Objectives: As a Brocade Certified vRouter Engineer, you must be able to demonstrate the ability to install, configure and troubleshoot features of Brocade Vyatta Network OS.
Target: This course is for anyone tasked with configuring or managing the Brocade Vyatta vRouter. This course also for those who are preparing to take the BCVRE Certification Exam.
Course prerequisites: Before taking these bundled courses, students should have basic IT networking experience, including working knowledge of TCP/IP.
- Network Address Translation
- vRouter Packet Processing
- NAT Rulebases
- Exclusion Filters
Network Address Translation
Network address translation is the replacement of one IP address with another IP address in a packet header.
The most common use for NAT is to replace private addresses used within a network with registered public IP addresses in order to communicate over the Internet.
NAT can also be used inside a network to handle overlapping address ranges. This might occur when two companies merge, and both are using the same range of private network addresses.
NAT can also be used to hide the real address of a publicly-reachable device, such as a Web server.
Types of NAT
There are three basic types of NAT
- Source NAT replaces the source address of a packet as it passes through the vRouter.
- Destination NAT replaces the destination address of a packet as it passes through the vRouter.
- Bidirectional NAT combines source and destination NAT for translation in both directions.
vRouter Packet Processing
In the vRouter, the firewall filtering function occurs after destination NAT and the routing lookup, but before source NAT. When configuring firewall filter rules, you need to consider whether the traffic you want to filter is being translated in order to configure the correct addresses in your rules.
A NAT rulebase is a numbered list.
- This means that each rule has its own number.
You’ll have one rulebase for source translation, and another for destination translation, each with its own set of numbered rules.
The vRouter evaluates the rules in numerical order.
- If a packet matches a rule, the vRouter performs the translation defined in the rule, then exits the list.
NAT Rule Parameter
Each rule includes three parameters:
- Filters, which identify the traffic to be translated. If you do not define a filter, all traffic will match the rule.
- Post-translation address, which defines the IP address the vRouter will substitute when performing NAT.
- The interface where the rule is applied, and the direction for the rule. You must specify an interface.
- If you specify a port number in either the filter or the post-translation adddress, you must specify the layer 4 protocol (TCP, UDP, or both).
- NAT Source
- Allow NAT from network 126.96.36.199/24 to INTERNET
- NAT Destionation
- If Telnet (port 23) from INTERNET to 188.8.131.52 then translate to 184.108.40.206 port 23
- If SSH (port 22) from INTERNET to 220.127.116.11 then translate to 18.104.22.168 port 22
R2 NAT Source Configuration
R2 NAT Source Translation
R2 NAT Destination Configuration
R2 NAT Destination Translation
An exclusion filter allows you to specify traffic that you do NOT want translated.
A typical application is when you are performing source NAT on an Internet connection that is also carrying a private VPN.
- In that case, you want to translate everything EXCEPT traffic crossing the VPN
The End of The Word
That’s information “Supporting BCVRE Study Guide Chapter 7 NAT” who can admin infosolution.biz convey. Hope it is useful.
If you liked this article, don’t forget to click on the bell on the bottom right to get our updated information. And follow along too fans page facebook , chanel youtube and we instagram. Apart from that, we also have a collection of source code at GitHub. Thank you