I assume you associate your SNAT pool in a VIP:Port (One-Arm mode deployment).
.Case with NO gateway configured in the SNAT: Incoming traffic: - Client sends traffic to the VIP (Client-IP@ => VIP@:80) - AX forwards request to the server with SNAT (SNAT-IP@ => S1-IP@:80) Outgoing traffic: - Server replies to the SNAT-IP@ (S1-IP@:80 => SNAT-IP@) - AX forwards response to the client (VIP@:80 => Client-IP@) Important Point: To know where to forward that packet, the AX looks at its routing table to know what is the next hop.
.Case with gateway configured in the SNAT: Incoming traffic = Same: - Client sends traffic to the VIP (Client-IP@ => VIP@:80) - AX forwards request to the server with SNAT (SNAT-IP@ => S1-IP@:80) Outgoing traffic: - Server replies to the SNAT-IP@ (S1-IP@:80 => SNAT-IP@) - AX forwards response to the client (VIP@:80 => Client-IP@) Important Point: To know where to forward that packet, the AX does NOT look at its routing table, but use the next hop configured in the SNAT-gateway.
In 99%+ of cases, AX knows where to go reply to the client looking at its routing table => there is no need to configure anything in SNAT-gateway.
Hrmm... My sales engineer told me to set "use received hop for response" in order to get the behavior you describe above. What's the difference between that setting and putting a gateway in the SNAT?
. "use received hop for response" Client talks to the VIP (AX). AX records from what router this packet comes from (looking at the source Mac@). Then when the AX replies to the client, AX doesn't look at its routing table but sends its response via that router.
. "Gateway configured in the SNAT" Client talks to the VIP (AX). AX doesn't record from what router this packet comes from. Then when the AX replies to the client, AX doesn't look at its routing table but sends its response via that router configured in the SNAT gateway.
Comments
I assume you associate your SNAT pool in a VIP:Port (One-Arm mode deployment).
.Case with NO gateway configured in the SNAT:
Incoming traffic:
- Client sends traffic to the VIP (Client-IP@ => VIP@:80)
- AX forwards request to the server with SNAT (SNAT-IP@ => S1-IP@:80)
Outgoing traffic:
- Server replies to the SNAT-IP@ (S1-IP@:80 => SNAT-IP@)
- AX forwards response to the client (VIP@:80 => Client-IP@)
Important Point: To know where to forward that packet, the AX looks at its routing table to know what is the next hop.
.Case with gateway configured in the SNAT:
Incoming traffic = Same:
- Client sends traffic to the VIP (Client-IP@ => VIP@:80)
- AX forwards request to the server with SNAT (SNAT-IP@ => S1-IP@:80)
Outgoing traffic:
- Server replies to the SNAT-IP@ (S1-IP@:80 => SNAT-IP@)
- AX forwards response to the client (VIP@:80 => Client-IP@)
Important Point: To know where to forward that packet, the AX does NOT look at its routing table, but use the next hop configured in the SNAT-gateway.
In 99%+ of cases, AX knows where to go reply to the client looking at its routing table => there is no need to configure anything in SNAT-gateway.
Hrmm... My sales engineer told me to set "use received hop for response" in order to get the behavior you describe above. What's the difference between that setting and putting a gateway in the SNAT?
That's 2 different things => for different needs.
. "use received hop for response"
Client talks to the VIP (AX). AX records from what router this packet comes from (looking at the source Mac@).
Then when the AX replies to the client, AX doesn't look at its routing table but sends its response via that router.
. "Gateway configured in the SNAT"
Client talks to the VIP (AX). AX doesn't record from what router this packet comes from.
Then when the AX replies to the client, AX doesn't look at its routing table but sends its response via that router configured in the SNAT gateway.
Makes sense?
Dimitri
Thank you, I understand