晚上到家研究了下Rotary NAT, 發現一篇言簡意賅的文章。然後用GNS做了下實驗練習,感覺甚爽。
不過一看時間也該睡覺了,先原文轉載吧,明天把這篇文章翻一下,然後附上我的改編後(Rotary NAT + PAT)GNS3實驗結果。
原文出處: https://sites.google.com/site/amitsciscozone/home/nat/tcp-load-distribution-using-rotary-nat
TCP Load Distribution using Rotary NAT
Network topology:
An organization has multiple servers that serve multiple hosts. Using Rotary NAT, a virtual server is established in the inside network which communicates with real servers. Destination addresses that match an access-list (permitting the IP address of virtual server) are replaced with addresses from a rotary pool. Allocation is done on a round-robin basis. The NAT router performs the following steps when translating rotary addresses-
- A host opens a TCP connection with virtual server 10.1.1.5
- The router receives the connection request and creates a translation, allocating the next real server IP address.
- The router replaces the destination IP address with the selected real IP address and forwards the packet.
- The server receives the packet and responds.
- The router receives the packet and performs the NAT table lookup. The router then translates the source address to virtual server IP address forwards the packet.
Configuration:
We define a pool of addresses containing the addresses of the real servers. This can be done using the global configuration command-
ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} type rotary
We define an access-list permitting the address of virtual-server 10.1.1.5. Non-TCP traffic is passed untranslated.
Then we establish dynamic inside destination translation specifying the access-list defined above. This is done using the global configuration command-
ip nat inside destination list access-list-number pool name
Lastly, we define inside and outside interface for NAT.
Verification:
When multiple Telnet sessions (TCP session, port 23) are established to virtual server IP address 10.1.1.5, the NAT router allocates IP addresses of different internal servers in a round-robin fashion. The following output shows that 3 different Telnet sessions are opened to 10.1.1.5. The NAT router allocates the first session to 10.1.1.10, second session to 10.1.1.11 and third session back to 10.1.1.10