LSLB | Farms | Update | L4xNAT Profile

Global Settings for L4xNAT Farm Profile

L4xNAT farm profiles allow you to create load balancers that operate at layer 4 of the OSI model. This provides very high performance and allows for more concurrent connections than load balancers that operate at layer 7. However, L4xNAT farm profiles do not support the advanced content handling features that layer 7 farm profiles do.

L4xNAT farm profiles support multiple ports with ranges and lists of ports, while layer 7 farm profiles only support a single port.

This section provides a detailed explanation of the commands needed to configure an L4xNAT farm profile. We recommend using Farmguardian with this profile to check the status of each backend server configured on the farm, as L4xNAT farm profiles do not implement their own native health checks.

The Global settings of the L4xNAT profile contains both Basic and Advanced settings for a selected farm.

Basic configuration

These are the settings for the L4xNAT farm profile.

    • Name: A label that identifies the farm service. To change this value, you must stop the farm first. Make sure that the new farm name is not already in use, or you will receive an error message.
    • Virtual IP and Port: The virtual IP address and port that the farm will be bound to and listen on inside the load balancer system. To change these fields, make sure that the new virtual IP address and port are not in use. After saving the changes, the farm service will restart automatically.

Global Settings for L4xNAT Farm Profile

To select a single port or a range of virtual ports in an L4xNAT farm profile, you must specify a protocol type. If you select the ALL protocol, the farm will listen on all ports from the virtual IP address. The virtual port will not be editable and will be set to an asterisk (*).

If you select a specific protocol, such as TCP or UDP, you can use it to specify a single port, multiple ports, or port ranges.

Advanced configuration

This section contains advanced settings that one may add to a configured farm. This section includes the following Protocol Types
Global Settings for L4xNAT Farm Profile

Protocol Type

Protocol Type Description
ALL The load balancer will listen for incoming connections on all protocols.
TCP The load balancer will listen for incoming TCP connections.
UDP The load balancer will listen for incoming UDP connections.
SCTP The load balancer will listen for incoming SCTP connections.
SIP The load balancer will listen for incoming UDP packets on the default port (5060) and parse the SIP headers of each packet to distribute it to the backends correctly.
FTP The load balancer will listen for incoming TCP connections on the default port (21) and parse the FTP headers of each packet to distribute it to the backends correctly. Two modes are supported: Active and Passive.
TFTP The load balancer will listen for incoming UDP packets on the default port (69) and parse the TFTP headers of each packet to distribute it to the backends correctly.
PPTP The load balancer will listen for incoming TCP connections and parse the PPTP headers of each packet to distribute it to the backends correctly.
SNMP The load balancer will listen for incoming UDP packets and parse the SNMP headers of each packet to distribute it to the backends correctly.

NAT Type

The NAT type controls how the load balancer forwards traffic to the backend servers. There are three NAT types:

  • NAT (Source NAT): The load balancer uses its own IP address as the source IP address for all outgoing traffic. This is the default NAT type.
  • DNAT (Destination NAT): The load balancer uses the client’s IP address as the source IP address for all outgoing traffic. This requires the load balancer to be configured as the default gateway for the backend servers.
  • DSR (Direct Server Return): The load balancer forwards the traffic directly to the backend server without changing the source or destination IP addresses. This requires the backend servers to be on the same network segment as the load balancer.

NAT (Source NAT)

In NAT mode, the load balancer hides the backend servers from the clients. The clients only see the load balancer’s IP address. This is the most common NAT type and is used by default. It is also the simplest to configure.
NAT (Source NAT)

DNAT (Destination NAT)

In DNAT mode, the load balancer exposes the backend servers to the clients. The clients can see the IP addresses of the backend servers. This is useful for applications where the backend servers need to be able to communicate directly with the clients, such as FTP and SIP.
DNAT (Destination NAT)

DSR (Direct Server Return)

In DSR mode, the load balancer acts like a transparent bridge between the clients and the backend servers. The clients can see the IP addresses of the backend servers and the backend servers can see the IP addresses of the clients. This is useful for applications where the backend servers need to be able to communicate directly with the clients without going through the load balancer, such as games and video streaming.
DSR (Direct Server Return)

Whichever NAT Type you choose will depend on your network architecture and the specific needs of your application.

Requirements for DSR:

    • The virtual IP (VIP) and the backend servers must be on the same network.
    • The virtual port and the backend port must be the same.
    • The backend servers must be configured with a loopback interface with the same IP address as the VIP. ARP must be disabled on this interface.
# ifconfig lo:0 192.168.0.99 netmask 255.255.255.255 -arp up
    • Invalid ARP replies must be disabled on the backend servers.
# echo 1 > /proc/sys/net/ipv4/conf/all/arp_ignore
# echo 2 > /proc/sys/net/ipv4/conf/all/arp_announce

Stateless DNAT

In stateless DNAT, the load balancer changes the destination address to the backend address and forwards the traffic to the backend, but it does not manage any connection information. DNAT configuration reduces the load on the system because it is performed in an early data path. It is the most recommended NAT mode for layer 4 protocols with high load and not connection-oriented or stream-oriented protocols, such as RTP or SYSLOG UDP mode.

