NAT Concepts

Network Address Translation (NAT) enables servers, hosts, and consoles on different networks to communicate with each other across a common internal network. A NAT solution maps the private local address realm to a public address realm. These mappings can be static or dynamic.

NAT is becoming increasingly prevalent in Sun Management Center client environments. By using NAT, clients can make more efficient use of network addresses and, in some cases, provide secure access to external networks from sensitive internal environments.

The term Sun Management Center NAT host refers to any host that is running a Sun Management Center component (agent, server, or console) and that must communicate with other Sun Management Center components across a NAT environment.

Use of IP Addresses With NAT

Sun Management Center 3.6.1 assumes that the IP address and port of a managed node can be used to uniquely identify and access the managed node within a server context. Furthermore, the software assumes that the local IP address and port of a managed node are authoritative.

As a result of these assumptions, Sun Management Center makes extensive use of IP addresses in both its core operation and its management functionality. Specifically, network addresses are used in the following areas:

• Communication (SNMP, RMI, Probe, MCP HTTP, ICMP)

• Network entity discovery

• Event management

• Identifying server contexts

• Identifying managed nodes, objects, and properties using SNMP URLs

• Managing property contents, for example, the MIB-II module

• Managed property table indices, for example, the MIB-II interfaces table

• Generating localized USEC keys

• Various console browsers and displays

In environments where Sun Management Center components operate across one or more NAT environments, the assumptions regarding the uniqueness and accessibility of the local IP addresses and ports of managed nodes break down. Furthermore, because administrators might be more familiar with the node's public IP address, the use of local IP addresses to identify managed nodes in a NAT environment might no longer be intuitive.

How NAT Works

The following figure illustrates how NAT works.

Figure D–1 Simple NAT Network Conceptual Diagram

The private subnet 10.1.1.0 has one machine called Machine 1 that runs behind NAT 1, which uses 129.146.63.100, a translated IP address, for all communication from Machine 1 to hosts outside NAT 1. Communication from hosts outside NAT 1 to Machine 1 (129.146.63.100) are redirected to Machine 1 (10.1.1.1) by NAT 1.

A second private subnet (100.1.1.1) has one machine Machine 3 (100.1.1.1) and runs behind NAT 2, which uses 129.146.63.101 (a translated IP) for communication from Machine 3 to hosts outside NAT 2. Communication from hosts outside NAT 2 to Machine 3 (129.146.63.101) is redirected to 100.1.1.1 by NAT 2.