beautypg.com

Dns mapping, Nat multiple-instance – H3C Technologies H3C SecPath F1000-E User Manual

Page 445

background image

4

DNS mapping

As introduced above, you can specify a public IP address and port number for an internal server on the

public network interface of a NAT gateway, so that external users can access the internal server using
its domain name or pubic IP address.

Figure 3 Diagram for NAT DNS mapping operation


In

Figure 3

, an internal host wants to access an internal server on the same private network by using its

domain name, while the DNS server is located on the public network. Typically, the DNS server replies

with the public address of the internal server to the host. However, without relevant processing of the

NAT device, the host cannot access the internal server using its domain name. In this case, the DNS
mapping feature can solve the problem.
A DNS mapping entry records the domain name, public address, public port number, and protocol

type of an internal server. Upon receiving a DNS reply, the NAT-enabled device matches the domain

name in the message against the DNS mapping entries. If a match is found, the private address of the
internal server is found and NAT replaces the public IP address in the reply with the private IP address.

Then, the host can use the private address to access the internal server.

NAT multiple-instance

This feature allows users from different MPLS VPNs to access external networks through the same

outbound interface. It also allows them to have the same internal address. NAT multiple-instance
operates as follows:
When an MPLS VPN host sends a packet to a public host, NAT replaces its private source IP address

and port number with a public IP address and port number, and records the NAT entry with the relevant

MPLS VPN information, such as the protocol type and router distinguisher (RD). When a response
packet arrives, the NAT gateway translates its public destination IP address and port number to the

private ones and sends it to the VPN host. Both NAT and NAPT support multiple-instance.
NAT also supports internal server multiple-instance to allow external users to access VPN hosts. For

example, in MPLS VPN 1, a Web server has a private address of 10.110.1.1. You can assign public IP
address 202.110.10.20 to the server on the NAT device so that Internet hosts can access it.
Moreover, NAT allows hosts in multiple MPLS VPNs to access each other using the MPLS VPN

information carried in the external IP address.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: