EMAIL SUPPORT
dclessons@dclessons.comLOCATION
USNSX Edge Network Service & Gateway
Network Address Translation:
NAT is method of changing the Source IP of destination IP of packet. The Router that does the NT translation is called as NAT Router.
NAT router that changes the Source IP is called as SNAT and the NAT Router that changes the destination IP is called is DNAT.
If an ingress packet arrives in the router matching a particular source IP, the source IP is changed for a predetermined one and then the packet is sent on its way. The same logic applies if doing DNAT. The NSX Edge supports SNAT and DNAT.
The configurations for applying NAT are done via NAT rules. For NAT rules to be effective, an interface must be identified, and the direction of the packet flow is based on this interface. Packets arriving at this interface are considered ingress packets, and packets going out of this interface are considered egress packets. If an SNAT rule is applied to an interface, the source IP address of the ingress packet is changed. If a DNAT rule is applied to an interface, the destination IP of the egress packet is changed. The NAT router keeps a NAT table of all translated IPs so return traffic in the flow can have the NAT reversed. The return traffic must come through the interface that has the NAT rule that was applied to the flow.
NSX EDGE Load balancer:
NSX Load Balancer is the method of load balancing the destination traffic among various internal servers when the traffic hits on VIP.
The VIP is mapped in the load balancer to an application that represents the service, called the application profile. The application profile is load balanced to a list of servers running the workload, called the server pool. The IPs in the server pool act as the equivalent of the translated destination IPs in a DNAT rule. Traffic that matches the criteria included in the application profile triggers ingress traffic to be load balanced.
Once a VIP is mapped to an application profile and server pool, it is called a virtual server. The NSX Edge can have virtual servers that trigger load balancing based on Layer 4 information, TCP and UDP, Layer 7 information, and HTTP and HTTPS. Below Table shows the maximum number of VIPs, server pools, and servers that the Edge supports.
Below figure shows an example of an NSX Edge load balancer. The Edge has a VIP of 10.10.10.3, a server pool that includes IPs 10.10.11.3, 10.10.11.4, and 10.10.11.5, and an application profile that matches destination TCP ports 80 or 8080. In Figure, any user that wants to reach a web page on ports 80 or 8080 at 10.10.10.3 is redirected to one of the three servers in the server pool. The redirection happens by doing a DNAT on the user packets. The source IP of the packets is not altered.
The load balancer configuration shown in above Figure is called In-Line or Transparent Mode. When deploying the load balancer in Transparent Mode, the Edge must have an interface directly connected to the segment where the members in the server pool are located, and the Edge must be the default gateway for the servers.
Comment
TABLE OF CONTENTS
- LAB NSX Manager Installation
- LAB NSX Logical Switching Configuration
- LAB NSX Logical Router Configuration
- LAB NSX EDGE SERVICES GATEWAY
- Gateway
- LAB NSX Edge Service Gateway as DHCP Relay
- LAB NSX Configuring L2VPN
- LAB NSX DFW Configuration
- LAB NSX Dynamic Security Group Configuration
- LAB NSX Micro-Segmentation
RECENT POSTS
- What is Docker and Why is It Important?
- Learn Python 3.0 Programming for Network Automation
- Cisco ACI Data Centre: A Comprehensive Overview
- How to Prepare for the Microsoft Azure AZ-305 Exam
- AWS Training Certification Course for Solutions Architect
- Cisco SASE Architecture
- SASE vs SD-WAN
- What is SASE
- Accessing Amazon S3 using AWS private Link in Secure hybrid method.
- Cisco Smart Licensing Policy
LEAVE A COMMENT
Please login here to comment.