NAT
From LB Wiki
Most load balancing works through NAT (Network Address Translation). As traffic hits the VIP on the load balancer, the load balancer re-writes the destination IP address to that of a real server.
There are two types of NAT: Half-NAT and Full-NAT. Both re-write the destination address. However, full-NAT (also known as SNAT) also re-writes the source IP address, making it appear to the server that all connections are origination from the load balancer.
Half-NAT Example
Another term for "half-NAT" is transparency, since the source IP address is preserved, i.e. it operates "transparently".
Below is a NAT table, using the following IP addresses:
- Client IP: 1.1.1.1
- Virtual IP on load balancer: 2.2.2.2
- Server IP: 3.3.3.3
| NAT Table | |||
|---|---|---|---|
| Step | Process | Source IP | Destination IP |
| Step 1 | Client to load balancer | 1.1.1.1 | 2.2.2.2 |
| Step 2 | Load balancer to server | 1.1.1.1 | 3.3.3.3 |
| Step 3 | Server to load balancer | 3.3.3.3 | 1.1.1.1 |
| Step 4 | Load balancer to client | 2.2.2.2 | 1.1.1.1 |
In step 2, you'll notice that the server sees the connection coming from 1.1.1.1, so we preserve the true source. In many situations, this is preferable, because log analyzers often require that the true source be preserved in order to get accurate measures of site utilization.
Full-NAT/SNAT
Opposite of half-NAT is full-NAT, also known as "SNAT", "Source NAT", or "proxy mode". This is where the source and destination IP addresses are changed.
For an example, take the following set of IP addresses:
- Client IP: 1.1.1.1
- VIP on load balancer: 2.2.2.2
- Source-NAT IP: 3.3.3.1
- Server IP: 3.3.3.3
Notice we have one more IP address than we did in our half-NAT example above. We use this IP as the source address of all requests that we send to the server. From the server's perspective, all incoming connections appear to come from 3.3.3.1, instead of the true source of 1.1.1.1.
| Full-NAT NAT Table | |||
|---|---|---|---|
| Step | Process | Source IP | Destination IP |
| Step 1 | Client to load balancer | 1.1.1.1 | 2.2.2.2 |
| Step 2 | Load balancer to server | 3.3.3.1 | 3.3.3.3 |
| Step 3 | Server to load balancer | 3.3.3.3 | 3.3.3.1 |
| Step 4 | Load balancer to client | 2.2.2.2 | 1.1.1.1 |
_____________________
