Network address translation method

 

You can use i5/OS® packet filtering to route traffic between a partition and the outside network.

Network address translation (NAT) can route traffic between your virtual Ethernet network and the external network. This particular form of NAT is called static NAT, and it will allow both inbound and outbound IP traffic to and from the virtual Ethernet network. Other forms of NAT like masquerade NAT also work if your virtual Ethernet network does not need to receive traffic initiated by external clients. Like the TCP/IP routing and proxy ARP methods, you can take advantage of your existing i5/OS network connection. Because you will be using IP packet rules, use iSeries™ Navigator to create and apply your rules.

The following figure is an example of using NAT to connect your virtual Ethernet network to an external network. The 10.1.1.x network represents an external network while the 192.168.1.x network represents the virtual Ethernet network.

In this example, any existing TCP/IP traffic for the system runs over the 10.1.1.2 interface. A new interface, 10.1.1.3, is created for communicating between the 10.1.1.x network and the 192.168.1.x network. Because this is a static map scenario, the inbound traffic gets translated from the 10.1.1.3 interface to the 192.168.1.5 interface. The outbound traffic gets translated from the 192.168.1.5 interface to the external 10.1.1.3 interface. Partition A and partition B use their virtual interfaces 192.168.1.1 and 192.168.1.5 to communicate with one another.

To make static NAT work, you need to first set up your i5/OS and TCP/IP communications. Then you will create and apply some IP Packet rules. To configure virtual Ethernet to use the NAT method, complete these configuration tasks:

  1. Step 1: Enabling logical partitions to participate in a virtual Ethernet
    The first step for associating the virtual interface with an external interface is to enable virtual Ethernet.
  2. Step 2: Creating Ethernet line descriptions
    You need to perform this step in one of two ways depending on the model you are using. Select the appropriate procedure for your particular model.
  3. Step 3: Turning on IP datagram forwarding
    Turn on IP datagram forwarding so that the packets can be forwarded among different subnets.
  4. Step 4: Creating the interfaces
    To allow traffic between your virtual Ethernet network and the external network, you need to create several TCP/IP interfaces for your system.
  5. Step 5: Verifying network communications
    You can now verify your network communications.
  6. Step 6: Creating packet rules
    Use the Address Translation wizard in iSeries Navigator to create the packet rules that map the private address on partition A to the public address on partition B.
  7. Step 7: Verifying network communications
    After creating the packet rules, verify network communications.

 

Parent topic:

TCP/IP techniques connecting virtual Ethernet to external LANs

Related concepts
Proxy Address Resolution Protocol method TCP/IP routing method Virtual Ethernet considerations