Support User Manuals

SonicWALL 5.8.1 Microscope & Magnifier User Manual

Open as PDF

of 1490

Network > NAT Policies

354

SonicOS 5.8.1 Administrator Guide

Which NAT LB Method Should I Use?

Caveats

• The NAT Load Balancing Feature is only available in SonicOS Enhanced 4.0 and higher.

• Only two health-check mechanisms at present (ICMP ping and TCP socket open).

• No higher-layer persistence mechanisms at present (Sticky IP only).

• No “sorry-server” mechanism at present if all servers in group are not responding.

• No “round robin with persistence” mechanism at present.

• No “weighted round robin” mechanism at present.

• No method for detecting if resource is strained, at present.

• While there is no limit to the number of internal resources the SonicWALL appliance can

load-balance to, and there no limit to the number of hosts it can monitor, abnormally large

load-balancing groups (25+resources) may impact performance.

Details of Load Balancing Algorithms

This appendix describes how the SonicWALL security appliance applies the load balancing

algorithms:

• Round Robin - Source IP connects to Destination IP alternately

• Random Distribution - Source IP connects to Destination IP randomly

• Sticky IP - Source IP connects to same Destination IP

• Block Remap - Source network is divided by size of the Destination pool to create logical

segments

• Symmetrical Remap - Source IP maps to Destination IP (for example, 10.1.1.10 ->

192.168.60.10.)

Sticky IP Algorithm

Source IP is modulo with the size of the server cluster to determine the server to remap it to.

The following two examples show how the Sticky IP algorithm works.

Requirement Deployment Example NAT LB Method

Distribute load on server equally

without need for persistence

External/ Internal servers (i.e. Web, FTP,

etc.)

Round Robin

Indiscriminate load balancing

without need for persistence

External/ Internal servers (i.e. Web, FTP,

etc.)

Random

Distribution

Requires persistence of client

connection

E-commerce site, Email Security, SSL VPN

appliance

(Any publicly accessible servers requiring

persistence)

Sticky IP

Precise control of remap of source

network to a destination range

LAN to DMZ Servers

E-mail Security, SSL VPN

Block Remap

Precise control of remap of source

network and destination network

Internal Servers (i.e. Intranets or Extranets) Symmetrical

Remap

previous next