Global source NAT
Similar to F5’s Automap
Automap will SNAT any traffic going towards the real-server. The client’s source IP will be replaced with the self-IP configured on the Brocade’s interface closest to the real servers. SNAT is implemented for ALL the real servers.
Warning: Do not use automap in environments with any considerable number of clients and/or servers, since there is a high chance to run into port-exhaustion and connections will drop.
SNAT IP
The client’s source IP will be replaced with the 192.168.100.100 configured in the second line.
The port-alloc-per-real command indicates that a SNAT IP:port combination can be re-used per real server at any particular instance. The port-range parameter specifies which port range this peer uses for source NAT for this source IP address. Specify 1 for the lower port range or 2 for the upper port range.
Per-real-server source NAT
SNAT IP is the IP of the interface closest to the real servers.
SNAT is implemented for real servers by configuring them with source-nat command:
Per-real-server source NAT with ACL
Same as automap per-real-server, but in this case, SNAT is implemented only for traffic originating from private 192.168.100.0/22 network by utilizing an access-list. This way, the access to the VIP from other real servers and the client requests from the Internet will not be subjected to SNAT, their IP will not change.
server source-nat-ip 192.168.100.100 255.255.255.255 0.0.0.0 port-range 2 port-alloc-per-real
HA considerations
If a SNAT configuration is used in an HA config, add the source-nat-ip into the vip-group in order for the secondary to take over the SNAT IP, in case of a failover:
Related links
Server Load Balancing : Source NAT – http://www.brocade.com/downloads/documents/html_product_manuals/VADX_03000_SLB/wwhelp/wwhimpl/common/html/wwhelp.htm#context=Virtual_ADX_0300_SLBGuide&file=slb_V_ADX.04.06.html