Cisco Cisco IOS Software Release 12.2(18)SXD
Features
11
Cisco IOS Release 12.2(18)SXD
Network Address Translation (NAT)
Cisco IOS NAT, RFC 1631, allows unregistered “private” IP addresses to connect to the Internet by
translating them into globally registered IP addresses. As part of this functionality, Cisco IOS NAT can
be configured to advertise only one address for the entire network to the outside world. This
configuration provides additional security and network privacy, effectively hiding the entire internal
network from the world behind that address. NAT has the dual functionality of security and address
conservation, and is typically implemented in remote access environments.
translating them into globally registered IP addresses. As part of this functionality, Cisco IOS NAT can
be configured to advertise only one address for the entire network to the outside world. This
configuration provides additional security and network privacy, effectively hiding the entire internal
network from the world behind that address. NAT has the dual functionality of security and address
conservation, and is typically implemented in remote access environments.
This section includes information about the following topics:
•
•
•
•
•
•
•
Session Redirection
Session redirection involves redirecting packets to real servers. IOS SLB can operate in one of two
session redirection modes, dispatched mode or directed mode.
session redirection modes, dispatched mode or directed mode.
Note
In both dispatched and directed modes, IOS SLB must track connections. Therefore, you must design
your network so that there is no alternate network path from the real servers to the client that bypasses
the load-balancing device.
your network so that there is no alternate network path from the real servers to the client that bypasses
the load-balancing device.
Dispatched Mode
In dispatched mode, the virtual server address is known to the real servers; you must configure the virtual
server IP address as a loopback address, or secondary IP address, on each of the real servers. IOS SLB
redirects packets to the real servers at the media access control (MAC) layer. Since the virtual server IP
address is not modified in dispatched mode, the real servers must be Layer 2-adjacent to IOS SLB, or
intervening routers might not be able to route to the chosen real server.
server IP address as a loopback address, or secondary IP address, on each of the real servers. IOS SLB
redirects packets to the real servers at the media access control (MAC) layer. Since the virtual server IP
address is not modified in dispatched mode, the real servers must be Layer 2-adjacent to IOS SLB, or
intervening routers might not be able to route to the chosen real server.
For Catalyst 6500 family switches, dispatched mode with hardware data packet acceleration generally
yields better performance than directed mode.
yields better performance than directed mode.
Refer to the “Configuring Logical Interfaces” chapter of the Cisco IOS Interface Configuration Guide,
Release 12.2 for more information about configuring the loopback address.
Release 12.2 for more information about configuring the loopback address.
Directed Mode
In directed mode, the virtual server can be assigned an IP address that is not known to any of the real
servers. IOS SLB translates packets exchanged between a client and a real server, using NAT to translate
the virtual server IP address to a real server IP address.
servers. IOS SLB translates packets exchanged between a client and a real server, using NAT to translate
the virtual server IP address to a real server IP address.
IOS SLB supports the following types of NAT:
•
•
•
•