NAT 2 - TCP Load Distribution using Rotary NAT

晚上到家研究了下Rotary NAT， 發現一篇言簡意賅的文章。然後用GNS做了下實驗練習，感覺甚爽。

不過一看時間也該睡覺了，先原文轉載吧，明天把這篇文章翻一下，然後附上我的改編後（Rotary NAT + PAT）GNS3實驗結果。

原文出處： https://sites.google.com/site/amitsciscozone/home/nat/tcp-load-distribution-using-rotary-nat

TCP Load Distribution using Rotary NAT

Network topology:

An organization has multiple servers that serve multiple hosts. Using Rotary NAT, a virtual server is established in the inside network which communicates with real servers. Destination addresses that match an access-list (permitting the IP address of virtual server) are replaced with addresses from a rotary pool. Allocation is done on a round-robin basis. The NAT router performs the following steps when translating rotary addresses-

1. A host opens a TCP connection with virtual server 10.1.1.5
2. The router receives the connection request and creates a translation, allocating the next real server IP address.
3. The router replaces the destination IP address with the selected real IP address and forwards the packet.
4. The server receives the packet and responds.
5. The router receives the packet and performs the NAT table lookup. The router then translates the source address to virtual server IP address forwards the packet.

Configuration:

We define a pool of addresses containing the addresses of the real servers. This can be done using the global configuration command-

    ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length} type rotary

ip nat pool SERVER_LIST 10.1.1.10 10.1.1.11 prefix-length 24 type rotary

We define an access-list permitting the address of virtual-server 10.1.1.5. Non-TCP traffic is passed untranslated.

access-list 110 permit tcp any host 10.1.1.5

Then we establish dynamic inside destination translation specifying the access-list defined above. This is done using the global configuration command-

    ip nat inside destination list access-list-number pool name

ip nat inside destination list 110 pool SERVER_LIST

Lastly, we define inside and outside interface for NAT.

interface fastethernet 0/0
 ip nat inside
!
interface fastethernet 0/1
 ip nat outside
!

Verification:

When multiple Telnet sessions (TCP session, port 23) are established to virtual server IP address 10.1.1.5, the NAT router allocates IP addresses of different internal servers in a round-robin fashion. The following output shows that 3 different Telnet sessions are opened to 10.1.1.5. The NAT router allocates the first session to 10.1.1.10, second session to 10.1.1.11 and third session back to 10.1.1.10

NAT Translation Table

NAT_Router# show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 10.1.1.5:23        10.1.1.10:23       192.168.1.2:24440  192.168.1.2:24440
tcp 10.1.1.5:23        10.1.1.10:23       192.168.1.2:50804  192.168.1.2:50804
tcp 10.1.1.5:23        10.1.1.11:23       192.168.1.2:38530  192.168.1.2:38530