Application Delivery (ADX)

Reply
Occasional Contributor
Posts: 8
Registered: ‎06-15-2011

Recommended topology for ServerIron ADX doing NAT?

We recently set up two NetIron switches and two ServerIron ADX 1008s, and I'm trying to figure out the best way to set them up.  Right now we're really only using one of each, for simplicity's sake.  We have an external /28 network and an internal /16 (which I could easily subdivide if necessary).

I'd like to set up the ADX to do NAT for the internal hosts.  Right now it is set up like this:

interface 1:   1.2.3.4 /28  (the external interface, connected to the "outside" VLAN on a switch)

management: 172.16.1.1 /16  (the internal interface, connected to the "inside" VLAN on the switch)

All of our other hosts are in the 172.16/16 network and are connected to the inside VLAN.  Now, I realize you can't run NAT or routing protocols over the management port.  So I think what I have to do is something like move the management interface to a different network, configure another port (say, interface 5) to be in the same network as the other hosts, connect that interface to the internal VLAN on the switch, and then set up NAT.

Does this make sense?  Will this allow for NAT and for subsequent setup of load balancing across internal servers?  Thanks very much for any advice!

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Recommended topology for ServerIron ADX doing NAT?

Hi tech-at-DBG,

     That should work fine.

     Also for your NetIron's you should setup them up for Multi-Chassis Trunking (MCT).

Thanks

Michael.

Occasional Contributor
Posts: 8
Registered: ‎06-15-2011

Re: Recommended topology for ServerIron ADX doing NAT?

Thanks, mschipp.  I guess my next question is how you configure the routing and NAT between the external and internal interfaces.  I've been over the manuals and the technical briefs, but most of the technical briefs assume you're running switch code, and our ADX is running router code.  Can you suggest a good overview?  Thanks!

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Recommended topology for ServerIron ADX doing NAT?

Hi tech-at-DBG,

     Is this what you need?

Example of static NAT

Static Nat.jpg

Configured for inside to outside translation

In the following example, the ServerIron is configured to translate the local host IP address 20.20.5.6 to the unique global address 15.15.15.15.

This example requires that Interfaces 1/5 and 1/1 be configured as Inside and Outside interfaces respectively as shown.

ServerIron(config)# interface ethernet 1/5

ServerIron(config-if-e1000-1/5) ip address 20.20.50.1 255.255.0.0

ServerIron(config-if-e1000-1/5) ip nat inside

ServerIron(config)# interface ethernet 1/1

ServerIron(config-if-e1000-1/5) ip address 30.30.0.1 255.255.0.0

ServerIron(config-if-e1000-1/5) ip nat outside

The following command configures the ServerIron to translate IP packets with a local IP address of 20.20.5.6 to the global IP address 15.15.15.15.

ServerIron(config)# ip nat inside source static 20.20.5.6 15.15.15.15

Configured for outside to inside translation

To configure the network shown in Figure 4 for Outside to Inside translation the only requirement is  that the Interface configured as an Outside interface must be configured with an additional IP address in the 15.15.15.0/24 network as shown in the following.

ServerIron(config)# interface ethernet 1/1

ServerIron(config-if-e1000-1/5) ip address 30.30.0.1 255.255.0.0

ServerIron(config-if-e1000-1/5) ip address 15.15.15.100 255.255.0.0

ServerIron(config-if-e1000-1/5) ip nat outside

Normally, NAT maps each private address that needs to be routed to the outside network to a

unique IP address from the pool. However, it is possible for the global address pool to have fewer

addresses than the number of private addresses. Use Port Address Translation (PAT) to handle this

case.

PAT maps a client’s IP address and TCP or UDP port number to both an IP address and a TCP or

UDP port number. In this way, the ServerIron can map many private addresses to the same public

address and use TCP or UDP port numbers to uniquely identify the private hosts.

Thanks

Michael.

Occasional Contributor
Posts: 8
Registered: ‎06-15-2011

Re: Recommended topology for ServerIron ADX doing NAT?

This works!  I was not expecting to find NAT information in the Security Guide, which seems like an odd place for it.  Thanks very much!

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Recommended topology for ServerIron ADX doing NAT?

You are welcome h-at-DBG

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.