Shulou(Shulou.com)06/01 Report--

The topology diagram is as follows:

I. Direct transmission mode

1. The SERVER gateway is the VS address, and PC1 accesses the HTTP application data stream.

PC1 → VS

Node

Source IP

Objective IP

PC1

192.168.2.41

192.168.1.28

LTM-IN

192.168.2.41

192.168.1.28

LTM-OUT

192.168.2.41

192.168.1.26

SERVER1/SERVER2

192.168.2.41

192.168.1.26

SERVER → PC1

Node

Source IP

Objective IP

SERVER1/SERVER2

192.168.1.26

192.168.2.41

LTM-IN

192.168.1.26

192.168.2.41

LTM-OUT

192.168.1.28

192.168.2.41

PC1

192.168.1.28

192.168.2.41

Summary: PC1 cannot ping SERVER. Since the default gateway of SERVER is the VS address of the LTM system, packets pass through the LTM system back and forth, and users can access each SERVER normally.

2. The SERVER gateway is the SelfIP address, and PC1 accesses the HTTP application data stream.

PC1 → VS

Node

Source IP

Objective IP

PC1

168.2.41

168.1.28

LTM-IN

168.2.41

168.1.28

LTM-OUT

168.2.41

168.1.26

SERVER1/SERVER2

168.2.41

168.1.26

SERVER → PC1

Node

Source IP

Objective IP

SERVER1/SERVER2

192.168.1.26

192.168.2.41

LTM-IN

192.168.1.26

192.168.2.41

LTM-OUT

168.1.28

192.168.2.41

PC1

168.1.28

192.168.2.41

Summary: PC1 cannot ping SERVER. Since the default gateway of SERVER is the SelfIP address of the LTM system, packets pass through the LTM system back and forth, and users can access each SERVER normally. The effect is equivalent to the VS address of the gateway.

As shown in the following figure:

3. The SERVER gateway is the GW address, and PC1 accesses the HTTP application data stream.

PC1 → VS

Node

Source IP

Objective IP

PC1

168.2.41

168.1.28

LTM-IN

168.2.41

168.1.28

LTM-OUT

--

--

SERVER1/SERVER2

--

--

SERVER-PC1

Node

Source IP

Objective IP

SERVER1/SERVER2

--

--

LTM-IN

--

--

LTM-OUT

--

--

Pc1

--

--

Summary: PC1 can ping SERVER. The SYN information of the TCP message of PC1 accessing SERVER is forwarded to SERVER by the LTM system, and because the default return packet path of SERVER does not go through LTM, the TCP-SYN-ACK information of TCP message will be directly replied to PC1 by SERVER, that is to say, the LTM system only receives the TCP-SYN sent by PC1 but not the TCP-SYN-ACK replied by SERVER, so the TCP connection maintained by LTM system is only a semi-connected state. In this state, PC1 will send ACK acknowledgement message to seek HTTP reply message, but the actual situation is that TLM system cannot reply PC1 reply message. When PC1 sends ACK acknowledgement message for three times in a row, LTM system can only reply TCP-RST message, and finally reset the TCP connection between PC1 and LTM system, that is, PC1 cannot receive HTTP reply message returned by LTM system.

As shown in the following figure:

4. The SERVER gateway is the GW address, and PC2 accesses the HTTP application data stream.

PC2 → VS

Node

Source IP

Objective IP

PC2

168.1.21

168.1.28

LTM-IN

168.1.21

168.1.28

LTM-OUT

--

--

SERVER1/SERVER2

--

--

SERVER-PC2

Node

Source IP

Objective IP

SERVER1/SERVER2

--

--

LTM-IN

--

--

LTM-OUT

--

--

PC2

--

--

Summary: PC2 can ping SERVER. The SYN information of the TCP message of PC2 accessing SERVER is forwarded to SERVER by the LTM system, and because the default return packet path of SERVER does not go through LTM, the TCP-SYN-ACK information of TCP message will be directly replied to PC2 by SERVER, that is to say, the LTM system only receives the TCP-SYN sent by PC2 but not the TCP-SYN-ACK replied by SERVER, so the TCP connection maintained by LTM system is only a semi-connected state. In this state, PC2 will send ACK acknowledgement message to seek HTTP reply message, but the actual situation is that TLM system cannot reply PC2 reply message. When PC2 sends ACK acknowledgement message for three times in a row, LTM system can only reply TCP-RST message, and finally reset the TCP connection between PC2 and LTM system, that is, PC2 cannot receive HTTP reply message returned by LTM system.

As shown in the following figure:

5. The SERVER gateway is the VS address, and PC2 accesses the HTTP application data stream.

PC2 → VS

Node

Source IP

Objective IP

PC2

168.1.21

168.1.28

LTM-IN

168.1.21

168.1.28

LTM-OUT

--

--

SERVER1/SERVER2

--

--

SERVER-PC2

Node

Source IP

Objective IP

SERVER1/SERVER2

--

--

LTM-IN

--

--

LTM-OUT

--

--

PC2

--

--

Summary: PC2 can ping SERVER. The SYN information of the TCP message of PC2 accessing SERVER is forwarded to SERVER by the LTM system, and because PC2 and SERVER are in the same broadcast domain, the TCP-SYN-ACK information of TCP message will be directly replied to PC2 by SERVER, that is to say, the LTM system only receives the TCP-SYN sent by PC2 but not the TCP-SYN-ACK replied by SERVER, so the TCP connection maintained by LTM system is only a semi-connected state. In this state, PC2 will send ACK acknowledgement message to seek HTTP reply message, but the actual situation is that TLM system cannot reply PC2 reply message. When PC2 sends ACK acknowledgement message for three times in a row, LTM system can only reply TCP-RST message, and finally reset the TCP connection between PC2 and LTM system, that is, PC2 cannot receive HTTP reply message returned by LTM system. The effect is equivalent to setting the default gateway of SERVER to the GW address.

