19. SNAT Proxy Load Balancing with prx and prx6 directives

This feature is available with BalanceNG release 4.110 and higher.

This example is about to run BalanceNG in proxy mode, where BNG uses SNAT (source NAT) to process the packets.

With SNAT the proxy address is usually replaced to be the virtual server address, but when the virtual server and the targets are located in different networks, this address is not very well suited.

The prx and prx6 directives allow to replace the proxy address in that case to be something else which is ideally directly reachable by the targets. It’s recommended to let prx/prx6 to refer to the network virt/virt6 addresses.

To summarize:

  • The virtual server 1 “lives” in network 1 with its IPv4 and IPv6 address.
  • The two targets “live” in network 2, also addressable via both stacks.
  • “server 1 proxy enable” enables proxy mode generally.
  • “server 1 prx” and “server 1 prx6” refer to the “network 2” virtual addresses, respectively.

The overall effect is that the source addresses are thus changed to be the “network 2” virtual addresses. The routing is now consistent since the proxy addresses are thus always directly reachable by the target servers and no special routing settings need to be applied.

The important lines are bolded in this configuration example:

The Configuration File (only one node shown)

//        configuration ...
//        BalanceNG ...
hostname  LB1
modules   vrrp,arp,ping,hc,master,slb    
interface 1 {
          name eth1
}         
interface 2 {
          name eth2
}         
register  interfaces 1,2
enable    interfaces 1,2
vrrp      {
          vrid 64
          priority 200
          network 1
}         
network   1 {
          addr 172.17.2.0
          mask 255.255.255.0
          real 172.17.2.55
          virt 172.17.2.56
          mask6 48
          real6 2001:db8::2:1
          virt6 2001:db8::2:3
          interface 1
}         
network   2 {
          addr 10.11.12.0
          mask 255.255.255.0
          real 10.11.12.55
          virt 10.11.12.56
          mask6 48
          real6 2001:db8:ffff::2:1
          virt6 2001:db8:ffff::2:3
          interface 2
}         
register  networks 1,2
enable    networks 1,2
gateway   {
          ipaddr 172.17.2.1
          ipaddr6 2001:db8::2:10
          ping 3,10
          ping6 3,10
          trackval 10
}         
server    1 {
          ipaddr 172.17.2.4
          ipaddr6 2001:db8::2:4
          port 8080
          protocol tcp
          sessionid src+port
          method session
          proxy enable
          prx 10.11.12.56
          prx6 2001:db8:ffff::2:3
          targets 1,2
}         
register  server 1
enable    server 1
target    1 {
          ipaddr 10.11.12.6
          ipaddr6 2001:db8:ffff::1:6
          port 8080
          protocol tcp
          ...
          sessionid dst+port
}         
target    2 {
          ipaddr 10.11.12.7
          ipaddr6 2001:db8:ffff::1:7
          port 8080
          protocol tcp
          ...
          sessionid dst+port
}         
register  targets 1,2
enable    targets 1,2
//        end of configuration