NAT configuration example

Description

In a NAT environment, each NSP cluster and deployer VM should have network interfaces where NAT is used.

Example NAT settings in nsp-config,yml are shown below.

 ingressApplications:

    ingressController:

      clientAddresses:

        virtualIp: "private_client_IP"

        advertised: "public_client_IP"

      internalAddresses:

        virtualIp: "private_internal_IP"

        advertised: "public_internal_IP"

      mediationAddresses:

        virtualIp: "private_mediation_IP"

        advertised: "public_mediation_IP"

    trapForwarder:

      mediationAddresses:

        virtualIpV4: "private_trapV4_mediation_IP"

        advertisedV4: "public_trapV4_mediation_IP"

        virtualIpV6: "private_trapV6_mediation_IP"

        advertisedV6: "public_trapV6_mediation_IP"

    flowForwarder:

      mediationAddresses:

        virtualIpV4: "private_trapV4_mediation_IP"

        advertisedV4: "public_trapV4_mediation_IP"

        virtualIpV6: "private_trapV6_mediation_IP"

        advertisedV6: "public_trapV6_mediation_IP"

where

client_IP is the address for external client access

internal_IP is the address for internal communication

mediation_IP is the address for network mediation

trapV4_mediation_IP is the address for IPv4 network mediation

trapV6_mediation_IP is the address for IPv6 network mediation

each private address is the VM address on the internal network

each public address is the public VM address; required when the NSP deployer host and cluster nodes have different interfaces for internal and public traffic

Example NAT settings in k8s-deployer.yml are shown below.

hosts:

  - nodeName: node1

    nodeIp: private_IP_address

    isIngress: true

    accessIp: public_IP_address

  - nodeName: node2

    nodeIp: private_IP_address

    isIngress: true

    accessIp:  public_IP_address

  - nodeName: node3

    nodeIp: private_IP_address

    isIngress: false

    accessIp:  public_IP_address

 loadBalancerExternalIps:

  - private_IP_for_vips

where

private_IP_address is the VM IP address on the internal network

public_IP_address is the public VM address; required when the NSP deployer host and cluster nodes have different interfaces for internal and public traffic

private_IP_for_vips is the IP address that acts as a load balancer endpoint for the NSP cluster.