In Microsoft® OCS 2007 R2 load balancing configuration, the SNAT is required. This web page tries to discuss the SNAT and DNAT being used in the OCS 2007. We will first examine the two-armed mode, and then we will discuss the one-arm topology. For pictures of the sample setups, please refer to this Microsoft document:
http://technet.microsoft.com/en-us/library/ee323547(office.13).aspx

Let′s assume the test clients are located at 10.0.0.100-200,
load balancer is located at 10.0.0.40 in client network and 10.0.1.40 in FE server network
OCS FE servers located at 10.0.1.41 and 10.0.1.42

For easy understanding the data packets, we select the test machine 10.0.0.100, load balancer 10.0.0.40, and FE server 10.0.1.41 for illustration purpose. We see the data packets before load balancer and after:

From client to load balancer: bit offset 0-3 4-7 8-15 16-18 19-31 0 Version Header length Differentiated Services Total Length 32 Identification Flags Fragment Offset 64 Time to Live Protocol Header Checksum 96 Source Address 10.0.0.100 128 Destination Address 10.0.0.40 160 Options 160 or 192+   Data

Packet from LB to FE server: bit offset 0-3 4-7 8-15 16-18 19-31 0 Version Header length Differentiated Services Total Length 32 Identification Flags Fragment Offset 64 Time to Live Protocol Header Checksum 96 Source Address 10.0.1.40 128 Destination Address 10.0.1.41 160 Options 160 or 192+   Data

You can see from the above IP headers, the FE servers actually received packets having both source IP address and destination IP address translated, in another words, load balancer actually did both SNAT and DNAT. As matter as fact, if the load balancer does not do DNAT, FE server will not accept the data packet, since the IP packet DEST address in the original packet is addressed to VIP (FARM) address, not to the FE server′s address. So the actual requirement for load balancer in OCS 2007 R2 is doing both SNAT and DNAT at the same time.

Let′s now examine the one-arm topology for load balancing the OCS 2007 R2 servers. In this setup, FE servers are in the same network range with load balancer and clients. The following addresses are being used:

Let′s assume the test clients are located at 10.0.0.100-200,
load balancer is located at 10.0.0.40
OCS FE servers located at 10.0.1.41 and 10.0.1.42
Although IP addresses are similar to the two-armed topology, the netmask is 16 bit in this case, so that all computers can directly talk to each other.

For easy understanding the data packets, we still select the test machine 10.0.0.100, load balancer 10.0.0.40, and FE server 10.0.1.41 for illustration purpose. We see the data packets before load balancer and after:

From client to load balancer: bit offset 0-3 4-7 8-15 16-18 19-31 0 Version Header length Differentiated Services Total Length 32 Identification Flags Fragment Offset 64 Time to Live Protocol Header Checksum 96 Source Address 10.0.0.100 128 Destination Address 10.0.0.40 160 Options 160 or 192+   Data

Packet from LB to FE server: bit offset 0-3 4-7 8-15 16-18 19-31 0 Version Header length Differentiated Services Total Length 32 Identification Flags Fragment Offset 64 Time to Live Protocol Header Checksum 96 Source Address 10.0.0.40 128 Destination Address 10.0.1.41 160 Options 160 or 192+   Data

You can once again see from the above IP headers, the FE servers actually received packets having both source IP address and destination IP address translated, in another words, load balancer actually did both SNAT and DNAT.

WebMux firmware V8.6 supports both one-arm single network mode, and two-armed NAT mode with SNAT enabled. In addition, WebMux has Transparent Mode also support to have SNAT enabled.