1 Redundancy and Load-Balancing Mechanisms for Stateful Network Address Translators (NAT) draft-xu-behave-stateful-nat-standby-00 Xiaohu Xu Dean Cheng IETF75, Stockholm
2 Scenarios and Terminologies Internal realm is the network where the session initiator located, while the external realm is the place where the session responder located. E.g., in the case of IPv6 to IPv4 translator, the internal realm is IPv6 network/internet while the external realm is IPv4 network/internet. The mechanism is only used for the stateful NAT, including IPv6->IPv4, IPv4->IPv4 and IPv4->IPv6 NAT cases. The following will take the IPv6->IPv4 translator as an example.
3 Cold Standby S ->D The destination address will remain as is if NAT failover The source address will change due to NAT failover The goal of the cold standby mechanism is to keep the NAT failover transparent to the communication s session initiators. Hence, the addresses for external hosts (as session responders) should remain as is despite NAT failover. In the case of IPv6->IPv4 NAT, NAT routers belonging to a redundancy group SHOULD be configured with an identical prefix64, meanwhile each NAT router SHOULD use different external address pool.
4 Cold Standby (con t) As the Primary, I can forward the packets destined to the external hosts Through manual configuration or election mechanism (VRRP), one NAT router is designated as the Primary, and the other as the Backup. In the internal realm, the Primary announces a route towards the external realm. In election mode, the Backup could do nothing. In manual configuration mode, the Backup SHOULD also announce into the internal realm a route towards the external realm with a higher enough cost or larger granularity for potential takeover. Once the connections to the external realm lost, the Primary SHOULD withdraw the route towards the external realm previously announced. In the external realm, each NAT box announces a route to its own external address pool.
5 Hot Standby The destination address will remain as is regardless of NAT failover The source address will remain unchanged despite of NAT failover The goal of the hot standby mechanism is to keep the established sessions intact during NAT failover. Hence, the internal addresses for external hosts (as session responders) and the external addresses for internal hosts should both remain as is if NAT failover occurs. In IPv6->IPv4 NAT, NAT routers belonging to a redundancy group SHOULD be configured with an identical prefix64. Meanwhile, these NAT routers SHOULD use an identical external address pool and synchronize their mapping database in order to assign the same external address and external port to the same internal host by the two boxes.
6 Hot Standby (con t) NAT routers of the same group use the same prefix64 and sync their mapping entries. Through manual configuration or election mechanism (VRRP), one is designated as the Primary, the other as the Backup. The Primary announces into the internal realm a route towards the external realm, and announces into the external realm a route to the external address pool. In election mode, the backup COULD do nothing. In manual configuration mode, the Backup SHOULD also announce the same routes with a higher enough cost or larger granularity for potential takeover. Once the connections to the external realm lost, the Primary SHOULD withdraw the route towards the external realm previously announced. These two NAT routers SHOULD synchronize their mapping database in a timely fashion.
7 Load-balancing is the Primary for group 1, the Backup for group 2, while is the Primary for group 2 and the Backup for group 1 Two redundancy groups (e.g., Group A and Group B) are created on two NAT boxes. One is the Primary for group A, while the other is the Primary for group B, and the same time, they are the Backup serving the other group, respectively. Take IPv6->IPv4 NAT as an example, each group is associated with different Prefix64. For cold standby, each NAT router could use either the same or different external address pool for these redundancy groups. However, the external address pools on different NAT routers SHOULDN T have any overlap. For hot standby, each group SHOULD be associated with a difference address pool. The load-balance mechanism used by the internal hosts is outside of the scope of this document.
