Objective 6.3 – Configure and manage DHCP-DNS-NAT

Principles

  • Understand proper use and addition of a DHCP IP Pool
  • Enable a DHCP IP pool
  • Determine use and proper implementation of DNS services
  • Determine when and how to configure Source NAT
  • Determine when and how to configure Destination NAT
  • Given a scenario, compare and contrast proper DHCP uses

References

  1. NSX Administration Guide

http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_admin.pdf

  1. NSX Command Line Interface Reference

http://pubs.vmware.com/NSX-62/topic/com.vmware.ICbase/PDF/nsx_62_cli.pdf

Understand proper use and addition of a DHCP IP Pool

  • Supports IP Address pooling
  • 1:1 static IP Address assignment
    • Can be bound to VM vNIC Index or MAC Address
  • Provides:
    • IP Address
    • Default Gateway (=IP of Internal Interface bound to DHCP Pool)
    • DNS Servers
    • DNS Search Domains
  • DHCP Relay supported as of version 6.1
    • Configure on DLRs

Enable a DHCP IP pool

NSX Edge -> Manage -> DHCP

Pool Configuration

Configuration Parameters:

  • Start/End IP
  • Domain Name
  • DNS Name Servers
  • Default Gateway
  • Subnet Mask
  • Lease never expires

Advanced Options:

  • Next Server: Next boot TFTP server: used by PXE boot or BootP
  • TFTP Server Name: IP Address or FQDN for client to download file specified in “Bootfile name” option
  • TFTP Server Addresses: List of TFTP Server IPs
  • Bootfile name: Filename to be downloaded (match with file specified in TFTP Server Name)
  • Interface MTU: 1 per Pool and Static Binding
  • Classless Static Route: Multiple routes with to same destination are permitted

Determine use and proper implementation of DNS services

NSX Edge -> Manage -> DNS

  • Configure external DNS servers on an ESG
  • ESG forwards DNS requests from clients to external servers
  • ESG can cache response it receives from external DNS servers

Determine when and how to configure Source NAT

NSX Edge -> Manager -> NAT

  • SNAT used to translate source address from Public IP to Private or vice versa
  • e.g. SNAT used northbound from a home broadband router towards the Internet

Parameter Values
Applied On Interface or any
Protocol Protocol or any
Original Source IP/Range (Mandatory) IP, range, subnet or any
Original Source Port/Range Port, any
Destination IP/Range IP, range, subnet or any
Destination Port/Range Port, any
Translated Source IP/Range (Mandatory) IP, range, subnet, any

Example: Translate 192.168.2.100-110 -> 172.16.5.100-110

Determine when and how to configure Destination NAT

NSX Edge -> Manager -> NAT

  • DNAT Used to translate the destination address from Public to Private or vice versa
  • e.g. translate incoming requests to public IP to private Load Balancer IP to private address

Parameter Values
Applied On Interface or any
Protocol Protocol or any
Original Source IP/Range IP, range, subnet or any
Original Source Port/Range Port, any
Original Destination IP/Range (Mandatory) IP, range, subnet or any
Original Destination Port/Range Port, any
Translated IP/Range IP, range, subnet, any
Translated Port/Range (Mandatory) Port, any

Example: Translate 172.16.10.100-120 -> 192.168.25.100-120

Given a scenario, compare and contrast proper DHCP uses

  • Use DHCP Pools when VMs are connected directly to an NSX Edge
  • Use Static Bindings for permanent MAC/vNIC leases
  • Use DLR DHCP Relay to make use of existing DHCP servers