Hello.
There is a question with the movement of ESG's load balancer.
◆ Question
I want to make source address NAT only when communication arrives at a specific VIP.
Also, in this NAT processing, it is desired to change the address to be further converted by judging the source IP address from the user.
I want to make source address NAT only when communication arrives at a specific VIP.
This query is not clear for me . Does that mean you have multiple VIP/server pools in this setup ?
Note : For one-arm mode SNAT/DNAT is required and for Inline only DNAT is required
Also, in this NAT processing, it is desired to change the address to be further converted by judging the source IP address from the user.
Is this one-arm or Inline mode ? If it is One-arm ,by default Servers behind LB wont see the client IP-X forwarding is required - for inline we can see client ip default
Thanks for your comment.
I'm sorry, my English is not good.
I tried drawing an easy to understand figure.
Make source NAT only for a specific source for communication addressed to VIP
Is it possible with NSX LB?
Appreciate for providing that diagram. This is inline load balancing and ESG will be the gateway for load-balanced servers. Only DNAT is required in this case and by default client IP will be visible for servers.
Thanks for your comment
Do I need DNAT instead of SNAT?
Do not let the source NAT do "inline load balancing".
Sender NAT is done with "inline load balancing" and "SNAT".
(Using 5-tuple of NSX 6.3)
Do you recognize differently?
This is inline LB like i said earlier. So LB will perform DNAT to replace Client IP with one of the server IP . Next step would be Sever replying back to LB (Server GW would be ESG internal IP) .Once after that LB should reply back to the client (192.168.10.1 or 20.1) which would be a SNAT . So in a nutshell , LB to Server and Server to LB - DNAT is only required
I understood the movement of inline load balancing.
Is SNAT movement possible using inline load balancing?
I feel I can do it with inline load balancing and SNAT.
Or inline load balancing can not do SNAT?
Sorry for the late reply. If you don't want the client IP to be preserved. You can do in-line load balancing without Enabling Transparent mode.
Thank you.
I was talking here and it came out in detail.
I have a doubt but this is a new thread asking questions.