Extreme Networks Px Series Configuring Half-NAT Mode

6-16 Px Series Application Switch Installation and Configuration Guid e

that of the real server, and that the TCP source port for the request is the same as the

port of the network service that is being load balanced. If a request meets these criteria,

it should be sent to the application switch as its next hop .

Advantages of Half-NAT mode are:

•Allows the server logs on the real website to reflect the IP address of the real client

making a request, rather than a proxy address of the application switch.

•Allows the use of IP address based security methods such as Unix Netgroups. This

is primarily a concern for enterprise data centers.

Half-NAT mode cannot be used if:

•Clients and servers are on the same layer 3 network. Policy-based routing occurs at

layer 3 and cannot be applied without crossing a layer 3 network boundary.

Configuring Half-NAT Mode

Half-NAT mode must be configured on both the application switch and the attach ed

layer 3 switch. To enable half-NAT on the Px series application switch, use the

following command:

config nat-mode server-on ly

On an Extreme switch, use the following ExtremeWare commands to configure the

policy routes required for half-NAT:

create source-flow <name> source-ip <se rver ip> source -port

<server-port> protocol tc p destination any

config source-flow <name> next-hop <SLB VIP>

These policy rules route all traffic from the load balanced port on the server to the

application switch. If other locally-attached networks nee d to use the faci lity provided

by that port without using the load balancer, more specific rules need to be written t o

steer traffic directly back to the correct routers.

For example, if users on the segment 10.1.1.0 are connecting to a Web server on 10.1.2.0

without using the server load balancer, you would need another rule group such as the

following:

create source-flow local- traffic source -ip 10.1.2.0/ 24 source po rt 80

protocol tcp destination 1 0.1.1.0/24

config source-flow local- traffic next-h op 10.1.2.1

Contents

Main Page Contents Preface 1 Server Load Balancing Concepts 2 Installing the SummitPx1 Application Switch 3 Installing the PxM Application Switch Module 4 Managing the Switch 5 Configuring Servers and Services 6 Choosing Policies, Persistence Modes, and NAT 7 URL Switching Page Preface Introduction Conventions Table1 and Table 2 list conventions that are used throughout this guide. Table 1 : Notice Icons Table 2 : Text Conventions Page Page 1 Purpose of Server Load Balancing Terms Load Balancing Modes Layer 4 Load Balancing Layer 7 Load Balancing and Content Analysis Page Port Rewrite Getting Started on Load Balancing Configuration Page Page 2 Application Switch Overview of the SummitPx1 Application Switch SummitPx1 Front View Page SummitPx1 Application Switch Rear V iew Determining the Location Installing the SummitPx1 Application Switch Rack Mounting Free-Standing Powering On the SummitPx1 Setting Up Console Co mmunication Configuring Switch IP Parameters Configuring the 10/100 Ethernet Management Port 3 Switch Module Installing I/O Modules Removing I/O Modules Page Page 4 Using the Command-Line Interface Abbreviated Syntax and Command Completion Syntax Symbols Line-Editing Keys Specifying Text Values Command History Prompt Text Configuring Management Access Changing the Default Passwords Creating Accounts Modifying Accounts Viewing Accounts Deleting an Account Managing the PxM Configuring VLANs Configuring SNMP Configuring DNS Client Services Table 4 -4: SNMP Configuration Settings Using Secure Shell 2 (SSH2) Enabling SSH2 for Inbound Switch Access Using SCP2 from an External SSH2 Client SSH2 Client Functions on the Switch Utilities Showing CPU Load Checking Basic Connectivity Logging Configuring a Startup Banner Me ssage Starting the GlobalPx Co ntent Dir ector Ag ent Example Configuration The following commands configure all system-related facilit ies: Page 5 Configuring Real Servers Configuring Server Groups Configuring Virtual Services Layer 4 Port-based Load Balancing Layer 7 Virtual Services Configuring Traffic Tagging Page Page Page 6 Modes, and NAT Scheduling Policies The Px series application switch supports the followin g scheduling po licies: Persistence Modes Table 6 -1: Scheduling Policies UDP Flow Persistence Client IP Persistence Mode Page Configuring Client IP Stickiness Cookie Persistence Modes Self-Identifying Cookie Persistence Mode Page Page Hashed Cookie Persistence Page Learned Cookie Persistence Mode Page Configuring Cookie Stickiness SSL Session Identifier Persistence NAT Modes Full-NAT Mode Configuring Full-NAT Mode and Proxy IP Addresses Server-only Half-NAT Mode Configuring Half-NAT Mode Page Page Page Page 7 Domain and URL Switching Domain Switching Server Group 1 Client 192.1.1.1:80 Server Group 2 Server Group 3 URL Switching Configuring URL Switching Page Server Group 1 www.buystuff.com Client Server Group 2 Page Creating Domain and U RL Switc hing Rules Modifying Existing URL Rules and Domains Page Page Page 8 Using VRRP with the SummitPx1 Adding and Configuring VRRPs Using VRRP in Existing Redundant Networks VRRP Automatic Synchronization Page Configuring Redundancy for the PxM Using ESRP with the PxM Configuring the PxM for Multiple VLANs Configuring a Default Gateway 9 Overview Server Startup Pacing Health Checking Procedure Configuring Health Checks Types of Health Checks Timers and Counters Page Page 10 Showing Traffic Statistics Table10-1: Statistics Display Commands (continued) Showing Configuratio n Detail s Configuration Displays The following example illustrate s the output from the Status Displays The following tables describe the columns and their values. Table10-3: show health Information Table10-4: show server details Information Managing and Troubleshooting Operation Table10-5 lists the commands that are used to display management and troubleshooting information. Table10-5: Management and Troubleshooting Commands Table10-4: show server details Information Page Index A C D E G H I K L R S T U V Page Index of Commands B C D E H N P