[go: up one dir, main page]
Scribd
Upload
9 views5 pages

Configure Server Load Balancing Using Dynamic NAT - Cisco

This document provides a guide on configuring Server Load Balancing using Dynamic NAT on Cisco IOS routers, allowing external users to access multiple internal servers through a single IP address. It outlines the prerequisites, configuration steps, and verification methods for setting up NAT to distribute traffic among identical servers. Limitations include the inability to detect server failures and inefficient load balancing due to lack of load awareness.

Uploaded by

Khaled Guessoum
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views5 pages

Configure Server Load Balancing Using Dynamic NAT - Cisco

This document provides a guide on configuring Server Load Balancing using Dynamic NAT on Cisco IOS routers, allowing external users to access multiple internal servers through a single IP address. It outlines the prerequisites, configuration steps, and verification methods for setting up NAT to distribute traffic among identical servers. Limitations include the inability to detect server failures and inefficient load balancing due to lack of load awareness.

Uploaded by

Khaled Guessoum
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

31/05/2022 09:29 Configure Server Load Balancing Using Dynamic NAT - Cisco

Configure Server Load Balancing Using Dynamic NAT

Updated: June Saved


Content 4, 2018 Document ID: 200608
Bias-Free Langua
View All Saved Content Remove from Saved Content

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation se
bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity,
ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the
documentation due to language that is hardcoded in the user interfaces of the product software, language used
based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how
Cisco is using Inclusive Language.

Contents

Introduction
Prerequisites
Requirements
Components Used
Background Information
Purpose
Description
Configure
Network Diagram
Steps
Verify
Troubleshoot
Limitations

Introduction
This document describes how to configure Network Address Translation (NAT) server load balancing TCP
traffic on Cisco IOS® routers.

Prerequisites

Requirements
There are no specific requirements for this document.

Components Used
This document is not restricted to specific software and hardware versions. This document applies to all
Cisco routers and switches that run Cisco IOS.

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200608-Server-Load-Balancing-Using-Dynamic-NAT.html 1/5
31/05/2022 09:29 Configure Server Load Balancing Using Dynamic NAT - Cisco

The information in this document was created from the devices in a specific lab environment. All of the
devices used in this document started with a cleared (default) configuration. If your network is live, make
sure that you understand the potential impact of any command.

Background Information

Purpose
Users that access the local server from outside Internet will access the server using a single URL or IP
address, however the NAT device is used to load share the user traffic to multiple identical servers with
mirrored content.

Description
Outside users A and B access the contents of the Web server with the outside visible IP address
172.16.2.3 (Virtual IP address of the servers). The NAT router translates the traffic destined for
172.16.1.3 to the inside IP addresses 10.1.1.1, 10.1.1.2 and 10.1.1.3 in a round robin fashion and
forwards it to the respective server. Each new session initiated from the outside user is translated to the
next physical server IP address.

Configure

Network Diagram

Steps
1. User-A initiates a TCP connection with virtual server IP address 172.16.2.3.
2. The NAT router, upon receiving the connection request, creates a NAT translation entry which
allocates the next available real server IP address (for example, 10.1.1.1).
3. The NAT router replaces the destination IP address with the allocated real IP address and forwards
the packet.
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200608-Server-Load-Balancing-Using-Dynamic-NAT.html 2/5
31/05/2022 09:29 Configure Server Load Balancing Using Dynamic NAT - Cisco

4. The server receives the packet and replies back to the source.
5. The NAT router receives the packet returned from the server and performs the NAT table lookup.
The router then translates the source address to the virtual server IP address (172.16.2.3) and forwards
the packet.
6. User-B initiates a TCP session with server virtual IP address 172.16.2.3. Upon receiving the
connection request, the NAT router translates this to the next available real server IP address (for
example, 10.1.1.2) and then forwards the packet to the server.

Since static NAT is bidirectional in the other direction, the destination of the packet will be translated.
When doing this form of NAT, it is triggered by sending TCP packets. Sending Internet Control Message
Protocol (ICMP) might not trigger the NAT translation.
Non-TCP traffic is directed to the first address in the pool.
Unlike static inside source NAT and static inside source PAT, the router does not respond to ARP inquiries
about the global address, unless that address is not assigned to its interface.Therefore, it might be
necessary to add it to an interface like the secondary. It is not possible to redirect ports with this method
of translation (for example, 80 and 1087). The ports must match.

Note: The NAT pool IP address need not be same as the external interface IP address. In order to
illustrate the same, the example uses an IP address from a different block 172.16.2.x than the
actual interface IP subnet 172.16.1.x.

