beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 31

background image

25

Item Description

Enable Forced LB

When you select UDP as the protocol, set whether to enable the mechanism of
distributing services based on packets.
Packet exchange for some UDP-based services, such as DNS, RADIUS, and so on,
can be completed in one exchanging process, and in some specific scenarios, the

quintuple of packets is the same. In this case, load balancing cannot be

implemented on service packets based on the session-based load balancing mode.
Therefore, forced load balancing needs to be enabled to implement load balancing

of service packets according to the mechanism of distributing services based on

packets.

IMPORTANT:

Forced load balancing of fragmented packets is implemented based on virtual

fragment reassembly. Therefore, you must enable virtual fragment reassembly on the
zone to which the interfaces that process LB packets belong. For more information, see

Security Configuration Guide.

Port

Set the port number used by the cluster to provide services.

Forwarding Mode

Load balancing mode adopted:

NAT—NAT-mode server load balancing.

Direct Routing—DR-mode server load balancing.

Firewall—Firewall load balancing.

IMPORTANT:

For NAT-mode server load balancing, to implement NAT internal server on the LB

product's interface attached to the user network, do not configure the VSIP as the
external IP address of the internal server. Otherwise, the two functions may conflict

with each other.

Enable SNAT

Enable source address NAT translation, which changes the source address of a
packet during load balancing.
This option can be set only when the forwarding mode is NAT.

IMPORTANT:

After you enable SNAT for the virtual service, do not configure NAT on the LB

product's interface connecting the real server for traffic matching the virtual service.

Otherwise, the two functions may conflict with each other.

SNAT IP Pool

Configure an SNAT IP address pool.
The option can be set when Enable SNAT is selected. Its default value is the virtual
service IP address.
The start IP address and end IP address must be both configured or both empty, and
the end IP address must be greater than the start IP address.

IMPORTANT:

The SNAT address pool cannot have overlapping address spaces with the address

pool configured for dynamic NAT on the interface that connects the device to the real
server. Otherwise, TCP packet checksum calculation error may occur.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: