Application Delivery (ADX)

Reply
N/A
Posts: 1
Registered: ‎01-17-2012

ADX Switch Code Reverse NAT

Hello,

I got 2 ADX on Hot-Stdy Redundancy; with 3 real servers balancing just DNS service. (Switch Code)

All the 3 servers, the ADX and ther Internet router are connected to a L2 Switch.

So I configure 1 VIP with an IP from the router subnet that is the public IP (190.34.XXX.XXX) where the clients queries will come.

Create the 3 servers on the subnet 172.18.38.XXX, and bind DNS port to the VIP1

Then configure a Source NAT IP in the subnet of the real servers (172.18.38.50) to use NAT the queries to the real servers and the health checks.

Everything works fine the problem is when the real servers (DNS) want to go to internet because receive a client queries that is not authoritative so needs to forward the request to the root servers.

We configure the defaut gateway of the real servers to be the source NAT IP (172.18.38.50) of the ADX and create a new VIP and binded to the "default" port to be the gateway to the traffic iniated by the real servers to the root server. Then i enable reverse nat on the real servers.

I follow all the instructions on the reverse nat configuration, but still the real server dont reach the internet...

Please need some help if someone knows how to solve this.

Occasional Contributor
Posts: 50
Registered: ‎12-14-2011

Re: ADX Switch Code Reverse NAT

The source-nat IP should not be used as a gateway. I think it's causing a problem.

You may want to use "dynamic IP NAT" instead of reverse NAT and  use your router as the default gateway on the real servers. Please, note that the same VIP address you use for DNS LB can be used for dynamic NAT IP. Basically, the reverse NAT feature has been integreted into the dynamic IP NAT feature and the newer release of ADX software may not have the reverse-nat command.

The dynamic NAT is explained in the ServerIron ADX security guide.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook