In Microsoft® OCS 2007 R2 load balancing configuration, the SNAT is required.
This web page tries to discuss the SNAT and DNAT being used in the OCS 2007.
We will first examine the two-armed mode, and then we will discuss the one-arm topology.
For pictures of the sample setups, please refer to this Microsoft document:
http://technet.microsoft.com/en-us/library/ee323547(office.13).aspx
Let′s assume the test clients are located at 10.0.0.100-200,
load balancer is located at 10.0.0.40 in client network and 10.0.1.40 in FE server network
OCS FE servers located at 10.0.1.41 and 10.0.1.42
For easy understanding the data packets, we select the test machine 10.0.0.100, load balancer 10.0.0.40, and FE
server 10.0.1.41 for illustration purpose. We see the data packets before load balancer and after:
From client to load balancer:
bit offset
|
0-3
|
4-7
|
8-15
|
16-18
|
19-31
|
0
|
Version
|
Header length
|
Differentiated Services
|
Total Length
|
32
|
Identification
|
Flags
|
Fragment
Offset
|
64
|
Time to Live
|
Protocol
|
Header Checksum
|
96
|
Source Address 10.0.0.100
|
128
|
Destination Address 10.0.0.40
|
160
|
Options
|
160 or 192+
|
Data
|
|
Packet from LB to FE server:
bit offset
|
0-3
|
4-7
|
8-15
|
16-18
|
19-31
|
0
|
Version
|
Header length
|
Differentiated Services
|
Total Length
|
32
|
Identification
|
Flags
|
Fragment
Offset
|
64
|
Time to Live
|
Protocol
|
Header Checksum
|
96
|
Source Address 10.0.1.40
|
128
|
Destination Address 10.0.1.41
|
160
|
Options
|
160 or 192+
|
Data
|
|
You can see from the above IP headers, the FE servers actually received packets having both source IP address and destination IP
address translated, in another words, load balancer actually did both SNAT and DNAT. As matter as fact, if the load balancer
does not do DNAT, FE server will not accept the data packet, since the IP packet DEST address in the original packet is addressed
to VIP (FARM) address, not to the FE server′s address. So the actual requirement for load balancer in OCS 2007 R2 is doing
both SNAT and DNAT at the same time.
Let′s now examine the one-arm topology for load balancing the OCS 2007 R2 servers. In this setup, FE servers are in the
same network range with load balancer and clients. The following addresses are being used:
Let′s assume the test clients are located at 10.0.0.100-200,
load balancer is located at 10.0.0.40
OCS FE servers located at 10.0.1.41 and 10.0.1.42
Although IP addresses are similar to the two-armed topology, the netmask is 16 bit in this case, so that all computers can directly
talk to each other.
For easy understanding the data packets, we still select the test machine 10.0.0.100, load balancer 10.0.0.40, and FE
server 10.0.1.41 for illustration purpose. We see the data packets before load balancer and after:
From client to load balancer:
bit offset
|
0-3
|
4-7
|
8-15
|
16-18
|
19-31
|
0
|
Version
|
Header length
|
Differentiated Services
|
Total Length
|
32
|
Identification
|
Flags
|
Fragment
Offset
|
64
|
Time to Live
|
Protocol
|
Header Checksum
|
96
|
Source Address 10.0.0.100
|
128
|
Destination Address 10.0.0.40
|
160
|
Options
|
160 or 192+
|
Data
|
|
Packet from LB to FE server:
bit offset
|
0-3
|
4-7
|
8-15
|
16-18
|
19-31
|
0
|
Version
|
Header length
|
Differentiated Services
|
Total Length
|
32
|
Identification
|
Flags
|
Fragment
Offset
|
64
|
Time to Live
|
Protocol
|
Header Checksum
|
96
|
Source Address 10.0.0.40
|
128
|
Destination Address 10.0.1.41
|
160
|
Options
|
160 or 192+
|
Data
|
|
You can once again see from the above IP headers, the FE servers actually received packets having both source IP address and destination IP
address translated, in another words, load balancer actually did both SNAT and DNAT.
WebMux firmware V8.6 supports both one-arm single network mode, and two-armed NAT mode with SNAT enabled. In addition, WebMux has
Transparent Mode also support to have SNAT enabled.