets do not correspond to existing connections. This option is usually used in
conjunction with the subnet mask or port number option on the real command in static NAT
configuration mode, such that IOS SLB builds connections to the specified subnet or port, and drops
all other connections from the real server.
•
Static NAT with a specified address—The real server is configured to use a user-specified virtual IP
address when translating addresses.
address when translating addresses.
•
Static NAT with per-packet server load balancing—The real server is configured such that IOS SLB
is not to maintain connection state for packets originating from the real server. That is, IOS SLB is
to use server NAT to redirect packets originating from the real server. Per-packet server load
balancing is especially useful for DNS load balancing. IOS SLB uses DNS probes to detect failures
in the per-packet server load-balancing environment.
is not to maintain connection state for packets originating from the real server. That is, IOS SLB is
to use server NAT to redirect packets originating from the real server. Per-packet server load
balancing is especially useful for DNS load balancing. IOS SLB uses DNS probes to detect failures
in the per-packet server load-balancing environment.
•
Static NAT with sticky connections—The real server is configured such that IOS SLB is not to
maintain connection state for packets originating from the real server, unless those packets match a
sticky object:
maintain connection state for packets originating from the real server, unless those packets match a
sticky object:
–
If IOS SLB finds a matching sticky object, it builds the connection.
–
If IOS SLB does not find a matching sticky object, it forwards the packets without building the
connection.
connection.