1. Define a pool of addresses that contain the addresses of the real servers.
ip nat pool NATPOOL 10.1.1.1 10.1.1.3 prefix-length 24 type rotary

2. Define an access-list that permits the address of the virtual-server.


access-list 1 permit host 172.16.2.3

3. Enable a dynamic translation of inside destination addresses.


ip nat inside destination list <ACL name> pool <Pool Name>

ip nat inside destination list 1 pool NATPOOL

4. Define NAT inside and outside interfaces.


Interface gig0/0
ip address 10.1.1.4 255.255.255.0
Ip nat inside

Interface gig0/1
ip address 172.16.1.1 255.255.255.248
Ip nat outside

IP addresses 10.1.1.1, 10.1.1.2 and 10.1.1.3 will now be handed out in a rotary fashion when someone
tries to access IP address 172.16.2.3

Verify
In order to verify this, initiatie multiple TCP sessions from outside hosts to the virtual IP address. Debug
IP NAT translation/show ip nat translation output can be used for verification.

Router#
Router#
*Jul 24 13:27:41.193: NAT*: s=192.168.1.1, d=172.16.2.3->10.1.1.3 [22864]
*Jul 24 13:27:41.196: NAT*: s=10.1.1.3->172.16.2.3, d=192.168.1.1 [18226]
Router#
*Jul 24 13:27:44.329: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35533]
*Jul 24 13:27:44 331: NAT*: s=10 1 1 1->172 16 2 3 d=192 168 2 1 [14573]
https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200608-Server-Load-Balancing-Using-Dynamic-NAT.html 3/5
31/05/2022 09:29 Configure Server Load Balancing Using Dynamic NAT - Cisco
*Jul 24 13:27:44.331: NAT*: s=10.1.1.1->172.16.2.3, d=192.168.2.1 [14573]
*Jul 24 13:27:44.332: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35534]
*Jul 24 13:27:44.332: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35535]
*Jul 24 13:27:44.332: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35536]
*Jul 24 13:27:44.333: NAT*: s=10.1.1.1->172.16.2.3, d=192.168.2.1 [14574]
*Jul 24 13:27:44.365: NAT*: s=10.1.1.1->172.16.2.3, d=192.168.2.1 [14575]
*Jul 24 13:27:44.365: NAT*: s=10.1.1.1->172.16.2.3, d=192.168.2.1 [14576]
*Jul 24 13:27:44.368: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35537]
Router#
*Jul 24 13:27:44.369: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35538]
*Jul 24 13:27:44.369: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35539]
*Jul 24 13:27:44.369: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35540]
*Jul 24 13:27:44.371: NAT*: s=10.1.1.1->172.16.2.3, d=192.168.2.1 [14577]
*Jul 24 13:27:44.574: NAT*: s=10.1.1.1->172.16.2.3, d=192.168.2.1 [14578]
Router#
*Jul 24 13:27:46.474: NAT*: s=10.1.1.1->172.16.2.3, d=192.168.2.1 [14579]
*Jul 24 13:27:46.478: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35541]
*Jul 24 13:27:46.478: NAT*: s=192.168.2.1, d=172.16.2.3->10.1.1.1 [35542]
*Jul 24 13:27:46.479: NAT*: s=10.1.1.1->172.16.2.3, d=192.168.2.1 [14580]
Router#sh ip nat tr
Pro Inside global Inside local Outside local Outside global
tcp 172.16.2.3:23 10.1.1.1:23 192.168.2.1:49703 192.168.2.1:49703
tcp 172.16.2.3:23 10.1.1.2:23 192.168.2.1:50421 192.168.2.1:50421
tcp 172.16.2.3:80 10.1.1.3:80 192.168.1.1:26621 192.168.1.1:26621
Router#

Troubleshoot
There is currently no specific troubleshooting information available for this configuration.

Limitations
It cannot detect whether an internal server in the group fails. This means that the Cisco IOS always will
forward traffic to servers in the group, regardless of their operational status.
It cannot determine actual loads of the internal servers, so it cannot perform load balancing efficiently.

Quick Links -
About Cisco

Contact Us

Careers

Meet our Partners

Resources and Legal -


Feedback

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200608-Server-Load-Balancing-Using-Dynamic-NAT.html 4/5
31/05/2022 09:29 Configure Server Load Balancing Using Dynamic NAT - Cisco

Help

Terms & Conditions

Privacy Statement

Cookies

Trademarks

Supply Chain Transparency

Sitemap

©2022 Cisco Systems, Inc.

© 2022 Cisco and/or its affiliates. All rights reserved.

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/200608-Server-Load-Balancing-Using-Dynamic-NAT.html 5/5

You might also like