VMware Networking Community
networlddsg
Enthusiast
Enthusiast
‎06-12-2017 04:23 PM

About NSX Edge edge services gateway (ESG) load balancer

Hello.

There is a question with the movement of ESG's load balancer.

◆ Question

I want to make source address NAT only when communication arrives at a specific VIP.

Also, in this NAT processing, it is desired to change the address to be further converted by judging the source IP address from the user.

0 Kudos
8 Replies
Sreec
VMware Employee
VMware Employee
‎06-13-2017 04:01 AM

I want to make source address NAT only when communication arrives at a specific VIP.

This query is not clear for me . Does that mean you have multiple VIP/server pools in this setup ?

Note :  For one-arm mode SNAT/DNAT is required and for Inline only DNAT is required

Also, in this NAT processing, it is desired to change the address to be further converted by judging the source IP address from the user.

Is this one-arm or Inline mode ? If it is One-arm ,by default Servers behind LB wont see the client IP-X forwarding is required - for inline we can see client ip default

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
networlddsg
Enthusiast
Enthusiast
‎06-13-2017 05:35 AM

Thanks for your comment.

I'm sorry, my English is not good.

I tried drawing an easy to understand figure.

LB.png

Make source NAT only for a specific source for communication addressed to VIP

Is it possible with NSX LB?

0 Kudos
Sreec
VMware Employee
VMware Employee
‎06-13-2017 06:03 AM

Appreciate for providing that diagram. This is inline load balancing and ESG will be the gateway for load-balanced servers. Only DNAT is required in this case and by default client IP will be visible for servers.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
networlddsg
Enthusiast
Enthusiast
‎06-13-2017 07:41 AM

Thanks for your comment

Do I need DNAT instead of SNAT?

Do not let the source NAT do "inline load balancing".

Sender NAT is done with "inline load balancing" and "SNAT".

(Using 5-tuple of NSX 6.3)

Do you recognize differently?

0 Kudos
Sreec
VMware Employee
VMware Employee
‎06-13-2017 11:29 AM

This is inline LB like i said earlier. So LB will perform DNAT to replace Client IP with one of the server IP . Next step would be Sever replying back to LB (Server GW would be ESG internal IP) .Once after that LB should reply back to the client (192.168.10.1 or 20.1) which would be a SNAT . So in a nutshell , LB to Server and Server to LB - DNAT is only required

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
networlddsg
Enthusiast
Enthusiast
‎06-13-2017 11:12 PM

I understood the movement of inline load balancing.

Is SNAT movement possible using inline load balancing?

LB3.png

I feel I can do it with inline load balancing and SNAT.

Or inline load balancing can not do SNAT?

0 Kudos
Sreec
VMware Employee
VMware Employee
‎06-16-2017 03:31 AM

Sorry for the late reply. If you don't want the client IP to be preserved. You can do in-line load balancing without Enabling Transparent mode.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
0 Kudos
networlddsg
Enthusiast
Enthusiast
‎06-17-2017 09:59 AM

Thank you.

I was talking here and it came out in detail.

I have a doubt but this is a new thread asking questions.

0 Kudos