Network topology:
An organization has multiple servers that serve multiple hosts. Using Rotary NAT, a virtual server is established in the inside network which communicates with real servers. Destination addresses that match an access-list (permitting the IP address of virtual server) are replaced with addresses from a rotary pool. Allocation is done on a round-robin basis. The NAT router performs the following steps when translating rotary addresses-
A host opens a TCP connection with virtual server 10.1.1.5
The router receives the connection request and creates a translation, allocating the next real server IP address.
The router replaces the destination IP address with the selected real IP address and forwards the packet.
The server receives the packet and responds.
The router receives the packet and performs the NAT table lookup. The router then translates the source address to virtual server IP address forwards the packet.
Configuration:
We define a pool of addresses containing the addresses of the real servers. This can be done using the global configuration command-
ip nat pool name start-ip end-ip {netmask netmask prefix-length prefix-length} type rotary
ip nat pool SERVER_LIST 10.1.1.10 10.1.1.11 prefix-length 24 type rotary
We define an access-list permitting the address of virtual-server 10.1.1.5. Non-TCP traffic is passed untranslated-
access-list 110 permit tcp any host 10.1.1.5
Then we establish dynamic inside destination translation specifying the access-list defined above. This is done using the global configuration command-
ip nat inside destination list access-list-number pool name
ip nat inside destination list 110 pool SERVER_LIST
Lastly, we define inside and outside interface for NAT.
interface fastethernet 0/0
ip nat inside
!
interface fastethernet 0/1
ip nat outside
!
Verification:
When multiple Telnet sessions (TCP session, port 23) are established to virtual server IP address 10.1.1.5, the NAT router allocates IP addresses of different internal servers in a round-robin fashion. The following output shows that 3 different Telnet sessions are opened to 10.1.1.5. The NAT router allocates the first session to 10.1.1.10, second session to 10.1.1.11 and third session back to 10.1.1.10
A host opens a TCP connection with virtual server 10.1.1.5
The router receives the connection request and creates a translation, allocating the next real server IP address.
The router replaces the destination IP address with the selected real IP address and forwards the packet.
The server receives the packet and responds.
The router receives the packet and performs the NAT table lookup. The router then translates the source address to virtual server IP address forwards the packet.
Configuration:
We define a pool of addresses containing the addresses of the real servers. This can be done using the global configuration command-
ip nat pool name start-ip end-ip {netmask netmask prefix-length prefix-length} type rotary
ip nat pool SERVER_LIST 10.1.1.10 10.1.1.11 prefix-length 24 type rotary
We define an access-list permitting the address of virtual-server 10.1.1.5. Non-TCP traffic is passed untranslated-
access-list 110 permit tcp any host 10.1.1.5
Then we establish dynamic inside destination translation specifying the access-list defined above. This is done using the global configuration command-
ip nat inside destination list access-list-number pool name
ip nat inside destination list 110 pool SERVER_LIST
Lastly, we define inside and outside interface for NAT.
interface fastethernet 0/0
ip nat inside
!
interface fastethernet 0/1
ip nat outside
!
Verification:
When multiple Telnet sessions (TCP session, port 23) are established to virtual server IP address 10.1.1.5, the NAT router allocates IP addresses of different internal servers in a round-robin fashion. The following output shows that 3 different Telnet sessions are opened to 10.1.1.5. The NAT router allocates the first session to 10.1.1.10, second session to 10.1.1.11 and third session back to 10.1.1.10