As shown in the following figure:

Conclusion: if the LTM system does not use SNAT for source address translation, the following requirements must be met at the same time: ① ensures that the client and SERVER are not in the same broadcast domain; ② ensures that the default gateway of each SERVER is set to the VS address or SelfIP address of the LTM system.

II. SNAT-AutoMap transmission mode

1. The SERVER gateway is the VS address, and PC1 accesses the HTTP application data stream.

PC1 → VS

Node

Source IP

Objective IP

PC1

168.2.41

168.1.28

LTM-IN

168.2.41

168.1.28

LTM-OUT

192.168.1.24

192.168.1.26

SERVER1/SERVER2

192.168.1.24

192.168.1.26

SERVER-PC1

Node

Source IP

Objective IP

SERVER1/SERVER2

192.168.1.26

192.168.1.24

LTM-IN

192.168.1.26

192.168.1.24

LTM-OUT

192.168.1.28

192.168.2.41

PC1

192.168.1.28

192.168.2.41

Summary: PC1 cannot ping SERVER. Due to the use of source address translation, the default return address of SERVER is the SelfIP address, then the packets go back and forth through the LTM system, and users can access each SERVER normally.

As shown in the following figure:

2. The SERVER gateway is the GW address, and PC1 accesses the HTTP application data stream.

PC1 → VS

Node

Source IP

Objective IP

PC1

168.2.41

168.1.28

LTM-IN

168.2.41

168.1.28

LTM-OUT

192.168.1.24

192.168.1.26

SERVER1/SERVER2

192.168.1.24

192.168.1.26

SERVER-PC1

Node

Source IP

Objective IP

SERVER1/SERVER2

192.168.1.26

168.1.24

LTM-IN

192.168.1.26

168.1.24

LTM-OUT

168.1.28

168.2.41

PC1

168.1.28

168.2.41

Summary: PC1 can ping SERVER. Due to the use of source address translation, the default return address of SERVER is the SelfIP address, so the packets go back and forth through the LTM system, and users can access each SERVER normally. The effect is equivalent to the VS address of the gateway.

As shown in the following figure:

3. The SERVER gateway is the VS address, and PC2 accesses the HTTP application data stream.

PC2 → VS

Node

Source IP

Objective IP

PC2

168.1.21

168.1.28

LTM-IN

168.1.21

168.1.28

LTM-OUT

192.168.1.24

192.168.1.26

SERVER1/SERVER2

192.168.1.24

192.168.1.26

SERVER-PC2

Node

Source IP

Objective IP

SERVER1/SERVER2

192.168.1.26

168.1.24

LTM-IN

192.168.1.26

168.1.24

LTM-OUT

168.1.28

168.1.21

PC2

168.1.28

168.1.21

Summary: PC2 can ping SERVER. Due to the use of source address translation, the default return address of SERVER is the SelfIP address, so the packets go back and forth through the LTM system, and users can access each SERVER normally.

As shown in the following figure:

Conclusion: the source address of the client is converted into the SelfIP address of the LTM system by SNAT-AutoMap, so that the data packets are processed through the LTM system in both directions. The SERVER default gateway can point to the VS address, SelfIP address, or broadcast domain gateway address of the LTM system.

III. SNAT-Pool transmission mode

1. The SERVER gateway is the GW address, and PC1 accesses the HTTP application data stream.

PC1 → VS

Node

Source IP

Objective IP

PC1

168.2.41

168.1.28

LTM-IN

168.2.41

168.1.28

LTM-OUT

192.168.1.29

192.168.1.26

SERVER1/SERVER2

192.168.1.29

192.168.1.26

SERVER-PC1

Node

Source IP

Objective IP

SERVER1/SERVER2

192.168.1.26

168.1.29

LTM-IN

192.168.1.26

168.1.29

LTM-OUT

168.1.28

168.2.41

PC1

168.1.28

168.2.41

Summary: PC1 can ping SERVER. Due to the use of source address translation, the default return address of SERVER is the SNAT_Pool address, so the packets go back and forth through the LTM system, and users can access each SERVER normally.

As shown in the following figure:

2. SERVER gateways are all GW addresses, and PC2 accesses HTTP application data streams.

PC2 → VS

Node

Source IP

Objective IP

PC2

168.1.21

168.1.28

LTM-IN

168.1.21

168.1.28

LTM-OUT

192.168.1.29

192.168.1.26

SERVER1/SERVER2

192.168.1.29

192.168.1.26

SERVER-PC2

Node

Source IP

Objective IP

SERVER1/SERVER2

192.168.1.26

168.1.29

LTM-IN

192.168.1.26

168.1.29

LTM-OUT

168.1.28

168.1.21

PC2

168.1.28

168.1.21

Summary: PC2 can ping SERVER. Due to the use of source address translation, the default return address of SERVER is the SNAT_Pool address, so the packets go back and forth through the LTM system, and users can access each SERVER normally.

As shown in the following figure:

Conclusion: the source address of the client is converted into the SNAT_Pool address of the LTM system by SNAT_Pool, so that the data packets are processed through the LTM system in both directions. The SERVER default gateway can point to the VS address, SelfIP address, or broadcast domain gateway address of the LTM system.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.