Manualshelf

User guide

ManualsBrandsExtreme Networks ManualsSwitchPx Series
151152153154155156157158159160
151 ExtremeWarePx1 1.2 Command Reference Guide
Commands for Persistence Modes, and NAT Modes
configure nat-mode server-only
configure nat-mode server-only
Description
ConÞgures half-NAT mode (server-only Network Address Translation) on the application switch.
Syntax Description
This command has no parameters.
Default
Full-NAT mode is the default behavior of the application switch.
Usage Guidelines
You must have administrator privileges to issue this command.
In half-NAT mode, the application switch only translates the server IP address when dispatching the
client requests to the real server. Half-NAT mode results in the server believing that the request came
from the client, instead of the application switch. Using half-NAT mode, the server sees the real IP
address of the client.
Half-NAT mode must be conÞgured on both the application switch and the attached layer 3 switch.
Policy-based routing allows layer 3 switches to make next-hop forwarding decisions based on
information other than simply the IP destination address of the request.
On an Extreme switch, use the following ExtremeWare commands to conÞgure the policy routes
required for half-NAT:
create source-flow <name> source-ip <server ip> source-port <server-port> protocol tcp
destination any
config source-flow <name> next-hop <SLB VIP>
These policy rules route all trafÞc from the load-balanced port on the server to the application switch. If
other locally-attached networks need to use the facility provided by that port without using the load
balancer, more speciÞc rules need to be written to steer trafÞc directly back to the correct routers.
Advantages of Half-NAT mode are:
¥ Allows the server logs on the real web site to reßect the IP address of the real client making a
request, rather than a proxy address of the application switch.
¥ Allows the use of IP address based security methods such as Unix Netgroups. This is primarily a
concern for enterprise data centers.
NOTE
Half-NAT mode cannot be used if clients and servers are on the same layer 3 network. Policy-based
routing occurs at layer 3 and cannot be applied without crossing a layer 3 network boundary.
You must use the build command to commit the conÞguration changes made by this command.