New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
6.3.0 release documentation #676
base: master
Are you sure you want to change the base?
Conversation
docs/config_dnat.md
Outdated
[`dynamic-source-nat`](config_command_guide.md#configure-authority-router-node-device-interface-network-interface-dynamic-source-nat): Defines the prefixes that need to be dynamically source natted for packets ingressing this interface. | ||
|
||
- [`local-ip`](config_command_guide.md#configure-authority-router-node-device-interface-network-interface-dynamic-source-nat-local-ip): For packets ingressing this interface, the IP that is source NAT'ed to the `remote-ip`. | ||
- [`remote-ip`](config_command_guide.md#configure-authority-router-node-device-interface-network-interface-dynamic-source-nat-remote-ip): For packets ingressing this interface, the IP where the `local-ip` will be source NAT'ed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe worth mentioning remote-ip
need to be /32
prefix.
@@ -0,0 +1,76 @@ | |||
--- | |||
title: Dynamic Source NAT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe more a question for @avinashbhat80 and @MichaelBaj, shall we use Dynamic Ingress Source NAT
to be more accurate naming for this feature?
docs/config_static_nat.md
Outdated
@@ -0,0 +1,109 @@ | |||
--- | |||
title: Static NAT |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this came from the func-spec. But I would like to propose this feature to be updated Static Bidirectional NAT
because the content is referring to bidirectional NAT
often.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The static NAT and dynamic source NAT parts look good 👍.
docs/config_static_nat.md
Outdated
|
||
### Non-SVR Traffic | ||
|
||
In order for non-SVR traffic (for example, LAN-to-LAN traffic traversing a single SSR) to take advantage of static-NAT addressing, you must disable egress source-nat at the service level by setting `service > source-nat` to `disabled` as shown below. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are two more ways to disable egress source nat that we want to include here
- disable egress source-nat at the network-interface level by setting
network-interface > source-nat
tofalse
and not configuringnetwork-interface > egress-source-nat-pool
authority
router SSR-router
name SSR-router
node SSR-node
name SSR-node
device-interface egress-LAN
name egress-LAN
network-interface egress-LAN
name egress-LAN
source-nat false
egress-source-nat-pool <DON'T CONFIGURE>
exit
exit
exit
exit
exit
- disable egress source-nat at the service-route level by not configuring
service-route > next-hop > source-nat-pool
authority
router SSR
service-route LAN-to-LAN-route
name LAN-to-LAN-route
service-name LAN-to-LAN
next-hop node egress-LAN
node-name SSR-node
interface egress-LAN
source-nat-pool <DON'T CONFIGURE>
exit
exit
exit
exit
docs/config_dnat.md
Outdated
|
||
Dynamic Source NAT translates multiple source IP addresses into a smaller pool of translated addresses and dynamic ports, which conserves public IP address space and provides the flexibility to source NAT a specific IP range. This supports scaling up sessions for an internal service. For example, in a corporate office with a SIP phone service where all phones have different IPs on port 5060, these internal IP addresses are source NAT’ed to a single external IP address. | ||
|
||
Dynamic Source NAT may also provide solutions for IP address conflicts, but because it is not mapping NAT one-to-one, it is not required to facilitate the destination NAT mapping for network connections from the external client to the internal client. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe more clearer to the reader that they should not be confused or expect this to work like bidirectional-nat
.
Dynamic Source NAT may also provide solutions for IP address conflicts, but the IP mapping is not one-to-one and does NOT provide destination NAT in the reverse direction. To facilitate the destination NAT mapping for network connections from the external client to the internal client, use
bidirectional-nat
(add a link here).
… make it more usable.
…adding network interface info.
…added the \ delimiter.
… '6.3.0-traffic-engineering' into 6.3.0-release-documentation
No description provided.