THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Introduction:
Currently on the private gateway there is no way to configure the Source NAT.
With this feature we can enable the source NAT service on the VPC private gateway.
Use Case:
Users might want to deploy multiple VPCs (with the same super CIDR) and/or guest Tier CIDR. So, there could be a possibility that multiple guest VM (from different VPCs) having the same IP need to reach a enterprise DC via the Private GW.
In these cases, NAT service is needed on the private GW.
Bug Reference: CLOUDSTACK-1828
Design:
Source NAT on private gateway can be enabled while adding private gateway. To enable source nat user can pass sourcenatsupported=true
parameter to the createPrivateGateway API. sourcenatsupported is not passed then source nat is not set on the private gateway.
It is an optional argument to API.
If Source NAT on private gateway is enabled then guest VMs in VPC reaches to enterprise network via private gateway ip address by NATing.
On deletion of private gateway deletes source NAT rules specific to private gateway.
APIs:
Existing API changes:
API Name |
New parameter |
Value |
|---|---|---|
createPrivateGateway |
sourcenatsupported(optional) |
true/false |
DB Changes:
Table: private_ip_addres
new column: type default value
source_nat boolean 0
Back end script changes:
When user enables source NAT on the private gateway the below iptables rules get configured on the VR.
Example SNAT rule on VR for private gateway.
- eth3 Private gateway interface
- 10.147.52.108 - private gateway ip address.
iptables -t NAT -A POSTROUTING -o eth3 -j SNAT --to-source 10.147.52.108
UI Changes:
The current private gateway configuration page needs a check box 'Set Source NAT' to enable/disable source NAT on private gateway
Supported hypervisors:
Xenserver
KVM
VmWare
Upgrade Changes:
No upgrade changes are needed.
To get source nat on existing private gateways, user need to delete and create with source NAT set.
Overview
Content Tools
Apps