Specifications

How Can I Implement LSNAT?

September 8, 2010 Page 3 of 28

ServerandTCP/UDPportverificationcanensurethattheportsusedbyLSNATareoperational.

TCP/UPDportserviceverificationiscapableofdeterminingwhetheraserverisactivebefore 

creatingasession.Thisfeatureeliminatesthepointoffailurevulnerabilitybyautomatically

recognizingaserverisdownandtakingitout

oftheLSNATloadbalancingprocess.

SecurityisimprovedsinceonlytheVIPisknown,notthespecificserveraddresses,ensuringthat

onlytheappropriatetrafficgoestotheservers.

LSNATimprovesnetworkperformancebylevelingtrafficovermanysystems.UsingLSNATin

conjunctionwithAggregateLinksremovestheperformancebottleneck

andreliabilityconcernsof

onephysicallinktoaserverbybundlingmultiplelinks,withfailoverifalinkgoesdown.

UtilizingtheIP‐PolicyandQoSfeaturesoftheS‐Seriesand N‐SeriesdeviceswiththeLSNAT

featurefurtherimprovestheperformanceandsecurityofthenetwork.When

tiedwiththeVirtual

RedundantRouterProtocol(VRRP),thenetworkbecomesevenmorereliableandsecure.

Forallthesereasons,LSNATisidealforenterpriseaccountwebservers,applicationservers,or

databaseservers.

How Can I Implement LSNAT?

ToimplementLSNATinyournetwork:

1. Configureoneormoreserverfarmsby:

–Specifyingaserverfarmname

– Configuringrealserversasmembersoftheserverfarm

–Specifyingaloadbalancingalgorithmforeachserverfarm

2. Configureeachrealserverby:

– Optionallyconfiguringrealserverfail‐detectsettings

– Optionallylimitingthemaximumnumberof

activeconnectionsforthisrealserver

– Optionallyspecifyingaroundrobinweightvalueforthisrealserver

–Enablingtherealserverforservice

3. Configureavirtualserverby:

–Specifyingavirtualservername

– Associatingavirtualserverwithaserverfarm

– ConfiguringavirtualserverIPaddress(VIP)

– Optionallyrestrictingaccesstospecificvirtual

serverclients

– Optionallyspecifyingastickytypeandidletimeout

–Enablingthevirtualserverforservice

4. Configureglobalvirtualserversettingsby:

– Optionallydefininganon‐standardFTPporttobeusedbyvirtualservers

– Optionallyallowingallclientstodirectlyaccessallservicesprovidedbyrealservers

5. Managearealserverbyoptionally

clearingloadbalancingconnectionsorstatistics