summaryrefslogtreecommitdiff
path: root/docs/configuration/nat
diff options
context:
space:
mode:
authorrebortg <github@ghlr.de>2023-08-27 21:04:56 +0200
committerrebortg <github@ghlr.de>2023-08-27 21:04:56 +0200
commit355b459f22544c97bd0332ff06dee1d39a05ac07 (patch)
tree54b261d0577c48a53695d6cf8392cb130ed2ae0a /docs/configuration/nat
parentabd23045bc3bc06fcd6475e3e616056c1870ab0c (diff)
parent02aafc3df3abebb58832c62ded26c495363ebb3a (diff)
downloadvyos-documentation-355b459f22544c97bd0332ff06dee1d39a05ac07.tar.gz
vyos-documentation-355b459f22544c97bd0332ff06dee1d39a05ac07.zip
Merge branch 'master' of github.com:vyos/vyos-documentation into localazy-3
Diffstat (limited to 'docs/configuration/nat')
-rw-r--r--docs/configuration/nat/nat44.rst60
1 files changed, 60 insertions, 0 deletions
diff --git a/docs/configuration/nat/nat44.rst b/docs/configuration/nat/nat44.rst
index 3a73d444..9aeb581e 100644
--- a/docs/configuration/nat/nat44.rst
+++ b/docs/configuration/nat/nat44.rst
@@ -283,6 +283,32 @@ Example of redirection:
set nat destination rule 10 translation redirect port 22
+NAT Load Balance
+----------------
+
+Advanced configuration can be used in order to apply source or destination NAT,
+and within a single rule, be able to define multiple translated addresses,
+so NAT balances the translations among them.
+
+NAT Load Balance uses an algorithm that generates a hash and based on it, then
+it applies corresponding translation. This hash can be generated randomly, or
+can use data from the ip header: source-address, destination-address,
+source-port and/or destination-port. By default, it will generate the hash
+randomly.
+
+When defining the translated address, called ``backends``, a ``weight`` must
+be configured. This lets the user define load balance distribution according
+to their needs. Them sum of all the weights defined for the backends should
+be equal to 100. In oder words, the weight defined for the backend is the
+percentage of the connections that will receive such backend.
+
+.. cfgcmd:: set nat [source | destination] rule <rule> load-balance hash
+ [source-address | destination-address | source-port | destination-port
+ | random]
+.. cfgcmd:: set nat [source | destination] rule <rule> load-balance backend
+ <x.x.x.x> weight <1-100>
+
+
Configuration Examples
======================
@@ -602,6 +628,40 @@ provide access to their internal resources, and require that a
connecting organisation translate all traffic to the service provider
network to a source address provided by the ASP.
+Load Balance
+------------
+Here we provide two examples on how to apply NAT Load Balance.
+
+First scenario: apply destination NAT for all HTTP traffic comming through
+interface eth0, and user 4 backends. First backend should received 30% of
+the request, second backend should get 20%, third 15% and the fourth 35%
+We will use source and destination address for hash generation.
+
+.. code-block:: none
+
+ set nat destination rule 10 inbound-interface eth0
+ set nat destination rule 10 protocol tcp
+ set nat destination rule 10 destination port 80
+ set nat destination rule 10 load-balance hash source-address
+ set nat destination rule 10 load-balance hash destination-address
+ set nat destination rule 10 laod-balance backend 198.51.100.101 weight 30
+ set nat destination rule 10 laod-balance backend 198.51.100.102 weight 20
+ set nat destination rule 10 laod-balance backend 198.51.100.103 weight 15
+ set nat destination rule 10 laod-balance backend 198.51.100.104 weight 35
+
+Second scenario: apply source NAT for all outgoing connections from
+LAN 10.0.0.0/8, using 3 public addresses and equal distribution.
+We will generate the hash randomly.
+
+.. code-block:: none
+
+ set nat source rule 10 outbound-interface eth0
+ set nat source rule 10 source address 10.0.0.0/8
+ set nat source rule 10 load-balance hash random
+ set nat source rule 10 load-balance backend 192.0.2.251 weight 33
+ set nat source rule 10 load-balance backend 192.0.2.252 weight 33
+ set nat source rule 10 load-balance backend 192.0.2.253 weight 34
+
Example Network
^^^^^^^^^^^^^^^