NAT with cluster-Host without Hide mode

sbertrand · #1 (**permalink**) 2005-12-15

Hi,

Here's the architecture:

[My_Server]------|my Fw CP|----link---|External Fw|---- [external-Host]

[My_Server] = 10.3.5.10

[My NATed Server] (by my Fw CP) = 10.33.55.10

[My_server]is seeing by [External Host] with the NATed address: 10.33.55.10

[External Host] is in fact a pool of clustered machines.

10.220.80.20 is the Master (it's only Listening) then,
10.220.80.19 (is a set of machine that sends packets over the network, a cluster member1)
10.220.80.18 (is a set of machine that sends packets over the network, a cluster member2)
10.220.80.17 (is a set of machine that sends packets over the network, a cluster member3)

[External Host]= (10.220.80.20) is NATed with [my Fw CP] as follow: 10.30.12.3

So... Here's the problem:

1- My Server (10.3.5.10) iniate a connection to the external Host,
2- The Fw CP, NAT the source address (10.3.5.10) to (10.33.55.10) and foward to the external listening Server (10.30.12.3)
3- Then, the [External Server] accept connection, BUT reply randomly (load balancing) with A cluster members:
10.220.80.18,
10.220.80.19,
10.220.80.17.

=> So the session opened in [my Fw CP] (the initate connection from my server)
has not the same destination Address when a cluster External Host is replying!

Note: The [external Fw] is unable to process NAT HIDE with External-Host,
anyway as long as [My_server] is initiating connection, hyde mode is not possible !!!

??? The Question is ???
=> How [my Fw CP] could match the reply connection (in his session table),
assume that the [external cluster machine] that is responding is different from the listening one?

Get it?
Thanks a million,
Steven

Peter · #2 (**permalink**) 2005-12-18

One need to know how does the cluster work. Normally, if you have an TCP connexion to one host you cannot receive the answer from another host (you have no any TCP connexion between your station and the second host!). So you should understand the details of redirection in claster. Right know I don't understand how can it work...

sbertrand · #3 (**permalink**) 2005-12-19

Thanks for responding,

I am agree with you.
I think it 's not possible to deal with this kind of problem.
I 'll close this post soon :(
shusss...

johngwyn · #4 (**permalink**) 2006-03-14

In this situation I usually setup a loopback interface on the load balanced hosts with the load balanced address on it and use it to reply with OR send the traffic back to the load balancer device to be NATted back

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode