Network Address Translation (NAT) enables servers, hosts, and consoles on different networks to communicate with each other across a common internal network. A NAT solution maps the private local address realm to a public address realm. These mappings can be static or dynamic.
NAT is becoming increasingly prevalent in Sun Management Center client environments. By using NAT, clients can make more efficient use of network addresses and, in some cases, provide secure access to external networks from sensitive internal environments.
The term Sun Management Center NAT host refers to any host that is running a Sun Management Center component (agent, server, or console) and that must communicate with other Sun Management Center components across a NAT environment.
Sun Management Center 4.0 assumes that the IP address and port of a managed node can be used to uniquely identify and access the managed node within a server context. Furthermore, the software assumes that the local IP address and port of a managed node are authoritative.
As a result of these assumptions, Sun Management Center makes extensive use of IP addresses in both its core operation and its management functionality. Specifically, network addresses are used in the following areas:
Communication (SNMP, RMI, Probe, MCP HTTP, ICMP)
Network entity discovery
Identifying server contexts
Identifying managed nodes, objects, and properties using SNMP URLs
Managing property contents, for example, the MIB-II module
Managed property table indices, for example, the MIB-II interfaces table
Generating localized USEC keys
Various console browsers and displays
In environments where Sun Management Center components operate across one or more NAT environments, the assumptions regarding the uniqueness and accessibility of the local IP addresses and ports of managed nodes break down. Furthermore, because administrators might be more familiar with the node's public IP address, the use of local IP addresses to identify managed nodes in a NAT environment might no longer be intuitive.
The private subnet 10.1.1.0 has one machine called Machine 1 that runs behind NAT 1, which uses 220.127.116.11, a translated IP address, for all communication from Machine 1 to hosts outside NAT 1. Communication from hosts outside NAT 1 to Machine 1 (18.104.22.168) are redirected to Machine 1 (10.1.1.1) by NAT 1.
A second private subnet (22.214.171.124) has one machine Machine 3 (126.96.36.199) and runs behind NAT 2, which uses 188.8.131.52 (a translated IP) for communication from Machine 3 to hosts outside NAT 2. Communication from hosts outside NAT 2 to Machine 3 (184.108.40.206) is redirected to 220.127.116.11 by NAT 2.