Configuring a Static Source Tracing Algorithm
This section describes how to configure a static source tracing algorithm. A static source tracing algorithm is applicable to both centralized deployment modes and supports the NAT444 feature.
Usage Scenario
A static NAT source tracing algorithm is in essence a set of formula. The input is the private IP address range, public IP address range, port segment size, and port range. The output is the mapping between private IP addresses and public IP addresses/port range. When a device uses a static source tracing algorithm to implement NAT, the mapping between the private IP address range, public IP address range, and port range is fixed. In this case, NAT source tracing can be performed for NAT source tracing NEs, such as the AAA server, based on the algorithm so long as the source tracing algorithm parameters that are the same as those on the NAT device are obtained, instead of depending on the source tracing logs sent by NAT devices.
A static source tracing algorithm applies to both centralized and deployment scenarios, and support NAT load balancing scenarios in centralized deployment scenario. Figure 2-1 shows network deployment for static source tracing in centralized deployment mode.
Pre-configuration Tasks
Before configuring a static NAT source tracing algorithm, complete the following tasks:
- Check that the service boards have been installed and are working properly.
- Configure data link layer protocol parameters and IP addresses for interfaces so that the data link layer protocol on each interface can go Up.
Configuring a Mapping Policy for a Static Source Tracing Algorithm
With a mapping policy for a static source tracing algorithm, the mapping between the IP addresses in a private address pool, the IP addresses in a public address pool, and the port range can be manually specified.
Context
Before configuring a static source tracing algorithm, plan the mapping between private address pool and public address pool/port range. Once the private and public address pools are bound, the IP addresses in the public address pool can be used only by IP addresses in the private address pool.
Procedure
- Run system-view
The system view is displayed.
- Run nat static-mapping
The static source tracing algorithm view is displayed.
- Run inside-pool inside-pool-id
The private address pool ID is configured.
- Run section section-id start-address end-address
The private IP address range is configured.
- Run commit
The configuration is committed.
- Run quit
Exit the private address pool view.
- Run global-pool global-pool-id
The public address pool ID is configured.
- Run section section-id start-address end-address
The public IP address range is configured.
- Run commit
The configuration is committed.
- Run quit
Exit the public address pool view.
- Run static-mapping static-mapping-id inside-pool inside-pool-id global-pool global-pool-id port-range start-port end-port [ port-size port-size ]
The mapping between the private address pool and public address pool/port range is configured.
One public or private address pool can be bound to only one static source tracing algorithm.
- (Optional) Run exclude start-port end-port static-mapping static-mapping-id
The range of ports that are not allocated based on the static source tracing algorithm is configured.
- Run commit
The configuration is committed.
Applying a Static Source Tracing Algorithm to a NAT Instance
This section describes how to apply a static source tracing algorithm to a NAT instance so that the mapping between the IP addresses in the private and public address pools is applied to the NAT instance.
Context
A static source tracing algorithm and a dynamic NAT algorithm are mutually exclusive in the NAT instance view. After a static source tracing algorithm is bound to a NAT instance, the mapping relationship of the static source tracing algorithm is applied to the NAT instance.
Procedure
- Run system-view
The system view is displayed.
- Run nat
instance instance-name [ id id ]
The view of the NAT instance to which the static source tracing algorithm is applied is displayed.
- Run nat bind static-mapping static-mapping-id
The static source tracing algorithm is applied to the NAT instance.
A NAT instance applies only a single static source tracing algorithm.
- Run commit
The configuration is committed.
Verifying the Configuration of the Static Source Tracing Algorithm
After configuring a static NAT source tracing algorithm, check the configurations.
Procedure
- Run the display nat static-mapping static-mapping-id command to check parameters of the static source tracing algorithm with a specified ID.
- Run the display nat static-mapping { global-pool | inside-pool } pool-id command to check the public and private address pools of the static source tracing algorithm.
- Run the display nat static-mapping ipv4 ipv4-address command to check the mapping between private IP address and public IP addresses/port range calculated based on the static source tracing algorithm.
- Run the display nat static-mapping global-ipv4 command to check the private IP addresses of the static source tracing algorithm.