Services settings

Load balancing scheduler: This field specifies the load balancing algorithm to be used for determining the backend server.

  • Weight: connection linear dispatching by weight: This scheduler balances connections based on the weight assigned to each backend. Backends with higher weights will receive more connections.
  • Source Hash: Hash per Source IP and Source Port: This scheduler balances packets based on the source IP address and port. Packets from the same source will be sent to the same backend.
  • Simple Source Hash: Hash per Source IP only: This scheduler balances packets based on the source IP address. Packets from the same source will be sent to the same backend.
  • Symmetric Hash: Round trip hash per IP and Port: This scheduler balances packets based on the source and destination IP addresses and ports. Packets from the same source and destination will be sent to the same backend.
  • Round Robin: Sequential backend selection: This scheduler balances connections by sending each connection to the next backend in order.
  • Least Connections: connection always to the least connection server: This scheduler sends connections to the backend with the fewest number of active connections. This ensures that the traffic load is evenly distributed among the backends.

Persistence

Select persistence: This field determines whether or not persistence is used in the configured farm. Default: None

  • No Persistence: The load balancer will not use any persistence between the client and the backend server.
  • IP: Source IP: The load balancer will assign the same backend server to each incoming connection based on the client’s IP address.
  • Port: Source Port: The load balancer will assign the same backend server to each incoming connection based on the client’s port number.
  • MAC: Source MAC: The load balancer will assign the same backend server to each incoming connection based on the client’s MAC address.
  • Source IP and Source Port: The load balancer will assign the same backend server to each incoming connection based on both the client’s IP address and port number.
  • Source IP and Destination Port: The load balancer will assign the same backend server to each incoming connection based on both the client’s IP address and the server’s port number.

Farmguardian

L4xNAT farms do not have any built-in health checks for backends, so you must configure Farmguardian to perform health checks for this virtual service.

You can assign built-in or customized advanced health checks to this service from any existing Farmguardian check.
Farmguardian

For more information about Farmguardian, go to the Monitoring > Farmguardian section.
Once you select a Farmguardian configuration, it will be automatically applied to the farm.

Backends

In this section, you can change the configuration of backends or add new ones to a farm.

To add a new backend to a farm:

  1. Click the Create backend button.
  2. In the Add backend form, enter the following information:
    Backends

    • IP: The IP address of the backend server.
    • Port: The port number of the backend server.
    • Priority: The priority of the backend server. Lower values have higher priority.
    • Max. Conns: The maximum number of connections that can be made to the backend server.
    • Weight: The weight of the backend server for traffic balancing.
  3. Click the Apply button for the setting to take effect.

Important Notice!

The priority and weight of a backend server determine how preferable it is against other backends. Lower priority values and higher weight values indicate a more preferable backend.

If the maximum number of connections to a backend server is reached, new connections will be discarded.

Actions:

These are the actions that can be performed on backends:
Actions that can be performed on backends

Create backend: Opens a form to add a new backend server.
Enable Maintenance: This action puts a backend server in maintenance mode, so no new connections will be redirected to it. There are two types of maintenance mode:

  • Drain Mode: This mode keeps established connections and persistence, but does not admit new connections.
  • Cut Mode: This mode directly drops all active connections against the backend, closing any connection between the backend and clients.

Edit: This action opens the edit form, which is the same as the add form, to change any backend value.
Disable Maintenance: This action enables new connections to be forwarded to the backend server again.
Delete: This action removes the backend virtual server.

This table shows all the backend servers that are already configured on the farm.
Backend servers that are already configured on the farm

IP: The IP address of the backend server that the load balancer will forward traffic to. This is the most important setting, as it determines where the traffic will go.

Port: The port number on the backend server that the load balancer will forward traffic to. This setting is typically used to direct traffic to specific services on the backend server, such as a web server or a database server.

Priority: The priority of the backend server. A lower value indicates a higher priority. The load balancer will distribute traffic to backend servers based on their priority.

Weight: The weight of the backend server for traffic balancing. A higher weight indicates that the backend server will receive more traffic. The load balancer will distribute traffic to backend servers based on their weight, taking into account their priority as well.

Max. Conns: The maximum number of connections that can be made to the backend server. If the limit is reached, new connections will be discarded. This setting can be used to prevent a single backend server from being overloaded.

Next Article: LSLB | SSL Certificates

Was this article helpful?

Related Articles

Download Skudonet ADC Load Balancer
Community Edition

Source Code

A versatile and installable ADC system designed for diverse vendor hardware.

DOWNLOAD SOURCE

Installable ISO 

Load Balancing as a Service alongside an ADC orchestration toolkit.

DOWNLOAD ISO
Download Community Edition

Download Community Edition

“We manage the information you provide with the sole aim of assisting with your requests or queries in regards to our products or services; applying the computer and security procedures to ensure its protection. Your data can be rectified or removed upon request but won’t be offered to any third parties, unless we are legally required to do so.” Responsible: SKUDONET SL - info@skudonet.com