NAT Modes

Configuring Full-NAT Mode and Proxy IP Addresses

Full-NAT mode is the default behavior of the application switch. If another NAT mode was in use previously, use the following command to set it back to full:

config nat-mode full

To function properly, the application switch requires that proxy IP addresses be configured. These proxy addresses are used as the source IP addresses for the outbound connection to the server. One proxy address must be configured for each 63,000 sessions active at one time. For full system capacity, you must configure 32 IP addresses.

To set a proxy IP address or a range of proxy addresses, use the following command:

config proxy-ip <ip address1> [- <ip address2>]

Proxy-ip addresses do not need to be contiguous. You can use multiple commands to specify different ranges of IP addresses to use as proxy addresses. The only restriction is that all addresses must be on the same subnet as the main system IP address.

Do not change the proxy IP while the application switch is running. Boot the application switch for the proxy IP information to take effect.

Server-only Half-NAT Mode

In half-NAT mode, the application switch only translates the server IP address when dispatching the client requests to the real server. Half-NAT mode results in the server believing that the request came from the client, instead of the application switch. Using half-NAT mode, the server sees the real IP address of the client.

Because the server fulfilling the request believes that the request came directly from the actual client, and not the application switch, the server attempts to respond directly to the client. However, for the connection to be completed appropriately, the application switch needs to see the return traffic so that it can perform reverse NAT on the server portion of the address.

To route the traffic correctly from the server back into the application switch, and back to the client, the layer 3 switch attached to the application switch must support policy-based routing.

Policy-based routing allows layer 3 switches to make next-hop forwarding decisions based on information other than simply the IP destination address of the request. In this case, the next-hop decision must be based on the fact that the source of the request is

Px Series Application Switch Installation and Configuration Guide

6-15

Page 73
Image 73
Extreme Networks Px Series manual Server-only Half-NAT Mode, Configuring Full-NAT Mode and Proxy IP Addresses