Abstract:This document describes the unique private network NAT gateway service of KYON, which supports the overlapping network on the cloud and helps your services to move to the cloud quickly.
This article is shared from the Huawei Cloud CommunityCloud small classes | huawei cloud KYON NAT gateway of the private network”, original author: Yun Xiaomeng.
Huawei Cloud Keep Your Own Network (KYON) enterprise cloud Network solution, to create a minimalist and agile path to the cloud, help enterprises to minimalist planning, agile migration, seamless integration, is the best choice for enterprises on the cloud. In the process of cloud migration, enterprises are faced with problems such as complex network planning and overlapping network segments of local data centers, which hinder enterprises from moving to the cloud. For this pain point, huawei Cloud KYON private network NAT gateway to help you solve.
Huawei Cloud KYON provides the unique private network NAT gateway service, which supports the overlapping network on the cloud. The cloud on the original network can be retained without replanning, greatly simplifying the process of service migration to the cloud.
What is a NAT gateway?
The Private NAT Gateway provides Private network address translation services for cloud hosts (elastic cloud servers, bare-metal servers, and cloud desktops) in the virtual Private cloud. You can configure SNAT and DNAT rules to translate the source and destination network segment addresses into private IP addresses. Using private IP addresses, cloud hosts in different private clouds with overlapping IP addresses can communicate with each other or access a data center or VPC on a remote private network using a specified IP address.
The private network NAT gateway provides SNAT and DNAT functions:
- The SNAT function enables multiple cloud hosts in different availability zones in a VPC to share a forwarding IP address and access external data centers or other VPCS by binding the forwarding IP address.
- The DNAT function can bind the transfer IP address. Multiple cloud hosts across availability zones in a VPC can share the transfer IP address by IP mapping or port mapping to provide services for external private networks.
The private NETWORK NAT gateway supports flexible networking with overlapping IP network segments and zero service modification, which reduces the cost and risk of enterprises on the cloud.
As shown in the preceding figure, the network segments of two local VPCS overlap. Configure two private NETWORK NAT gateways and configure SNAT and DNAT rules to translate the private NETWORK addresses of the local VPCS into forwarding IP addresses. In this way, cloud hosts in the two local VPCS can communicate with each other using forwarding IP addresses. The IDCs and VPCS on the remote private network are connected to the public VPCS through dedicated lines /VPN and peer connections. The local VPCS use the private NETWORK NAT gateway and configure SNAT rules to translate the private NETWORK address of the local VPCS into the specified IP address. A cloud host in a local VPC can access a remote private network using a specified IP address.
Transit subnet — The transit network in the private NAT gateway service. You can create a private network IP address in a transfer subnet so that cloud hosts in a local VPC can share this private network IP address to access user IDCs or remote VPCS in the same Region.
Public VPC specifies the VPC where the transit subnet resides.
Advantages of NAT gateway
The unique private network NAT gateway service of Huawei cloud supports flexible networking of large and small network segments. This service features simple planning, easy management, zero conflict, and greater security.
Jane planning
Currently, the network planning of the local data center (IDC) is complicated and requires overlapping network segment mapping. Therefore, the original network must remain unchanged after the enterprise connects to the cloud. The NAT gateway of huawei cloud private network simplifies the network planning process and migrates THE IDC network to the cloud without modification.
Easy to manage
The internal network of an enterprise is layered and domain-based. Multiple departments may have overlapping network segments. The network does not change after the enterprise is migrated to the cloud, and the enterprise network is still managed by layers and domains.
Zero conflict
Private NETWORK NAT supports private network address mapping. It translates private network addresses between VPCS whose network segments overlap. The IP addresses do not need to be changed during cloud migration.
A more secure
Enterprises need to manage IP addresses in a unified manner. The private NETWORK NAT gateway can map the network segments of different departments to a unified address segment that meets enterprise security standards for communication. In addition, specific IP addresses and ports can be opened based on enterprise security requirements.
How is the NAT gateway configured?
Three steps play private network NAT gateway, as shown in the following figure.
Step 1: Purchase a private NETWORK NAT gateway
To access the IDC or other VPCS or provide services externally, purchase a private NETWORK NAT gateway.
Step 2: Create a relay subnet and a relay IP
Multiple cloud hosts in the VPC must share the forwarding IP address.
Step 3: Create an SNAT/DNAT rule
Create SNAT rules for cloud hosts in a VPC to access user IDCs or other remote VPCS.
Create a DNAT rule for cloud hosts in a VPC to provide services for external private networks.
For more information about private NETWORK NAT gateways, please click here.
Click follow to learn about the fresh technologies of Huawei Cloud