1 / 8

Out-of-Band & NAT on NLR

Out-of-Band & NAT on NLR. Grover Browning - Indiana University gcbrowni@grnoc.iu.edu. NLR Monitoring & Management. Many L2 & L3 devices are managed by command line and thus can be reached on a hop-by-hop basis. 1. SSH to ISDN Router. ISDN Router. Rack Router.

donaldehall
Download Presentation

Out-of-Band & NAT on NLR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Out-of-Band & NATon NLR Grover Browning - Indiana University gcbrowni@grnoc.iu.edu

  2. NLR Monitoring & Management • Many L2 & L3 devices are managed by command line and thus can be reached on a hop-by-hop basis. 1. SSH to ISDN Router. ISDN Router Rack Router 2. SSH/Dial to Rack-Lan Router. Backbone Router Local Router 3. SSH to unreachable router. X

  3. NLR Monitoring & Management • Most optical devices, including the NLR 15808 platforms, are managed by GUI applications. • These management stations require a route to the devices at all times, and generally don’t work well over dial-up lines. Denver 15808 Heartwell 15808 Chicago 15808

  4. NLR Monitoring & Management • Additionally, the 15808s are numbered out of RFC1918/10’s address space, which conflicts with local private addressing at both IU & CENIC. IU 10.0.10.0/24 Subnet. IU Router 10.0.10.1/24 10.0.10.2/24 10.0.10.3/24 Denver 15808 Heartwell 15808 Chicago 15808

  5. NLR Monitoring & ManagementRequirements • Management speed > 128k. • Automatic Routing during failures. • Private address conflict resolution. • Simple. • Pick 3.

  6.  NAT to the Rescue!  152.49.22.1 152.49.22.2 152.49.22.3 IU Router IU Commodity Peering Level3 152.49.22.0/23 152.49.4.0/23 Rack Router Rack Router 2 mb/s 2 mb/s NAT 152.49.22.0/27 to 10.0.10.0/24 Denver 15808 Heartwell 15808 Chicago 15808 10.0.10.1/24 10.0.10.2/24 10.0.10.3/24

  7. Inside NAT 152.49.4.0/23 152.49.22.0/23 Rack Router Level3 Rack Router Inside NAT turns our 152.49.22.1 destination address in to a 10.0.10.1 address. The 15808s use the entry point Rack Router as their default route. This is enough for normal management, but will not work in an outage situation. 10.0.10.254 Denver 15808 Heartwell 15808 Chicago 15808 10.0.10.1/24 D: 10.0.10.254 10.0.10.2/24 D: 10.0.10.254 10.0.10.3/24 D: 10.0.10.254

  8. Outside NAT Level3 152.49.4.0/23 152.49.22.0/23 Outside NAT turns our SOURCE address in to a 10.0.10.x address. Inside NAT then turn our 152.49.4.2 destination address in to a 10.0.10.2 address. The 15808 may then reply to 10.0.10.253 since that is a directly connected device. The entry point to 15808 segment is determined by the IP address managed, 152.49.22.1 or 152.49.4.1. The management station knows that each 15808 has two address, if the primary does not work then it tries the secondary. Rack Router Rack Router 10.0.10.254 10.0.10.253 Denver 15808 Heartwell 15808 X Chicago 15808 10.0.10.1/24 D: 10.0.10.254 10.0.10.2/24 D: 10.0.10.254 10.0.10.3/24 D: 10.0.10.254

More Related