How Do Computers Talk Across the Internet? Exploring LVS, NAT & FULLNAT

How Two Computers Communicate on the Internet

Before discussing LVS load balancing, it is essential to understand how two computers find each other on the Internet. Each computer must know the other's IP address (the network‑level identifier) and MAC address (the link‑layer identifier), as well as the destination port number that identifies the specific service.

The six essential elements for communication are: source IP, source MAC, source port, destination IP, destination MAC, and destination port.

When a host does not know the MAC address of the remote host (especially when they are on different subnets), it uses the ARP protocol. The host broadcasts an ARP request (target MAC = FF:FF:FF:FF:FF:FF). Switches forward the broadcast and learn the sender's MAC‑port mapping; the router replies with its own MAC address, which becomes the "next hop" MAC for the sender.

Command to view the ARP cache:

arp -a

The router then consults its routing table (viewable with

route -n

) to determine the next‑hop gateway using a bitwise AND between the destination IP and each entry's netmask. The MAC address of that gateway becomes the next hop.

LVS Load Balancing Overview

As Internet traffic grows, a single server may become insufficient. LVS (Linux Virtual Server) provides four‑layer (transport‑layer) load balancing, forwarding packets without establishing connections with clients, thus offering low‑cost, high‑efficiency distribution.

NAT Mode

In NAT mode, the load balancer rewrites the destination fields of incoming packets: the original destination IP, port, and MAC are replaced with the IP, port, and MAC of a selected real server, while the source fields remain unchanged (DNAT). The real server replies, and the load balancer performs SNAT, rewriting the source fields back to the client’s original address before sending the response.

Key points of NAT mode:

Only the destination IP/port is altered, enabling port forwarding.

The real server’s default gateway must be the load balancer, so both reside in the same LAN.

All request and response packets pass through the load balancer.

FULLNAT Mode

FULLNAT modifies both source and destination fields of packets, allowing the load balancer and real servers to be in different networks. The balancer performs SNAT and DNAT simultaneously on inbound packets, and reverses the process on outbound packets.

Key points of FULLNAT mode:

Both source and destination IP addresses are rewritten, enabling port forwarding across disparate networks.

The load balancer does not need to act as a gateway; it can reside in a different subnet from the real servers.

The real server sees the connection as DIP → RIP and cannot obtain the original client IP.

All traffic still traverses the load balancer.

Both NAT and FULLNAT require that response packets also pass through the load balancer, which can become a bottleneck for large responses. Strategies to offload response traffic are discussed in the next article.