6.3.0 release documentation #676
Conversation
docs/config_dnat.md
Outdated
| [`dynamic-source-nat`](config_command_guide.md#configure-authority-router-node-device-interface-network-interface-dynamic-source-nat): Defines the prefixes that need to be dynamically source natted for packets ingressing this interface. | ||
|
|
||
| - [`local-ip`](config_command_guide.md#configure-authority-router-node-device-interface-network-interface-dynamic-source-nat-local-ip): For packets ingressing this interface, the IP that is source NAT'ed to the `remote-ip`. | ||
| - [`remote-ip`](config_command_guide.md#configure-authority-router-node-device-interface-network-interface-dynamic-source-nat-remote-ip): For packets ingressing this interface, the IP where the `local-ip` will be source NAT'ed. |
There was a problem hiding this comment.
Maybe worth mentioning remote-ip need to be /32 prefix.
| @@ -0,0 +1,76 @@ | |||
| --- | |||
| title: Dynamic Source NAT | |||
There was a problem hiding this comment.
Maybe more a question for @avinashbhat80 and @MichaelBaj, shall we use Dynamic Ingress Source NAT to be more accurate naming for this feature?
docs/config_static_nat.md
Outdated
| @@ -0,0 +1,109 @@ | |||
| --- | |||
| title: Static NAT | |||
There was a problem hiding this comment.
I think this came from the func-spec. But I would like to propose this feature to be updated Static Bidirectional NAT because the content is referring to bidirectional NAT often.
docs/config_static_nat.md
Outdated
|
|
||
| ### Non-SVR Traffic | ||
|
|
||
| In order for non-SVR traffic (for example, LAN-to-LAN traffic traversing a single SSR) to take advantage of static-NAT addressing, you must disable egress source-nat at the service level by setting `service > source-nat` to `disabled` as shown below. |
There was a problem hiding this comment.
There are two more ways to disable egress source nat that we want to include here
- disable egress source-nat at the network-interface level by setting
network-interface > source-nattofalseand not configuringnetwork-interface > egress-source-nat-pool
authority
router SSR-router
name SSR-router
node SSR-node
name SSR-node
device-interface egress-LAN
name egress-LAN
network-interface egress-LAN
name egress-LAN
source-nat false
egress-source-nat-pool <DON'T CONFIGURE>
exit
exit
exit
exit
exit
- disable egress source-nat at the service-route level by not configuring
service-route > next-hop > source-nat-pool
authority
router SSR
service-route LAN-to-LAN-route
name LAN-to-LAN-route
service-name LAN-to-LAN
next-hop node egress-LAN
node-name SSR-node
interface egress-LAN
source-nat-pool <DON'T CONFIGURE>
exit
exit
exit
exit
docs/config_dnat.md
Outdated
|
|
||
| Dynamic Source NAT translates multiple source IP addresses into a smaller pool of translated addresses and dynamic ports, which conserves public IP address space and provides the flexibility to source NAT a specific IP range. This supports scaling up sessions for an internal service. For example, in a corporate office with a SIP phone service where all phones have different IPs on port 5060, these internal IP addresses are source NAT’ed to a single external IP address. | ||
|
|
||
| Dynamic Source NAT may also provide solutions for IP address conflicts, but because it is not mapping NAT one-to-one, it is not required to facilitate the destination NAT mapping for network connections from the external client to the internal client. |
There was a problem hiding this comment.
Maybe more clearer to the reader that they should not be confused or expect this to work like bidirectional-nat.
Dynamic Source NAT may also provide solutions for IP address conflicts, but the IP mapping is not one-to-one and does NOT provide destination NAT in the reverse direction. To facilitate the destination NAT mapping for network connections from the external client to the internal client, use
bidirectional-nat(add a link here).
… make it more usable.
…adding network interface info.
…added the \ delimiter.
… '6.3.0-traffic-engineering' into 6.3.0-release-documentation
No description provided.