< Home

Web: Example for Configuring Single-server Smart DNS in ISP Egress Mode

This section provides an example for configuring single-server smart DNS in ISP egress mode.

Networking Requirements

As shown in Figure 1, an enterprise deploys ISP1 server to provide the web service whose domain name is www.example.com. The private IP address of ISP1 server is 10.1.1.10, and the public IP address is 1.1.1.10. The DNS server on the enterprise intranet has the mapping between domain name www.example.com and ISP1 server public address 1.1.1.10.

When ISP1 users access www.example.com, the domain name can be resolved to public IP address 1.1.1.10 of the ISP1 server, then the access traffic be transmitted over the ISP1 network to the FW, and the FW can use the NAT Server function to map the public IP address to the private IP address 10.1.1.10 of the ISP1 server.

The enterprise also applies for a public IP address 2.2.2.10 from ISP2. The enterprise requires that when ISP2 users access www.example.com, the domain name can be resolved to this public IP address, then the access traffic be transmitted over the ISP2 network to the FW, and the FW can use the NAT Server function to map the public IP address to the private server IP address 10.1.1.10.

Figure 1 ISP egress-based Single-server smart DNS networking

Configuration Roadmap

To enable ISP2 users to obtain ISP2 address 2.2.2.10, configure smart DNS in ISP egress mode to change IP address 1.1.1.10 after DNS resolution to 2.2.2.10.

Because only one web server is deployed on the intranet, you need to configure single-server smart DNS in ISP egress mode. The configuration roadmap is as follows:

  1. Enable smart DNS.

  2. Configure single-server smart DNS in ISP egress mode.

  3. Configure the NAT server function.

    • Configure a NAT Server mapping for the FW to translate ISP1 public IP address 1.1.1.10 to the private IP address 10.1.1.10 of the ISP1 server, so that ISP1 users can access the ISP1 server using a public IP addresses.

    • Configure a NAT Server mapping for the FW to translate ISP2 public IP address 2.2.2.10 to the private IP address 10.1.1.10 of the ISP1 server, so that ISP2 users can access the ISP1 server using a public IP addresses.

  4. Configure the sticky load balancing function.

Procedure

  1. Choose Network > DNS > Smart DNS.
  2. Enable Smart DNS, and click Apply.
  3. In Smart DNS List, click Add.
  4. In Create Smart DNS, configure single-server smart DNS and change the DNS server address returned to ISP2 users from 1.1.1.10 (applied for from ISP1) to 2.2.2.10 (applied for from ISP2).

  5. Click OK.
  6. Choose Policy > NAT Policy > Server Mapping.
  7. In Server Mapping List, click Add.

  8. In Add Address Mapping, configure server mapping as follows to translate the public IP address (1.1.1.10) of ISP1 server to the private IP address (10.1.1.10).

    Name

    isp1_server_nat

    Public IP Address

    1.1.1.10

    Private IP Address

    10.1.1.10

  9. Click OK.
  10. Click Add again.
  11. In Add Address Mapping, configure server mapping as follows to translate IP address 2.2.2.10 after smart DNS mapping to private IP address 10.1.1.10 of the Web server.

    Name

    isp2_server_nat

    Public IP Address

    2.2.2.10

    Private IP Address

    10.1.1.10

  12. Click OK.
  13. Choose Network > Interface.
  14. Click of interfaces GigabitEthernet 0/0/1 and GigabitEthernet 0/0/2 respectively and configure sticky load balancing (in the example, basic interface settings, such as the interface IP addresses and default gateways, have been completed).

    The sticky load balancing function can be configured only after the IP address and gateway address are set on the interface.

Configuration Verification

  1. Run the ping www.example.com on the PC of an ISP2 user. The command output shows that the returned server address is 2.2.2.10.

  2. On the FW, choose Monitor > Session Table. The session table has the session entry with Destination Address being 2.2.2.10 and NAT Destination Address being 10.1.1.10.

Configuration Script

#
 nat server isp1_server_nat global 1.1.1.10 inside 10.1.1.10 no-reverse
 nat server isp2_server_nat global 2.2.2.10 inside 10.1.1.10 no-reverse
#
 dns-smart enable
# 
dns-smart group 1 type single
 real-server-ip 1.1.1.10
 out-interface GigabitEthernet0/0/2 map 2.2.2.10
#
interface GigabitEthernet 0/0/1
 ip address 1.1.1.2 255.255.255.0
 redirect-reverse next-hop 1.1.1.1
 gateway 1.1.1.1
#
interface GigabitEthernet0/0/2
 ip address 2.2.2.2 255.255.255.0
 redirect-reverse next-hop 2.2.2.1
 gateway 2.2.2.1
Parent Topic: Smart DNS (Inbound Link Selection)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >