Hello,
I need to create a virtual port that translate port and dest. But the ACOS force me to check “no dest nat” first before allow me to check “port translation”.
So A10 can’t translate port and dest in the same virtual port/service? Am I correct?
No you are not correct, A10 can translate port and destination in the same virtual port/service. And that is default behaviour. Lets look at the following config:
slb server server1 10.0.0.101
port 80 tcp
slb server server2 10.0.0.102
port 8080 tcp
slb service-group webservers tcp
member server1:80
member server2:8080
slb virtual-server webservice 192.168.0.200
port 80 tcp
service-group webservers
The default operation of this setup is destination nat; the client connects to destination IP 192.168.0.200, and when we forward it on to the “real server” it gets nat-ed to the IP of that server, 10.0.0.101 or 10.0.0.102. And when server 10.0.0.102 gets selected we have stated that the service runs on port 8080 on that server, so the port gets translated as well. “no dest nat” would disable the NAT features to just forward the connection to the MAC of the selected server, you would need that for Direct Server Return, when you want the server to communicate back to the client directly. In that case you do have the option to enable port translation again.
Many thanks. By the way, how to disable “port translation” but enable dest translation? Cab we?
It depends on the setup you are trying to achieve.
If you have traffic coming into a specific port as in my example, (virtual-server port 80) and you want to map that to the same port on the real-server, simply use the same port. (as I did with server1)
If you do not want to do anything on the port level, you can do L3 load balancing, port information will then be preserved. You can use that in combination with wildcard VIPs.
If you have traffic coming into a specific port as in my example, (virtual-server port 80) and you want to map that to the same port on the real-server, simply use the same port. (as I did with server1)
I think we can’t do like that when each real-server opens on difference port (sv1 8080, sv2 8800, vs 80)
If you do not want to do anything on the port level, you can do L3 load balancing, port information will then be preserved. You can use that in combination with wildcard VIPs.
When we do L3 LB, we can’t use L5-L7 template right?
What is the use case?
If you have the service running on different ports on the real-server side;
sv1 8080
sv2 8800
then you need to change the port else it will never get accepted by the real server.
if you have many different ports on the VIP/virtual-server, then why not create a service-group per port? you can also use port ranges.
if you really need wildcard ports and revert to L3 load balancing, you can indeed not use L4-7 templates.