Layer 4 load balancing NAT mode

NAT stands for Network Address Translation.

In the NAT mode, the load-balancer will route traffic between user and server by changing destination IP address of the packets.

TCP connection overview

TCP connection is established between the client and the server.
The loadbalancer just ensures a client is always forwarded to the same server.

Data flow

As shown below, the clients get connected to the service VIP.
The load balancer chooses a server in the pool then forwards packets to it by changing destination IP address.

Pros and cons


  • fast load balancing
  • easy to deploy


  • infrastructure intrusive: need to change the default gateway of the servers
  • The server default gateway must use the load balancer, in order to do reverse NAT operation.
  • output bandwith is limitated by loadbalancer output capacity

When use this architecture?

  • where response time matters
  • where no intelligence is required
  • when output capacity of the load-balancer won’t be a bottleneck in a near future
  • when nothing but the default gateway of the servers can be changed


9 thoughts on “Layer 4 load balancing NAT mode”

  1. Great review! You actually covered some interesting things in this post. I came across it by using Yahoo and I’ve got to admit that I already subscribed to the RSS feed, will be following you on my iphone 🙂

  2. Do you think this would handle an application that requires multiple connections (not just a single connection) between the client & server? I am looking for a load balancer that will handle this situation

    1. Hi William,

      Of course it will work.
      In that case, I guess all the connection from a single user must go to the same server, so use a balancing algorithm based on source IP address (an alternative solution exists if all your services rely on TCP).
      You can download an evaluation Aloha VM on our website: and try it in a POC.
      We’ll be keen to help you configure your appliance for your POC.


  3. Thanks Baptiste, you are correct about the single user communicating to the same server requirement plus all communication is TCP. I should add that this is a real-time communication and we know that reserve proxy load balancing breaks the communication. I do have a support ticket open (about another matter) so perhaps that would be the best way to continue this discussion? I have the virtual appliance installed already but not set-up yet.

Leave a Reply

Your email address will not be published. Required fields are marked *