Using NAT Gateway Pools
NAT Gateway pools define how the NAT Gateway translates outgoing traffic to public IP addresses. Each pool contains one or more IP address ranges (IP Networks), which are the public addresses to which the NAT Gateway translates outgoing traffic.
NAT Gateway Pools should be defined on VXCs connecting to resources outside your network, such as the internet. You do not need to define NAT Gateway Pools on VXCs connecting resources inside your network, such as connecting the company’s offices to the NAT Gateway.
You can define rules for each pool to control which traffic the pool manages. Each rule specifies a source address, which is a CIDRClassless Inter-domain Routing (CIDR) notation is a compact representation of an IP address and its associated network mask (subnet mask). For example, the */32 in 192.0.0.1/32 indicates that there is only one address in the range, equivalent to a subnet mask of 255.255.255.255.
For more information, see RFC 4632.
range that identifies the outgoing traffic the NAT Gateway should translate using that pool’s IP Networks. You can add up to 16 rules per pool and up to 16 pools per NAT Gateway.
How pools and rules work
When the NAT Gateway receives outgoing traffic, it evaluates the traffic against your configured pools and rules:
- If the traffic’s source address matches a rule in a pool, the NAT Gateway translates the source address to one of the IP addresses in that pool’s IP networks.
- If a pool has no rules, the NAT Gateway uses it for any traffic that does not match a rule in another pool.
- If you have not defined any rules across any pool, the NAT Gateway translates all traffic using IP addresses from the first pool.
NAT Gateway performs Source NAT, translating the source address of outgoing traffic from your private network. It does not translate incoming traffic from the internet.
Configuring pools and rules
You configure NAT Gateway pools and rules on VXCs connected to the NAT Gateway. Pools apply only to the VXCs on which they are configured.
The A-End (or B-End) can be configured in some VXCs during creation, others you have to come back and edit.
Before you begin
Before you can configure NAT Gateway pools and rules, you need to:
- have at least one Megaport NAT Gateway.
For more information, see Creating a NAT Gateway. - have at least one VXC connected to the NAT Gateway, or be creating one.
For more information, see Creating a NAT Gateway VXC.
Configure pools and rules when creating a VXC
You can configure NAT Gateway pools and rules when creating a new VXC on the NAT Gateway A-End or B-End configuration page. If you cannot configure pools and rules when creating the VXC, you can configure them after you order the VXC.
To configure NAT Gateway pools and rules when creating a VXC
-
On the NAT Gateway A-End or B-End configuration page, in the NAT Gateway Pools section, specify the pool details:
- IP Address Pool Name (optional) – A name for the pool.
- IP Networks – One or more CIDR ranges that define the public IP addresses to which the NAT Gateway translates outgoing traffic.
-
To add rules to the pool, click Show Rules and specify the rule details:
- Source Address – A CIDR range that identifies the outgoing traffic the NAT Gateway should translate using that pool’s IP Networks. You can add additional rules by clicking the add rule (+) button.
- Source Address – A CIDR range that identifies the outgoing traffic the NAT Gateway should translate using that pool’s IP Networks. You can add additional rules by clicking the add rule (+) button.
- To add additional pools, click the add pool (+) tab and repeat steps 1 and 2.
- When you are finished, click Next to continue creating the VXC.
Configure pools and rules on an existing VXC
You can configure NAT Gateway pools and rules on an existing VXC connected to a NAT Gateway.
To configure NAT Gateway pools and rules on an existing VXC
- On the Services page, select the NAT Gateway VXC you want to edit.
- Select the VXC A-End or B-End.
-
In the NAT Gateway Pools section, specify the pool details:
- IP Address Pool Name (optional) – A name for the pool.
- IP Networks – One or more CIDR ranges that define the public IP addresses to which the NAT Gateway translates outgoing traffic.
-
To add rules to the pool, click Show Rules and specify the rule details:
- Source Address – A CIDR range that identifies the outgoing traffic the NAT Gateway should translate using that pool’s IP Networks. You can add additional rules by clicking the add rule (+) button.
- Source Address – A CIDR range that identifies the outgoing traffic the NAT Gateway should translate using that pool’s IP Networks. You can add additional rules by clicking the add rule (+) button.
- To add additional pools, click the add pool (+) tab, then repeat steps 1 and 2.
- When you are finished, click Save.