H3C Technologies H3C SecBlade LB Cards User Manual

28

Item Description

Enable Forced LB

When you select UDP as the protocol, set whether to enable the mechanism of
distributing services based on packets.
Packet exchange for some UDP-based services, such as DNS and RADIUS, can
be completed in one exchanging process, and in some specific scenarios, the

quintuple of packets is the same. In this case, load balancing cannot be

implemented on service packets based on the session-based load balancing
mode. Therefore, forced load balancing needs to be enabled to implement load

balancing of service packets according to the mechanism of distributing

services based on packets.

IMPORTANT:

Forced load balancing of fragmented packets is implemented based on virtual

fragment reassembly. Therefore, you must enable virtual fragment reassembly on
the zone to which the interfaces that process LB packets belong. For more

information, see

Security Configuration Guide.

Port

Port number of the services provided by the cluster.

Enable SNAT

Enable source address NAT translation, which changes the source address of a
packet during load balancing.

IMPORTANT:

After you enable SNAT for the virtual service, do not configure NAT on the LB

product's interface connecting the real server for traffic matching the virtual
service. Otherwise, the two functions may conflict with each other.

SNAT IP Pool

Configure an SNAT IP address pool.
The option can be set when Enable SNAT is selected. Its default value is the

virtual service IP address.
The start IP address and end IP address must be both configured or both empty,
and the end IP address must be greater than the start IP address.

IMPORTANT:

The SNAT address pool cannot have overlapping address spaces with the address

pool configured for dynamic NAT on the interface that connects the device to the

real server. Otherwise, TCP packet checksum calculation error may occur.