3 Replies Latest reply on Sep 28, 2018 7:57 AM by lhoffer

    NLB in transparent mode

    vmb01 Hot Shot

      I'm doing some NLB tests and I've discovered that It's possible to use the tranparent mode (putting the flag in the EDIT POOL GUI), with both the toplogies; in-line and harmed.

      So, why I always read in the docs that the transparent feature requires an  in-line topology.

        • 1. Re: NLB in transparent mode
          lhoffer Hot Shot
          vExpertVMware Employees

          The issue with a one armed topology in transparent mode is that direct server return (DSR), where return traffic from the pool member to client is sent directly to the client and bypasses the LB, is unsupported (even if it might work in some scenarios).  You can still have a design where the transparent LB is on the same subnet as the pool member similar to a one armed topology, but the pool member in that scenario must have the LB configured as its default gateway to ensure that it remains in the traffic path.  See Configure a One-Armed Load Balancer for additional reference.

          • 2. Re: NLB in transparent mode
            vmb01 Hot Shot


            And..how many nat rules I wil find in the edge NAT tab with the different topologies?

            • 3. Re: NLB in transparent mode
              lhoffer Hot Shot
              VMware EmployeesvExpert

              Transparent mode only performs DNAT so that's all you'll ever see in that scenario.  For one armed mode, both SNAT and DNAT are performed, however, if you're looking at the NAT config on the edge, you'll still only see the DNAT rule that the LB creates unless your virtual server has acceleration enabled (otherwise the L7 LB engine is actually establishing a separate backend connection to the pool member so not utilizing the L4 NAT functionality and the DNAT rule you see in the UI is effectively a placeholder to prevent users from configuring a conflicting rule).