Global source NAT
Similar to F5’s Automap
Automap will SNAT any traffic going towards the real-server. The client’s source IP will be replaced with the self-IP configured on the Brocade’s interface closest to the real servers. SNAT is implemented for ALL the real servers.
Warning: Do not use automap in environments with any considerable number of clients and/or servers, since there is a high chance to run into port-exhaustion and connections will drop.
The client’s source IP will be replaced with the
192.168.100.100 configured in the second line.
port-alloc-per-real command indicates that a SNAT IP:port combination can be re-used per real server at any particular instance. The
port-range parameter specifies which port range this peer uses for source NAT for this source IP address. Specify 1 for the lower port range or 2 for the upper port range.
Per-real-server source NAT
SNAT IP is the IP of the interface closest to the real servers.
SNAT is implemented for real servers by configuring them with
Per-real-server source NAT with ACL
Same as automap per-real-server, but in this case, SNAT is implemented only for traffic originating from private
192.168.100.0/22 network by utilizing an access-list. This way, the access to the VIP from other real servers and the client requests from the Internet will not be subjected to SNAT, their IP will not change.
server source-nat-ip 192.168.100.100 255.255.255.255 0.0.0.0 port-range 2 port-alloc-per-real
If a SNAT configuration is used in an HA config, add the
source-nat-ip into the
vip-group in order for the secondary to take over the SNAT IP, in case of a failover:
Server Load Balancing : Source NAT – http://www.brocade.com/downloads/documents/html_product_manuals/VADX_03000_SLB/wwhelp/wwhimpl/common/html/wwhelp.htm#context=Virtual_ADX_0300_SLBGuide&file=slb_V_ADX.04.06.html