Extreme Networks Px Series manual Server-only Half-NAT Mode

Page 73

NAT Modes

Configuring Full-NAT Mode and Proxy IP Addresses

Full-NAT mode is the default behavior of the application switch. If another NAT mode was in use previously, use the following command to set it back to full:

config nat-mode full

To function properly, the application switch requires that proxy IP addresses be configured. These proxy addresses are used as the source IP addresses for the outbound connection to the server. One proxy address must be configured for each 63,000 sessions active at one time. For full system capacity, you must configure 32 IP addresses.

To set a proxy IP address or a range of proxy addresses, use the following command:

config proxy-ip <ip address1> [- <ip address2>]

Proxy-ip addresses do not need to be contiguous. You can use multiple commands to specify different ranges of IP addresses to use as proxy addresses. The only restriction is that all addresses must be on the same subnet as the main system IP address.

Do not change the proxy IP while the application switch is running. Boot the application switch for the proxy IP information to take effect.

Server-only Half-NAT Mode

In half-NAT mode, the application switch only translates the server IP address when dispatching the client requests to the real server. Half-NAT mode results in the server believing that the request came from the client, instead of the application switch. Using half-NAT mode, the server sees the real IP address of the client.

Because the server fulfilling the request believes that the request came directly from the actual client, and not the application switch, the server attempts to respond directly to the client. However, for the connection to be completed appropriately, the application switch needs to see the return traffic so that it can perform reverse NAT on the server portion of the address.

To route the traffic correctly from the server back into the application switch, and back to the client, the layer 3 switch attached to the application switch must support policy-based routing.

Policy-based routing allows layer 3 switches to make next-hop forwarding decisions based on information other than simply the IP destination address of the request. In this case, the next-hop decision must be based on the fact that the source of the request is

Px Series Application Switch Installation and Configuration Guide

6-15

Image 73
Contents Published April Part number 100101-00 Rev Page Contents Installing the PxM Application Switch Module Configuring Servers and Services Index Index of Commands Introduction PrefaceText Conventions ConventionsIcon Alerts you to Convention DescriptionRelated Publications Preface Purpose of Server Load Balancing Server Load Balancing Concepts1Conceptual view of server load balancing TermsLayer 4 Load Balancing Load Balancing Modes2Single client-server transaction using layer Layer 7 Load Balancing and Content Analysis3Establishing a layer 7 request Port Rewrite Getting Started on Load Balancing ConfigurationGetting Started on Load Balancing Configuration Page Overview of the SummitPx1 Application Switch Installing the SummitPx1 Application SwitchSummitPx1 Front View Color Indicates 1Px series application switch LEDsSignal Description SummitPx1 Application Switch Rear View2DB-9 Adapter Pinouts To DB-9Determining the Location Installing the SummitPx1 Application SwitchRack Mounting Free-Standing Powering On the SummitPx1Setting Up Console Communication Configuring Switch IP Parameters Configuring the 10/100 Ethernet Management Port Installing I/O Modules Installing the PxM Application Switch ModuleRemoving I/O Modules Removing I/O Modules Page Managing the Switch Abbreviated Syntax and Command Completion Using the Command-Line InterfaceSyntax Symbols 1Command Syntax SymbolsLine-Editing Keys Symbol DescriptionSpecifying Text Values 2Line-Editing KeysCommand History Configuring Management AccessPrompt Text Changing the Default Passwords Modifying Accounts Creating AccountsManaging the PxM Command DescriptionConfiguring VLANs 4SNMP Configuration Settings Configuring SnmpSetting Description System ContactSettingDescription Configuring DNS Client Services5DNS Client Configuration Commands Using Secure Shell 2 SSH2Config ssh2 key Enabling SSH2 for Inbound Switch AccessUsing SCP2 from an External SSH2 Client SSH2 Client Functions on the Switch Showing CPU Load UtilitiesChecking Basic Connectivity Logging Starting the GlobalPx Content Director Agent Configuring a Startup Banner MessageInternet DNS server Example ConfigurationFollowing commands configure all system-related facilities Page Configuring Real Servers Configuring Servers and ServicesConfiguring Server Groups Configuring Virtual Services Layer 4 Port-based Load Balancing Layer 7 Virtual ServicesConfiguring Traffic Tagging 1Tag Specifications Configuration ExampleTag Specification Description Tag Range Configuration Example Page Scheduling Policies Choosing Policies, Persistence Modes, and NAT1Scheduling Policies Persistence ModesSpecifier Policy Description UDP Flow Persistence Client IP Persistence Mode1Client IP persistence mode Cookie Persistence Modes Configuring Client IP Stickiness2Self-identifying cookie persistence mode Persistence Modes Hashed Cookie Persistence Session Learned Cookie Persistence Mode 4Learned cookie persistence mode Configuring Cookie Stickiness SSL Session Identifier Persistence NAT Modes Full-NAT ModeConfiguring Full-NAT Mode and Proxy IP Addresses Server-only Half-NAT ModeConfiguring Half-NAT Mode Config source-flow name next-hop gateway-mode ip Real Syslog server SummitPx1 Configuration Example Page Domain and URL Switching URL Switching1Typical switching scenario Domain Switching2Domain switching example URL Switching Configuring URL Switching3Simple URL switching example 4More Complicated URL switching example 5Hierarchical approach to pattern rules 1Wildcard Combinations Creating Domain and URL Switching RulesWildcard Example Definition Modifying Existing URL Rules and Domains Application Servers Management net Configuration Example Page Using Vrrp with the SummitPx1 Configuring RedundancyGive backup systems lower priorities Adding and Configuring VRRPsUsing Vrrp in Existing Redundant Networks Vrrp Automatic Synchronization 1Application switch using multiple VLANsFollowing commands can be passed from master to backup Using Esrp with the PxM Configuring Redundancy for the PxMFor SW2 Configuring the PxM for Multiple VLANsConfiguring a Default Gateway Overview Health ChecksServer Startup Pacing Health Checking Procedure Timers and Counters Configuring Health ChecksTypes of Health Checks You can disable health checks for a server group Page 1Statistics Display Commands Monitoring the SwitchShowing Traffic Statistics Displays packet-level counters for 2Configuration Display Commands Showing Configuration DetailsConfiguration Displays SummitPx128 # show server details Status DisplaysColumn Description Show health Information5Management and Troubleshooting Commands Managing and Troubleshooting OperationCommandDescription Esrp IndexHttp GET AUX Page Index of Commands