Transparency

From LB Wiki

The term transparency can mean a few different things in the network world, depending on the context in which it is used. When used with load balancing, transparency refers to preserving the true source IP address of an incoming client connection.

Another term for transparency is "half-NAT", and is named because in transparent mode, the load balancer only NATs either the source or the destination IP address, but not both.

Transparency NAT Example

Below is a NAT table, using the following IP addresses:

• Client IP: 1.1.1.1
• Virtual IP on load balancer: 2.2.2.2
• Server IP: 3.3.3.3

NAT Table
Step	Process	Source IP	Destination IP
Step 1	Client to load balancer	1.1.1.1	2.2.2.2
Step 2	Load balancer to server	1.1.1.1	3.3.3.3
Step 3	Server to load balancer	3.3.3.3	1.1.1.1
Step 4	Load balancer to client	2.2.2.2	1.1.1.1

In step 2, you'll notice that the server sees the connection coming from 1.1.1.1, so we preserve the true source. In many situations, this is preferable, because log analyzers often require that the true source be preserved in order to get accurate measures of site utilization.

Non-Transparency

Opposite of transparency is Non-Transparency, also known as "full-NAT" or "proxy mode". This is where the source and destination IP addresses are changed.

For an example, take the following set of IP addresses:

• Client IP: 1.1.1.1
• VIP on load balancer: 2.2.2.2
• Source-NAT IP: 3.3.3.1
• Server IP: 3.3.3.3

Notice we have one more IP address than we did in our transparent example above. We use this IP as the source address of all requests that we send to the server. From the server's perspective, all incoming connections appear to come from 3.3.3.1, instead of the true source of 1.1.1.1.

Full-NAT NAT Table
Step	Process	Source IP	Destination IP
Step 1	Client to load balancer	1.1.1.1	2.2.2.2
Step 2	Load balancer to server	3.3.3.1	3.3.3.3
Step 3	Server to load balancer	3.3.3.3	3.3.3.1
Step 4	Load balancer to client	2.2.2.2	1.1.1.1

_____________________