VMware Networking Community
vmb01
Enthusiast
Enthusiast
‎09-28-2018 06:27 AM
Jump to solution

NLB in transparent mode

I'm doing some NLB tests and I've discovered that It's possible to use the tranparent mode (putting the flag in the EDIT POOL GUI), with both the toplogies; in-line and harmed.

So, why I always read in the docs that the transparent feature requires an  in-line topology.

0 Kudos
1 Solution

Accepted Solutions
lhoffer
VMware Employee
VMware Employee
‎09-28-2018 06:35 AM
Jump to solution

The issue with a one armed topology in transparent mode is that direct server return (DSR), where return traffic from the pool member to client is sent directly to the client and bypasses the LB, is unsupported (even if it might work in some scenarios).  You can still have a design where the transparent LB is on the same subnet as the pool member similar to a one armed topology, but the pool member in that scenario must have the LB configured as its default gateway to ensure that it remains in the traffic path.  See Configure a One-Armed Load Balancer​ for additional reference.

View solution in original post

0 Kudos
3 Replies
lhoffer
VMware Employee
VMware Employee
‎09-28-2018 06:35 AM
Jump to solution

The issue with a one armed topology in transparent mode is that direct server return (DSR), where return traffic from the pool member to client is sent directly to the client and bypasses the LB, is unsupported (even if it might work in some scenarios).  You can still have a design where the transparent LB is on the same subnet as the pool member similar to a one armed topology, but the pool member in that scenario must have the LB configured as its default gateway to ensure that it remains in the traffic path.  See Configure a One-Armed Load Balancer​ for additional reference.

0 Kudos
vmb01
Enthusiast
Enthusiast
‎09-28-2018 07:44 AM
Jump to solution

Thanks!

And..how many nat rules I wil find in the edge NAT tab with the different topologies?

0 Kudos
lhoffer
VMware Employee
VMware Employee
‎09-28-2018 07:57 AM
Jump to solution

Transparent mode only performs DNAT so that's all you'll ever see in that scenario.  For one armed mode, both SNAT and DNAT are performed, however, if you're looking at the NAT config on the edge, you'll still only see the DNAT rule that the LB creates unless your virtual server has acceleration enabled (otherwise the L7 LB engine is actually establishing a separate backend connection to the pool member so not utilizing the L4 NAT functionality and the DNAT rule you see in the UI is effectively a placeholder to prevent users from configuring a conflicting rule).

0 Kudos