beautypg.com

Configuring full-nat mode and proxy ip addresses, Server-only half-nat mode – Extreme Networks Px Series User Manual

Page 73

background image

Px Series Application Switch Installation and Configuration Guide

6-15

NAT Modes

Configuring Full-NAT Mode and Proxy IP Addresses

Full-NAT mode is the default behavior of the application switch. If another NAT mode
was in use previously, use the following command to set it back to full:

config nat-mode full

To function properly, the application switch requires that proxy IP addresses be
configured. These proxy addresses are used as the source IP addresses for the outbound
connection to the server. One proxy address must be configured for each 63,000 sessions
active at one time. For full system capacity, you must configure 32 IP addresses.

To set a proxy IP address or a range of proxy addresses, use the following command:

config proxy-ip [- ]

Proxy-ip addresses do not need to be contiguous. You can use multiple commands to
specify different ranges of IP addresses to use as proxy addresses. The only restriction is
that all addresses must be on the same subnet as the main system IP address.

Do not change the proxy IP while the application switch is running. Boot the
application switch for the proxy IP information to take effect.

Server-only Half-NAT Mode

In half-NAT mode, the application switch only translates the server IP address when
dispatching the client requests to the real server. Half-NAT mode results in the server
believing that the request came from the client, instead of the application switch. Using
half-NAT mode, the server sees the real IP address of the client.

Because the server fulfilling the request believes that the request came directly from the
actual client, and not the application switch, the server attempts to respond directly to
the client. However, for the connection to be completed appropriately, the application
switch needs to see the return traffic so that it can perform reverse NAT on the server
portion of the address.

To route the traffic correctly from the server back into the application switch, and back
to the client, the layer 3 switch attached to the application switch must support
policy-based routing.

Policy-based routing allows layer 3 switches to make next-hop forwarding decisions
based on information other than simply the IP destination address of the request. In this
case, the next-hop decision must be based on the fact that the source of the request is