日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程资源 > 编程问答 >内容正文

编程问答

深入理解Netscaler INat

發布時間:2025/3/8 编程问答 26 豆豆
生活随笔 收集整理的這篇文章主要介紹了 深入理解Netscaler INat 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

????????????????深入理解Netscaler INat

NetscalerINat主要是用作基于目的地址的轉換,將client訪問的公網IP通過Netscaler轉換成服務器的私網IP,與DNAT作用類似。由于Netscaler默認的工作機制就是同時做源IP:【源端口】+目的IP:【目的端口】的轉換,也就是說它默認執行了NAPT(端口映射)但有不完全等同與NAPTNAPT只替換目的IP和端口,而Netscaler默認是全部替換的。

測試環境:

SNIP10.110.110.121

????? 10.110.140.151

????? 10.110.140.152

MIP?10.110.140.153

VIP111.1.1.1

Client10.110.110.146

Server VIP10.110.140.150

Server10.110.110.130

?

配置方法:

> add inat <name> <public ip> <private ip>(private ip不能是Netscaler所屬的IP包括VIP)

???????? -ftp ( ENABLED | DISABLED )

???????? -mode STATELESS

???????? -proxyIP <ip_addr|ipv6_addr>

???????? -tcpproxy ( ENABLED | DISABLED )

???????? -td <positive_integer>

???????? -tftp ( ENABLED | DISABLED )

???????? -usip ( ON | OFF )

???????? -usnip ( ON | OFF )


When the appliance forwards a packet to a server, the source IP address assigned to the

packet is determined as follows:

  • If use subnet IP (USNIP) mode is enabled and use source IP (USIP) mode is disabled,

the NetScaler uses a subnet IP address (SNIP) as the source IP address.

  • If USNIP mode is disabled and USIP mode is disabled, the NetScaler uses a mapped IP

address (MIP) as the source IP address.

  • If USIP mode is enabled, and USNIP mode is disabled the NetScaler uses the client IP

(CIP) address as the source IP address.

  • If both USIP and USNIP modes are enabled, USIP mode takes precedence.

  • You can also configure the NetScaler to use a unique IP address as the source IP

address, by setting the proxyIP parameter.

  • If none of the above modes is enabled and a unique IP address has not been

specified, the NetScaler attempts to use a MIP as the source IP address.

  • If both USIP and USNIP modes are enabled and a unique IP address has been

specified, the order of precedence is as follows: USIP-unique IP-USNIP-MIP-Error.

To protect the NetScaler from DoS attacks, you can enable TCP proxy. However, if other

protection mechanisms are used in your network, you may want to disable them.

?

如果啟用了proxy ip,那么與服務器連接就只用一個SNIP,與靜態DNAT類似

如果關閉proxy ip,Netscaler將采用輪訓的方式,用與私網目的IP一個網段的SNIP來連接服務器,類似動態DNAT

?

只打開USIP時,Netscaler會用client的源ip來與后臺私網連接(由于測試環境沒有去client的路由因此沒有完成TCP連接)

同時打開USIP和USNIP時,由于USIP的優先級高于USNIP,Netscaler會用client的源ip來與后臺私網連接(由于測試環境沒有去client的路由因此沒有完成TCP連接)

關閉USIP和USNIP后,Netscaler會用MIP來與后臺連接

關閉USIP和USNIP,但選擇了Proxy IP后,被選擇的SNIP優先高于MIP,會用它與后臺服務器連接

?

不管是用USIP還是USNIP,啟用了TCP proxy后Netscaler都會用client源IP來與后臺連接,tcp proxy可以保護Netscaler抵抗DOS***

Mode中的stateless只能應用與IPV4-IPV6的轉換




轉載于:https://blog.51cto.com/caojin/1898173

總結

以上是生活随笔為你收集整理的深入理解Netscaler INat的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。