NAT 2 - TCP Load Distribution using Rotary NAT

晚上到家研究了下Rotary NAT， 发现一篇言简意赅的文章。然后用GNS做了下实验练习，感觉甚爽。

不过一看时间也该睡觉了，先原文转载吧，明天把这篇文章翻一下，然后附上我的改编后（Rotary NAT + PAT）GNS3实验结果。

原文出处： https://sites.google.com/site/amitsciscozone/home/nat/tcp-load-distribution-using-rotary-nat

TCP Load Distribution using Rotary NAT

Network topology:

An organization has multiple servers that serve multiple hosts. Using Rotary NAT, a  virtual server  is established in the inside network which communicates with real servers. Destination addresses that match an access-list (permitting the IP address of virtual server) are replaced with addresses from a rotary pool. Allocation is done on a round-robin basis. The NAT router performs the following steps when translating rotary addresses-

1. A host opens a TCP connection with virtual server 10.1.1.5
2. The router receives the connection request and creates a translation, allocating the next real server IP address.
3. The router replaces the destination IP address with the selected real IP address and forwards the packet.
4. The server receives the packet and responds.
5. The router receives the packet and performs the NAT table lookup. The router then translates the source address to virtual server IP address forwards the packet.

Configuration:

We define a pool of addresses containing the addresses of the real servers. This can be done using the global configuration command-

     ip nat pool   name start-ip end-ip   {netmask  netmask |  prefix-length   prefix-length } type rotary

ip nat pool SERVER_LIST 10.1.1.10 10.1.1.11 prefix-length 24 type rotary

We define an access-list permitting the address of virtual-server 10.1.1.5. Non-TCP traffic is passed untranslated.

access-list 110 permit tcp any host 10.1.1.5

Then we establish dynamic inside destination translation specifying the access-list defined above. This is done using the global configuration command-

     ip nat inside destination list   access-list-number   pool   name

ip nat inside destination list 110 pool SERVER_LIST

Lastly, we define  inside  and  outside  interface for NAT.

interface fastethernet 0/0
 ip nat inside
!
interface fastethernet 0/1
 ip nat outside
!

Verification:

When multiple Telnet sessions (TCP session, port 23) are established to virtual server IP address 10.1.1.5, the NAT router allocates IP addresses of different internal servers in a round-robin fashion. The following output shows that 3 different Telnet sessions are opened to 10.1.1.5. The NAT router allocates the first session to 10.1.1.10, second session to 10.1.1.11 and third session back to 10.1.1.10

NAT Translation Table

NAT_Router# show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 10.1.1.5:23        10.1.1.10:23       192.168.1.2:24440  192.168.1.2:24440
tcp 10.1.1.5:23        10.1.1.10:23       192.168.1.2:50804  192.168.1.2:50804
tcp 10.1.1.5:23        10.1.1.11:23       192.168.1.2:38530  192.168.1.2:38530