McAfee Endpoint Encryption Hot Backup Implementation 1 Endpoint Encryption Hot Backup Implementation Planning, Implementing and Managing SafeBoot Enterprise Systems SafeBoot Hot Backup Implementation Having
Mail-SeCure Load Balancing White Paper August, 2009 Load balancing essentials OUR INNOVATION YOUR SECURITY When building Mail-SeCure solutions, one of the ways to increase overall availability and performance
Creating Web Farms with Linux (Linux High Availability and Scalability) Horms (Simon Horman) email@example.com December 2001 For Presentation in Tokyo, Japan http://verge.net.au/linux/has/ http://ultramonkey.org/
Red Hat Enterprise Linux 7 Load Balancer Administration Load Balancer Add-on for Red Hat Enterprise Linux Red Hat Engineering Content Services Red Hat Enterprise Linux 7 Load Balancer Administration Load
Linux Virtual Server Administration RHEL5: Linux Virtual Server (LVS) Linux Virtual Server Administration: RHEL5: Linux Virtual Server (LVS) Copyright 2007 Red Hat, Inc. Building a Linux Virtual Server
Ecessa Proxy VoIP Manual Table of Contents Introduction...1 Configuration Overview...2 VoIP failover requirements...2 Import VoIP Authentication...3 Add a user manually...3 Setup...3 Hosted setup...3 Example
A PPLICATION N O T E Configuring multi-burb Sendmail with load sharing High Availability This document provides the steps that are needed to configure multi-burb Sendmail in a load sharing High Availability
CHAPTER 15 This chapter describes the security appliance failover feature, which lets you configure two security appliances so that one takes over operation if the other one fails. This chapter includes
WHY COX BUSINESS? SIP TRUNKING: BUSINESS CONTINUITY AND REDUNDANCY A White Paper 1 P a g e Table of Contents INTRODUCTION... 1 WHAT IS FAILURE?... 2 THE APPROACHES... 3 SINGLE SITE OPTIONS... 3 SEPARATE
Linux Virtual Server Administration 5.0 Linux Virtual Server (LVS) for Red Hat Enterprise Linux 5.0 ISBN: N/A Publication date: Linux Virtual Server Administration Building a Linux Virtual Server (LVS)
Copyright ZYCOO All Rights Reserved 1 / 8 If you have a scenario where you have two CooVox IP PBXs in two different locations then you can integrate them together to make free phone calls between locations.
White Paper EMC VNXe HIGH AVAILABILITY Overview Abstract This white paper discusses the high availability (HA) features in the EMC VNXe system and how you can configure a VNXe system to achieve your goals
BlackBerry Mobile Voice System for SIP Gateways and the Avaya Aura Session Manager Version: 5.3 Feature and Technical Overview Published: 2013-06-19 SWD-20130619135120555 Contents 1 Overview...4 2 Features...5
IOS Server Load Balancing Feature History Release 12.0(7)XE 12.1(1)E Modification This feature was introduced with support for the following platforms: Catalyst 6000 Family Switches with Supervisor Engine
Technical Considerations in a Windows Server Environment INTRODUCTION Cloud computing has changed the economics of disaster recovery and business continuity options. Accordingly, it is time many organizations
Tech Note: TechNote - Deploying CPPM with F5 BIG-IP Local Traffic Manager (LTM) Version Date Modified By Comments 0.1 July 2014 Danny Jump Early Draft Version 0.2 / 0.3 07/11/2014 Con Stathis Added sections
VoIP Netwrorking Configuration Guide Opera VoIP Networking Configuration Guide 1 VoIP Networking Configuration Guide Specifications subject to change without notice. DM-983 Draft 2 VoIP Netwrorking Configuration
Informix Dynamic Server May 2007 Availability Solutions with Informix Dynamic Server 11 1 Availability Solutions with IBM Informix Dynamic Server 11.10 Madison Pruet Ajay Gupta The addition of Multi-node
16-Channel VoIP Gateway Card Getting Started Model No. KX-TDA0490 Thank you for purchasing a Panasonic 16-Channel VoIP Gateway Card. Please read this manual carefully before using this product and save
Table of Contents About Toshiba Strata CIX and Broadvox SIP Trunking... 1 Requirements... 2 Purpose, Scope and Audience... 3 What is SIP Trunking?... 4 Business Advantages of SIP Trunking... 4 Technical
NETWORK SECURITY NSA 2400 SonicWALL Network Security Appliances Getting Started Guide SonicWALL NSA 2400 Getting Started Guide This Getting Started Guide provides instructions for basic installation and
Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...
Web Application Hosting Cloud Architecture Executive Overview This paper describes vendor neutral best practices for hosting web applications using cloud computing. The architectural elements described