13.4 How to implement NAT in NNMi
NNMi manages a NAT environment by identifying each node that uses a tenant/IP address pair. NNMi administrators create a tenant definition for each NAT address domain. The tenant identifies a logical grouping of nodes. For example, an Internet provider's network might have multiple customers who implemented private IP addresses. Within NNMi, the Internet provider can assign each customer's nodes to a specific tenant name that identifies the customer. Within such a logical tenant grouping:
NNMi administrators use discovery seeds to identify the tenant's member nodes on the basis of tenant/IP address pairs.
Subnet connection rules apply independently within each tenant's group of nodes.
Router redundancy groups are monitored within each tenant, independently from any other tenant's group of nodes.
NNMi discovers L2 Connections only within each tenant's group of nodes, and between that defined tenant's nodes and nodes assigned to a tenant named default tenant.
Assign any infrastructure device that interconnects multiple NAT domains (such as the NAT gateway router) to the default tenant. This ensures that NNMi displays the layer 2 connections your work group (and customers) needs to see.
Security groups determine how many tenants an NNMi user can see. An assigned security group can include nodes from more than one tenant. For details, see 14. NNMi Security and Multi-Tenancy.
- Note
A best practice is to have no duplicate domain name system (DNS) names across all NAT domains in your network management environment.
The NNMi implementation method and requirements vary depending on the NAT protocol you are using. For example, use of dynamic NAT or PAT requires additional hardware and licenses. See the appropriate section listed in the following based on your NAT protocol:
For details, see 13.6.6 Deploying NNMi in a network address translation (NAT) environment and 13.6.7 NNMi calculations for state and status.