Extreme Networks Px Series manual Configuring Half-NAT Mode

Page 74

that of the real server, and that the TCP source port for the request is the same as the port of the network service that is being load balanced. If a request meets these criteria, it should be sent to the application switch as its next hop.

Advantages of Half-NAT mode are:

•Allows the server logs on the real website to reflect the IP address of the real client making a request, rather than a proxy address of the application switch.

•Allows the use of IP address based security methods such as Unix Netgroups. This is primarily a concern for enterprise data centers.

Half-NAT mode cannot be used if:

•Clients and servers are on the same layer 3 network. Policy-based routing occurs at layer 3 and cannot be applied without crossing a layer 3 network boundary.

Configuring Half-NAT Mode

Half-NAT mode must be configured on both the application switch and the attached layer 3 switch. To enable half-NAT on the Px series application switch, use the following command:

config nat-mode server-only

On an Extreme switch, use the following ExtremeWare commands to configure the policy routes required for half-NAT:

create source-flow <name> source-ip <server ip> source-port <server-port> protocol tcp destination any

config source-flow <name> next-hop <SLB VIP>

These policy rules route all traffic from the load balanced port on the server to the application switch. If other locally-attached networks need to use the facility provided by that port without using the load balancer, more specific rules need to be written to steer traffic directly back to the correct routers.

For example, if users on the segment 10.1.1.0 are connecting to a Web server on 10.1.2.0 without using the server load balancer, you would need another rule group such as the following:

create source-flow local-traffic source-ip 10.1.2.0/24 source port 80

protocol tcp destination 10.1.1.0/24

config source-flow local-traffic next-hop 10.1.2.1

6-16	Px Series Application Switch Installation and Configuration Guide

Image 74

Contents Published April Part number 100101-00 Rev Page Contents Installing the PxM Application Switch Module Configuring Servers and Services Index Index of Commands Preface IntroductionIcon Alerts you to ConventionsText Conventions Convention DescriptionRelated Publications Preface Server Load Balancing Concepts Purpose of Server Load BalancingTerms 1Conceptual view of server load balancingLoad Balancing Modes Layer 4 Load BalancingLayer 7 Load Balancing and Content Analysis 2Single client-server transaction using layer3Establishing a layer 7 request Getting Started on Load Balancing Configuration Port RewriteGetting Started on Load Balancing Configuration Page SummitPx1 Front View Installing the SummitPx1 Application SwitchOverview of the SummitPx1 Application Switch 1Px series application switch LEDs Color Indicates2DB-9 Adapter Pinouts SummitPx1 Application Switch Rear ViewSignal Description To DB-9Rack Mounting Installing the SummitPx1 Application SwitchDetermining the Location Powering On the SummitPx1 Free-StandingSetting Up Console Communication Configuring Switch IP Parameters Configuring the 10/100 Ethernet Management Port Installing the PxM Application Switch Module Installing I/O ModulesRemoving I/O Modules Removing I/O Modules Page Managing the Switch Syntax Symbols Using the Command-Line InterfaceAbbreviated Syntax and Command Completion 1Command Syntax SymbolsSpecifying Text Values Symbol DescriptionLine-Editing Keys 2Line-Editing KeysPrompt Text Configuring Management AccessCommand History Changing the Default Passwords Creating Accounts Modifying AccountsCommand Description Managing the PxMConfiguring VLANs Setting Description System Configuring Snmp4SNMP Configuration Settings ContactConfiguring DNS Client Services SettingDescriptionUsing Secure Shell 2 SSH2 5DNS Client Configuration CommandsEnabling SSH2 for Inbound Switch Access Config ssh2 keyUsing SCP2 from an External SSH2 Client SSH2 Client Functions on the Switch Checking Basic Connectivity UtilitiesShowing CPU Load Logging Configuring a Startup Banner Message Starting the GlobalPx Content Director AgentExample Configuration Internet DNS serverFollowing commands configure all system-related facilities Page Configuring Servers and Services Configuring Real ServersConfiguring Server Groups Configuring Virtual Services Layer 7 Virtual Services Layer 4 Port-based Load BalancingConfiguring Traffic Tagging Tag Specification Description Tag Range Configuration Example1Tag Specifications Configuration Example Page Choosing Policies, Persistence Modes, and NAT Scheduling PoliciesSpecifier Policy Description Persistence Modes1Scheduling Policies Client IP Persistence Mode UDP Flow Persistence1Client IP persistence mode Configuring Client IP Stickiness Cookie Persistence Modes2Self-identifying cookie persistence mode Persistence Modes Hashed Cookie Persistence Session Learned Cookie Persistence Mode 4Learned cookie persistence mode Configuring Cookie Stickiness SSL Session Identifier Persistence Full-NAT Mode NAT ModesServer-only Half-NAT Mode Configuring Full-NAT Mode and Proxy IP AddressesConfiguring Half-NAT Mode Config source-flow name next-hop gateway-mode ip Real Syslog server SummitPx1 Configuration Example Page URL Switching Domain and URL SwitchingDomain Switching 1Typical switching scenario2Domain switching example Configuring URL Switching URL Switching3Simple URL switching example 4More Complicated URL switching example 5Hierarchical approach to pattern rules Wildcard Example Definition Creating Domain and URL Switching Rules1Wildcard Combinations Modifying Existing URL Rules and Domains Application Servers Management net Configuration Example Page Configuring Redundancy Using Vrrp with the SummitPx1Adding and Configuring VRRPs Give backup systems lower prioritiesUsing Vrrp in Existing Redundant Networks 1Application switch using multiple VLANs Vrrp Automatic SynchronizationFollowing commands can be passed from master to backup Configuring Redundancy for the PxM Using Esrp with the PxMConfiguring the PxM for Multiple VLANs For SW2Configuring a Default Gateway Health Checks OverviewServer Startup Pacing Health Checking Procedure Types of Health Checks Configuring Health ChecksTimers and Counters You can disable health checks for a server group Page Showing Traffic Statistics Monitoring the Switch1Statistics Display Commands Displays packet-level counters for Showing Configuration Details 2Configuration Display CommandsConfiguration Displays Status Displays SummitPx128 # show server detailsShow health Information Column DescriptionManaging and Troubleshooting Operation 5Management and Troubleshooting CommandsCommandDescription Index EsrpHttp GET AUX Page Index of Commands