NAT configuration example

Description

In a NAT environment, each NSP cluster and deployer VM should have network interfaces where NAT is used.

Example NAT settings in nsp-config,yml are shown below.

 ingressApplications:

    ingressController:

      clientAddresses:

        virtualIp: "private_client_IP"

        advertised: "public_client_IP"

      internalAddresses:

        virtualIp: "private_internal_IP"

        advertised: "public_internal_IP"

      mediationAddresses:

        virtualIp: "private_mediation_IP"

        advertised: "public_mediation_IP"

    trapForwarder:

      mediationAddresses:

        virtualIpV4: "private_trapV4_mediation_IP"

        advertisedV4: "public_trapV4_mediation_IP"

        virtualIpV6: "private_trapV6_mediation_IP"

        advertisedV6: "public_trapV6_mediation_IP"

    flowForwarder:

      mediationAddresses:

        virtualIpV4: "private_trapV4_mediation_IP"

        advertisedV4: "public_trapV4_mediation_IP"

        virtualIpV6: "private_trapV6_mediation_IP"

        advertisedV6: "public_trapV6_mediation_IP"

where

client_IP is the address for external client access

internal_IP is the address for internal communication

mediation_IP is the address for network mediation

trapV4_mediation_IP is the address for IPv4 network mediation

trapV6_mediation_IP is the address for IPv6 network mediation

each private address is the VM address on the internal network

each public address is the public VM address; required when the NSP deployer host and cluster nodes have different interfaces for internal and public traffic

Example NAT settings in k8s-deployer.yml are shown below.

hosts:

  - nodeName: node1

    nodeIp: private_IP_address

    isIngress: true

    accessIp: public_IP_address

  - nodeName: node2

    nodeIp: private_IP_address

    isIngress: true

    accessIp:  public_IP_address

  - nodeName: node3

    nodeIp: private_IP_address

    isIngress: false

    accessIp:  public_IP_address

 loadBalancerExternalIps:

  - private_IP_for_vips

where

private_IP_address is the VM IP address. All nodeIp addresses need to be in the same subnet.  If no accessIp is specified, this needs to be reachable from the deployer host.

public_IP_address is the optional public IP address corresponding to the private_IP_address in a NAT environment. It defaults to the nodeIP if not specified. This should be reachable from the deployer node.

private_IP_for_vips is the IP address that acts as a load balancer endpoint for the NSP cluster.