NAT for TCP load balancing is not working

arunarun
in CCIE Routing & Switching Technical

Hi Friends,

 

I had created the following diagram in GNS3 V 1.1 for testing NAT for TCP load balancing but it is not working.Please help.

 

R3 is the NAT router and my goal is when R4 is trying to telnet to 155.1.34.5 it should be load balanced to R1's and R2's loopback IPs.

 

 

image

 

R3#sh ip int bri | ex unas

Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet0/0         155.1.34.3      YES manual up                    up      

GigabitEthernet1/0         155.1.13.3      YES manual up                    up      

GigabitEthernet2/0         155.1.23.3      YES manual up                    up  

 

R3#sh run inter gi0/0

Building configuration...

 

Current configuration : 175 bytes

!

interface GigabitEthernet0/0

 ip address 155.1.34.3 255.255.255.0

 ip nat outside

 ip virtual-reassembly in

 duplex full

 speed 1000

 media-type gbic

 negotiation auto

end

 

R3#sh run inter gi1/0

Building configuration...

 

Current configuration : 132 bytes

!

interface GigabitEthernet1/0

 ip address 155.1.13.3 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 negotiation auto

end

 

R3#sh run inter gi2/0

Building configuration...

 

Current configuration : 132 bytes

!

interface GigabitEthernet2/0

 ip address 155.1.23.3 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 negotiation auto

end

 

R1#sh ip int bri | ex unas

Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet1/0         155.1.13.1      YES manual up                    up      

Loopback0                  150.1.1.1       YES manual up                    up      

 

R2#sh ip int bri | ex unas

Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet2/0         155.1.23.2      YES manual up                    up      

Loopback0                  150.1.2.2       YES manual up                    up      

 

R4#sh ip int bri | ex unas

Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet0/0         155.1.34.4      YES manual up                    up      

 

R3#ip nat pool ROTARY prefix-length 32 type rotary

 address 150.1.1.1 150.1.1.1

 address 150.1.2.2 150.1.2.2

ip nat inside destination list TELNET pool ROTARY

ip access-list extended TELNET

 permit tcp any host 155.1.34.5 eq telnet

 

 

R4#telnet 155.1.34.5      

Trying 155.1.34.5 ... 

% Connection timed out; remote host not responding

 

Thanks,

Arun Mohan

 

 

 

· Share on FacebookShare on Twitter

Comments

  • JoeMJoeM ✭✭✭

    Hi Arun,

    The telnet test is not really good enough to understand if it is a NAT issue. It could just mean that there is a problem with the destination server.

    What is the output of the debug/show commands (NAT and/or telnet packets) on R3.  

    Meanwhile, I am building this config as you have it above.

     

    R4#telnet 155.1.34.5      

    Trying 155.1.34.5 ... 

    % Connection timed out; remote host not responding

     

    · Share on FacebookShare on Twitter
  • bengood24bengood24

    I would also try adding ip alias 155.1.34.5 23 and seeing if that does it. I don't know if that is required, but it's in INE's example in the workbook. I'm not sure if R3 would know to answer the ARP without it.

    I'm also not sure about the prefix-length. I have a feeling it might not distribute between the two servers with it set to 32.

    · Share on FacebookShare on Twitter
  • arunarun

    Hi,

    Thanks for the reply.

     

    I already tried with ip alias 155.1.34.5 23 command.But when I am telneting from R4 to 155.1.34.5 R3 is opening instead of R1 or R2

     

     

    Thanks,

    Arun Mohan

    · Share on FacebookShare on Twitter
  • arunarun

    Hi ,

     

    I am not getting any output for sh ip nat translation or debug ip nat

     

    Thanks,

    Arun Mohan

    · Share on FacebookShare on Twitter
  • JoeMJoeM ✭✭✭

    I would also try adding ip alias 155.1.34.5 23 and seeing if that does it. I don't know if that is required, but it's in INE's example in the workbook. I'm not sure if R3 would know to answer the ARP without it.

    I'm also not sure about the prefix-length. I have a feeling it might not distribute between the two servers with it set to 32.

    BenGood,  I think you nailed it.   Below is the difference in debug before and after changing the prefix-length. 

     

    BEFORE with /32:

    NAT: API parameters passed: src_addr:155.1.34.4, src_port:0 dest_addr:155.1.34.5, dest_port:0, proto:6 if_input:GigabitEthernet0/0 pak:68C72B00 get_translated:1
    ipnat_api_translated_address_and_port_common, out->in want IL,OL
    NAT: API Failed to get Translated-Info from: (src-addr:155.1.34.4, src-port:0) (dest-addr:155.1.34.5, dest-port:0)
    NAT: failed to allocate address for 155.1.34.5, list/map TELNET
    NAT: failed to allocate address for 155.1.34.5, list/map TELNET

    AFTER CHANGING it to /24

    NAT: API parameters passed: src_addr:155.1.34.4, src_port:0 dest_addr:155.1.34.5, dest_port:0, proto:6 if_input:GigabitEthernet0/0 pak:68C72B00 get_translated:1
    ipnat_api_translated_address_and_port_common, out->in want IL,OL
    NAT: API Failed to get Translated-Info from: (src-addr:155.1.34.4, src-port:0) (dest-addr:155.1.34.5, dest-port:0)
    NAT*: o: tcp (155.1.34.4, 25201) -> (155.1.34.5, 23) [33732]
    NAT*: o: tcp (155.1.34.4, 25201) -> (155.1.34.5, 23) [33732]
    NAT*: s=155.1.34.4, d=155.1.34.5->150.1.1.1 [33732]
    <SNIP>

     

    R3#sh ip nat trans  <-- with 2nd attempt (rotary)
    Pro Inside global      Inside local       Outside local      Outside global
    tcp 155.1.34.5:23      150.1.2.2:23       155.1.34.4:21315   155.1.34.4:21315

     

    * Also, the IP ALIAS is needed, otherwise R3 (NAT) doesn't even see the traffic in debugs.

    · Share on FacebookShare on Twitter
Sign In or Register to comment.