NAT Support
CloudVision cluster can be deployed behind a network address translation (NAT) box in which a different public IP address is exposed towards devices streaming to the cluster. The devices can only reach the CloudVision cluster via the public NAT IP. Enabling the feature involves assigning the NAT public IP address to the nodes.
NAT Support Pre 2021.3.0
Add the interfaces/eth0/nat_ip_address parameter in the configuration while installing the cluster. The interface name can be Ethernet interface(eth0, eth1, eth2, ...). The internal IP addresses are assigned in the ip_address field (marked in bold).
node1:
default_route: 172.XX.XX.X
hostname: dummy.comNAT
interfaces:
eth0:
ip_address: 172.XX.XX.XXX
netmask: 255.XX.XX.XX
interfaces/eth0/nat_ip_address: 172.XX.XX.X (Public NAT IP)
node2:
default_route: 172.XX.XX.X
hostname: dummy.com
interfaces:
eth0:
ip_address: 172.XX.XX.XXX
netmask: 255.XX.XX.XX
interfaces/eth0/nat_ip_address: 172.XX.XX.X
node3:
default_route: 172.XX.XX.X
hostname: dummy.com
interfaces:
eth0:
ip_address: 172.XX.XX.XXX
netmask: 255.XX.XX.XX
interfaces/eth0/nat_ip_address: 172.XX.XX.XNAT Support Post 2021.3.0
Add interfaces/eth0/nat_ip_address parameter in the configuration while installing the cluster. The interface name can be Ethernet interface(eth0, eth1, eth2, ...). The internal Ip addresses are assigned in the ip_address field.
This can be configured via the CVP Shell using the NAT IP address prompt.
CVP Installation Menu
[root@localhost ~]# su cvpadmin
CVP Installation Menu
────────────────────────────────────────────
[q]uit [p]rint [s]inglenode [m]ultinode [r]eplace [u]pgrade
>s
Enter the configuration for CloudVision Portal and apply it when done.
Entries marked with '*' are required.
Common Configuration:
────────────────────────────────────────────
CloudVision Deployment Model [d]efault [w]ifi_analytics: d
DNS Server Addresses (IPv4 Only): 172.22.22.40
DNS Domain Search List: sjc.aristanetworks.com, ire.aristanetworks.com
Number of NTP Servers: 1
NTP Server Address (IPv4 or FQDN) #1: ntp.aristanetworks.com
Cluster Interface Name: eth0
Device Interface Name: eth0
CloudVision WiFi Enabled: no
*Enter a private IP range for the internal cluster network (overlay): 10.42.0.0/16
*FIPS mode: no
Node Configuration:
─────────────────────────────────────────────
*Hostname (FQDN): cvp80.sjc.aristanetworks.com
*IP Address of eth0: 172.31.0.168
*Netmask of eth0: 255.255.0.0
NAT IP Address of eth0:
*Default Gateway: 172.31.0.1
DNS Domain Search List:
Number of NTP Servers:
Number of static Routes:
TACACS Server IP Address:
Singlenode Configuration Menu
────────────────────────────────────────────
[q]uit [p]rint [e]dit [v]erify [s]ave [a]pply [h]elp ve[r]boseSinglenode Configuration Menu
Singlenode Configuration Menu
────────────────────────────────────────────
[q]uit [p]rint [e]dit [v]erify [s]ave [a]pply [h]elp ve[r]bose
>p
common:
cluster_interface: eth0
cv_wifi_enabled: 'no'
deployment_model: DEFAULT
device_interface: eth0
dns:
- 8.8.8.8Known Caveats
When CVP is behind NAT and some of their devices are in the same network as CVP and some outside, this feature may not work.
When both the device and the CVP cluster are inside the same NAT network, configuring TerminAttr (TA) on the devices to reach the cluster’s public NAT IP address may not work in all cases. (This will depend on how NAT is configured.)