怎么用网站的二级目录做排名,北京网站制作收费明细,网站如何做熊掌号,宜昌seo深入理解Netscaler INatNetscaler的INat主要是用作基于目的地址的转换#xff0c;将client访问的公网IP通过Netscaler转换成服务器的私网IP#xff0c;与DNAT作用类似。由于Netscaler默认的工作机制就是同时做源IP#xff1a;【源端口】目的IP#xff1a;【目的端口】的转换… 深入理解Netscaler INatNetscaler的INat主要是用作基于目的地址的转换将client访问的公网IP通过Netscaler转换成服务器的私网IP与DNAT作用类似。由于Netscaler默认的工作机制就是同时做源IP【源端口】目的IP【目的端口】的转换也就是说它默认执行了NAPT端口映射但有不完全等同与NAPT。NAPT只替换目的IP和端口而Netscaler默认是全部替换的。测试环境SNIP10.110.110.121 10.110.140.151 10.110.140.152MIP 10.110.140.153VIP111.1.1.1Client10.110.110.146Server VIP10.110.140.150Server10.110.110.130 配置方法: add inat name public ip private ip(private ip不能是Netscaler所属的IP包括VIP -ftp ( ENABLED | DISABLED ) -mode STATELESS -proxyIP ip_addr|ipv6_addr -tcpproxy ( ENABLED | DISABLED ) -td positive_integer -tftp ( ENABLED | DISABLED ) -usip ( ON | OFF ) -usnip ( ON | OFF )When the appliance forwards a packet to a server, the source IP address assigned to thepacket is determined as follows:If use subnet IP (USNIP) mode is enabled and use source IP (USIP) mode is disabled,the NetScaler uses a subnet IP address (SNIP) as the source IP address.If USNIP mode is disabled and USIP mode is disabled, the NetScaler uses a mapped IPaddress (MIP) as the source IP address.If USIP mode is enabled, and USNIP mode is disabled the NetScaler uses the client IP(CIP) address as the source IP address.If both USIP and USNIP modes are enabled, USIP mode takes precedence.You can also configure the NetScaler to use a unique IP address as the source IPaddress, by setting the proxyIP parameter.If none of the above modes is enabled and a unique IP address has not beenspecified, the NetScaler attempts to use a MIP as the source IP address.If both USIP and USNIP modes are enabled and a unique IP address has beenspecified, the order of precedence is as follows: USIP-unique IP-USNIP-MIP-Error.To protect the NetScaler from DoS attacks, you can enable TCP proxy. However, if otherprotection mechanisms are used in your network, you may want to disable them. 如果启用了proxy ip那么与服务器连接就只用一个SNIP与静态DNAT类似如果关闭proxy ipNetscaler将采用轮训的方式用与私网目的IP一个网段的SNIP来连接服务器类似动态DNAT 只打开USIP时Netscaler会用client的源ip来与后台私网连接由于测试环境没有去client的路由因此没有完成TCP连接同时打开USIP和USNIP时由于USIP的优先级高于USNIPNetscaler会用client的源ip来与后台私网连接由于测试环境没有去client的路由因此没有完成TCP连接关闭USIP和USNIP后Netscaler会用MIP来与后台连接关闭USIP和USNIP但选择了Proxy IP后被选择的SNIP优先高于MIP会用它与后台服务器连接 不管是用USIP还是USNIP启用了TCP proxy后Netscaler都会用client源IP来与后台连接tcp proxy可以保护Netscaler抵抗DOS***Mode中的stateless只能应用与IPV4-IPV6的转换 转载于:https://blog.51cto.com/caojin/1898173
