|
Network Address Translation |
|
|
|
Overview
Network Address Translation is one of the basic
techniques used in SysMaster for forwarding the Internet traffic
from the loadbalancer to the real servers. It allows network administrators
to assign to real servers internal non-routable private addresses.
This additionally enhances security and conserves IP address space.
NAT offers complete network design flexibility for the server clusters
as real servers may reside in different sub-nets. The ports of well-known
applications also can be translated to private ports for further
application and server security.
Every virtual service
that is provided by the servers in clusters managed by SysMaster
has its unique combination of IP address and port number. SysMaster
processes only packets destined for the IP address/port number of
its services. When a client sends a request to a service managed
by SysMaster, the request packet arrives at SysMaster. The device
checks the destination IP and port number of the packet and if they
are recognized as the address of one of SysMaster's services, a
real server that will process this request is assigned according
to the configured loadbalancing technique. SysMaster adds a record
for this new connection into a special hash table. After that, the
destination address and port of the packet are rewritten with the
address and port of the chosen real server and the packet is sent
to it. All subsequent packets for this connection will be sent to
the same real server as long as the connection record exists in
the hash table. When the response packets reach SysMaster, it rewrites
the source address and port of the packets to those of the virtual
service. Then they are forwarded to the client through one of SysMaster's
gateways. When the connection terminates or expires, its record
is removed from the hash table.
Address Translation
Let us take the following
configuration as an example and see how NAT works:
Machine |
IP Address |
Port |
SysMaster |
206.14.210.100 (Virtual) |
80 |
Real Server 1 |
194.16.228.10 |
8000 |
Real Server 2 |
194.16.228.11 |
8000 |
Real Server 3 |
194.16.228.12 |
8000 |
SysMaster loadbalances the traffic for a virtual
service on 206.14.210.100:80 among the Real Servers.
Traffic is processed the following way:
When a request packet for the virtual service arrives
at SysMaster, it would have source and destination addresses like:
Source: |
205.164.40.1:3456 |
Destination: |
206.14.210.100:80 |
SysMaster would check the packet destination and
see that it has a virtual service running at that address.
SysMaster will choose a real server according to
the loadbalancing technique, for instance: 194.16.228.11:8000. Before
forwarding the packet to that server, SysMaster would change the
packet destination to that of the chosen server:
Source: |
205.164.40.1:3456 |
Destination: |
194.16.228.11:8000 |
The Real Server would accept the packet and process
it. Then it would send the reply back to SysMaster:
Source: |
194.16.228.11:8000 |
Destination: |
205.164.40.1:3456 |
SysMaster would change the source info of the packet
to that of the virtual service and forward it to the client:
Source: |
206.14.210.100:80 |
Destination: |
205.164.40.1:3456 |
All the packets from a particular connection are
processed the same way. From the client's point of view, he has
been served by a service running on the virtual IP address. In practice
his requests could be processed by any of the real servers in the
cluster.
Advantages
The great advantage of NAT is that real servers
can run any OS that supports TCP/IP protocol. The only requirement
for the real servers is that they should be configured so that SysMaster
must be their default gateway. Another advantage is that real servers
use private IP addresses and ports, which increases security and
conserves real IP addresses.
Drawbacks
The drawback of loadbalancing implementations based
on NAT is that their scalability is limited. Because both incoming
and outgoing packets have to be processed by SysMaster, it may become
the bottleneck of the system as the number of the cluster servers
goes over 20.
The solution for this problem is to use SysMaster
Direct-Path Routing technique.
|