NAT is not new concept in Networking, In this i will discuss what are the different types of NAT available at Tier-0 and Tier-1 Router and How to Configure NAT.
Source NAT (SNAT) - Tier 1
It changes the source address in the IP header of a packet. It can also change the source port in the TCP/UDP headers. The typical usage is to change a private address/port into a public address/port for packets leaving your network.You can create a rule to either enable or disable source NAT.
Prerequisites for SNAT
Destination NAT changes the destination address in IP header of a packet. It can also change the destination port in the TCP/UDP headers. The typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.You can create a rule to either enable or disable destination NAT.
Prerequisites for DNAT
When a tier-0 logical router is running in Active-Active ECMP mode, you cannot configure stateful NAT where asymmetrical paths might cause issues. For Active-Active ECMP routers, you can use reflexive NAT (sometimes called stateless NAT).
For reflexive NAT, you can configure a single source address to be translated, or a range of addresses. If you configure a range of source addresses, you must also configure a range of translated addresses. The size of the two ranges must be the same. The address translation will be deterministic, meaning that the first address in the source address range will be translated to the first address in the translated address range, the second address in the source range will be translated to the second address in the translated range, and so on.
Prerequisites for Reflexive NAT
1. Login to NSX Manager UI
2. Create Tier 1 Logical Router and Connect it with Tier 0 Logical Router
Routing > Routers > Add > Tier -1
3. Configure the Logical Router Details
4. Create Logical Switch
Switching > Switches > Add
5. Create a Router Port in Tier 1 Logical Router to connect it to Logical Switch
Routing > Routers > Select Tier 1 Logical Router > Configuration > Ports > Add
6. Add SNAT rule in Tier 1 Logical Router
Routing > Routers > Select Tier 1 Logical Router > Services > NAT > Add NAT Rule
7. Likewise add DNAT Rule too
8. Configure Route Advertisement in Tier 1 Logical Router
Routing > Routers > Select Tier 1 Logical Router > Routing > Route Advertisement > Edit > configure it > Save
9. Configure Route Redistribution in Tier-0 Logical Router
Routing > Routers > Select Tier 0 Logical Router > Routing > Route Redistribution > Select the Desired Sources > Save
Source NAT (SNAT) - Tier 1
It changes the source address in the IP header of a packet. It can also change the source port in the TCP/UDP headers. The typical usage is to change a private address/port into a public address/port for packets leaving your network.You can create a rule to either enable or disable source NAT.
Prerequisites for SNAT
- The tier-0 router must have an uplink connected to a VLAN-based logical switch.
- The tier-0 router must have routing (static or BGP) and route redistribution configured on its uplink to the physical architecture.
- The tier-1 routers must each have an uplink to a tier-0 router configured. It must be backed by an edge cluster.
- The tier-1 routers must have downlink ports and route advertisement configured.
- The VMs must be attached to the correct logical switches.
Destination NAT changes the destination address in IP header of a packet. It can also change the destination port in the TCP/UDP headers. The typical usage of this is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.You can create a rule to either enable or disable destination NAT.
Prerequisites for DNAT
- The tier-0 router must have an uplink connected to a VLAN-based logical switch.
- The tier-0 router must have routing (static or BGP) and route redistribution configured on its uplink to the physical architecture.
- The tier-1 routers must each have an uplink to a tier-0 router configured. It must be backed by an edge cluster.
- The tier-1 routers must have downlink ports and route advertisement configured.
- The VMs must be attached to the correct logical switches.
When a tier-0 logical router is running in Active-Active ECMP mode, you cannot configure stateful NAT where asymmetrical paths might cause issues. For Active-Active ECMP routers, you can use reflexive NAT (sometimes called stateless NAT).
For reflexive NAT, you can configure a single source address to be translated, or a range of addresses. If you configure a range of source addresses, you must also configure a range of translated addresses. The size of the two ranges must be the same. The address translation will be deterministic, meaning that the first address in the source address range will be translated to the first address in the translated address range, the second address in the source range will be translated to the second address in the translated range, and so on.
Prerequisites for Reflexive NAT
- The tier-0 router must have an uplink connected to a VLAN-based logical switch.
- The tier-0 router must have routing (static or BGP) and route redistribution configured on its uplink to the physical architecture.
- The tier-1 routers must each have an uplink to a tier-0 router configured. It must be backed by an edge cluster.
- The tier-1 routers must have downlink ports and route advertisement configured.
- The VMs must be attached to the correct logical switches.
1. Login to NSX Manager UI
2. Create Tier 1 Logical Router and Connect it with Tier 0 Logical Router
Routing > Routers > Add > Tier -1
3. Configure the Logical Router Details
Switching > Switches > Add
5. Create a Router Port in Tier 1 Logical Router to connect it to Logical Switch
Routing > Routers > Select Tier 1 Logical Router > Configuration > Ports > Add
6. Add SNAT rule in Tier 1 Logical Router
Routing > Routers > Select Tier 1 Logical Router > Services > NAT > Add NAT Rule
7. Likewise add DNAT Rule too
8. Configure Route Advertisement in Tier 1 Logical Router
Routing > Routers > Select Tier 1 Logical Router > Routing > Route Advertisement > Edit > configure it > Save
9. Configure Route Redistribution in Tier-0 Logical Router
Routing > Routers > Select Tier 0 Logical Router > Routing > Route Redistribution > Select the Desired Sources > Save
No comments:
Post a Comment