Cisco Certification Exam Review:

TCP Load Distribution And Network Address Translation (NAT)

By Chris Bryant, CCIE #12933

A "side effect" of NAT is that an entire server farm can be represented by a single address. This also hides the IP addresses of the servers in the farm to be hidden to users outside the network.

This network has three servers with private addresses 10.1.1.5 - 7. With the NAT router performing the needed translation, the three servers are represented to the outside world by the address 210.1.1.1. As data enters the NAT router destined for this address, the NAT router will translate that address into either 10.1.1.5, .6, or .7.

That's where the "load distribution" comes in, with each router handling roughly a third of the load. This load distribution is performed in a round-robin fashion. In the above exhibit, each server has been sent some data, and the process has started again with 10.1.1.5.

Note that using TCP Load Distribution does not require the servers to have RFC 1918 addresses. They could have routable addresses, but we might still want them represented by a single address.

The big drawback is that there's no dynamic mechanism here for the NAT router to realize that one of the servers in the farm has gone down, and as a result packets are dropped, as we see in the following network. 10.1.1.5 has gone down, but the NAT process does not realize this.

The NAT router will continue to send data round-robin, and packets sent to the down server are "black-holed".

To your success,

Chris Bryant

CCIE #12933

chris@thebryantadvantage.com