Destination Network Address Translation for Bare Metal Servers

Contrail Networking Release 2005 supports Destination Network Address Translation (DNAT) for bare metal servers (BMS). DNAT enables traffic flow from a private network to the public network and also allows traffic flow from the public network to a private network. A private network can connect to a public network by routing traffic through a gateway device capable of performing DNAT.

In Contrail Networking, an MX Series device configured as a data center gateway (DC-GW) enables DNAT for a BMS deployed in a private network. The DC-GW device acts a bridge between a public network and a BMS by using a public IP address for the BMS. As part of DNAT, the DC-GW replaces the source IP address of the packet originating from the BMS with an IP address allocated from a public address pool configured on the MX Series device. The DC-GW then forwards the packet to the public network. Similarly, when the DC-GW also receives a packet from a public network, the DC-GW replaces the destination IP address of the packet with private IP address of the BMS and forwards the packet to the BMS.

Before you start using DNAT for BMS, you must enable DNAT in a DC-GW, create a public network and extend the network to the DNAT enabled DC-GW, create a floating IP address pool, and map a floating IP address to the BMS private network.

For more information on configuring an MX Series device as a DC-GW, see Configuring Data Center Gateway.

Enabling DNAT in a Data Center Gateway

Procedure

An MX Series device is capable of DNAT for a BMS, when an MX Series device is configured as a data center gateway (DC-GW). You must perform the following steps to enable DNAT in a DC-GW device:

  1. Navigate to Infrastructure>Fabrics>Fabric Name.

    A list of fabric devices are displayed.

  2. Select an MX Series from the list and click the Options icon.

    Click Edit from the displayed list. The Device Name Edit page is displayed.

  3. Expand the Netconf Settings section and enter the following values to add a service interface:

    Field

    Value

    Username

    Enter the username to add a service interface to the MX Series device.

    Password

    Enter the password to add a service interface to the MX Series device.

    Junos Service Interface

    Add a service interface created in Junos OS for an MX series device.

  4. Click Save to enable DNAT in a DC-GW device.

Extending a Public Virtual Network to the Data Center Gateway

Procedure

You must create a public virtual network that the DC-GW will use for DNAT. You must perform the following steps to create a public virtual network and extend the network to the DC-GW:

  1. Navigate to Overlay>Virtual Network.

    The All networks page is displayed.

  2. Click Create to create a network.

    The Create Virtual Network page is displayed.

  3. Enter values in the fields as described in Create Virtual Network.
  4. Expand the Advanced section.

    Select External to configure the network as a public virtual network.

    In the Extend to Physical Router(s) field, select the DC-GW device enabled with DNAT for BMS.

  5. Click Create to create a public network extended to the DC-GW.

Creating a Floating IP Address Pool

Procedure

You must create a floating IP address pool, which enables IP address mapping between the BMS deployed in a private virtual network and the DC-GW public virtual network. You must perform the following steps to create a floating IP address pool for the public virtual network:

  1. Navigate to Overlay>Floating IPs.

    The All Floating IPs tab is displayed.

  2. Click the Floating IP Pools tab.

    The Floating IP Pools page is displayed.

  3. Click Create to create a floating IP pool for the public virtual network.
  4. Enter the following values in the fields:

    Field

    Value

    Name

    Enter a name for the floating IP address pool.

    Network

    Select the public network you want to assign the floating IP address pool.

    Description

    Add a description for the floating IP address pool.

  5. Click Save to create a floating IP address pool extended to the public network.

Mapping Floating IP Address to the Fixed IP address of the BMS Private Network

Procedure

Mapping a floating IP address to the fixed IP address of the BMS enables the BMS to exchange data packets with a public network through a DC-GW. To map the floating IP address to the fixed IP address of the BMS you must perform the following steps:

NoteĀ If a virtual port is not assigned to the BMS, follow the steps described in Configuring Virtual Port Groups to create a virtual port for the BMS.

  1. Navigate to Overlay > Virtual Ports.

    A list of virtual port groups is displayed.

  2. Click Edit icon of the virtual port assigned to the BMS.

    The Edit Virtual Port page is displayed.

  3. In the Floating IPs field, select the floating IP address, which is mapped to the public network.
  4. Click Save. The Virtual Ports page is displayed.

    Figure 205: Floating IP Address Mapped to the Fixed IP Address of the BMS

    Floating IP Address Mapped to the Fixed IP Address
of the BMS

The floating IP address is now mapped to the BMS private network.