How does NAT-based load balancing work

If you don't know what load balancing is, read the first paragraph of this article.

Network Address Translation

NAT is a relatively simple process and a rather common one too, used in every home router/gateway, and all it does is to make a transition between two different IP address spaces, with the intention to map an entire network to a single host.

Say you have the following networks: Network 1 (, Network 2 ( and Network 3 (, and a user from the Network 1 with the IP wants to reach a server in the Network 3 with the IP on TCP port 80. To do that the user crafts the messages with the corresponding source and destination, and sends it to the Gateway 1 by determining its media address (i.e. in ethernet networks that would be the gateway's MAC address). The gateway performs NAT, so the source is replaced with its own IP address ( and an unused TCP port by the Gateway 1 in Network 3 (i.e. 23456), creates an address mapping in its NAT table and sends the message to the final destination.

When the server receives the message, it looks as if it would originate from Gateway 1, so the reply will simply have its source-destination swapped. When the gateway receives the reply, it looks in the NAT table to find the original source, puts it in the message destination and finally sends the reply to the user.

You can read more about NAT at Wikipedia.

NAT-based Load Balancing

Network Manager uses a multi-to-one NAT mechanism to achieve load balancing by determining the interface that is going to be used for the process based on its traffic load.

This is implemented in Network Manager with the help of a virtual TAP interface that is configured with a static IP address ( and smallest metrics of all interfaces, so when an application creates a new IP session its traffic goes through the TAP interface. The NAT application acts as a gateway on the virtual interface and captures all traffic that comes through it, applies NAT on every packet and forwards it through one of the physical interfaces. Traffic load is measured continuously on all physical interfaces, so when a new IP session is created it is bind to the one with the lowest traffic load.