Network Address Translation (NAT) enables compute nodes that do not contain external devices to have external network access.
Packets from compute nodes that are destined for the external network are sent to a NAT server, which rewrites the source address of the packet to make it look as if the NAT server sent the packet.
If a NAT server fails, the compute nodes using the NAT server need a way to continue sending packets on the external network while the original NAT server is unavailable. The means by which NAT functions differs depending on whether or not improved availability is in effect.
Improved Availability Is in Effect
Nodes in an availability set, that are assigned with the external role, are eligible to be NAT servers. The availability set is defined during installation.
Each NAT client connects to a NAT server through a virtual IP address.
If a NAT server fails, the availability tool reassigns its virtual IP address to another node in the nat availability set, and the nat service continues.
Figure 9-1 shows two nodes, n5 and n6 that belong to an availability set. Before failover, node n2, a NAT client, accesses the nat service on node n5 through the virtual IP address. After failover, the virtual IP address is reassigned to node n6, which now provides the nat service for node n5 clients as well as to all the other nodes it serves.
Improved Availability Is Not in Effect
You establish the external role assignment when you configure the HP XC system using the cluster_config utility.
When nodes are configured as NAT clients, the default gateways are established. By default, each NAT client has a single gateway. If a NAT server fails, however, the NAT client loses connectivity.
You can configure a system for multiple gateways to lessen the possibility of loss of connectivity, but the system may have performance problems. External access from NAT clients using UDP has been shown to work well, however. Use the following procedure to create a NAT client configuration with multiple default gateways.
Ensure that all available software patches for this release have been applied to the system.
Use the dbsysparams command to modify the value of NAT_GATEWAYS from single to multiple:
# /opt/hptc/sbin/dbsysparams "NAT_GATEWAYS"
NAT_GATEWAYS: single
# /opt/hptc/sbin/dbsysparams -s "NAT_GATEWAYS" "multiple" |
Use the dbsysparams command to verify the results:
# /opt/hptc/sbin/dbsysparams "NAT_GATEWAYS"
NAT_GATEWAYS: multiple |
Rerun the nconfig and cconfig commands to create the /etc/init.d/default_gateway file on each node so that the file contains multiple default gateway definitions:
# pdsh -a "service nconfig nconfigure"
# pdsh -a "service nconfig nrestart" |
When multiple NAT gateways are used, the NAT configuration code creates logical pairs of NAT servers from the usable NAT servers for the client as a way to coordinate clients and servers. During NAT client configuration, the /etc/init.d/default_gateway script is created on each NAT client. This script contains the calls to add the default gateways for the client; this is how the NAT client identifies which NAT server is assigned to it.
The following kernel values in the /etc/init.d/default_gateway script control how frequently the route table is rewritten and reevaluated:
sysctl net/ipv4/route/gc_timeout=10 > /dev/null
sysctl net/ipv4/route/secret_interval=10 > /dev/null |
Clients reevaluate their routes on a regular basis, balancing the usage between the NAT servers; thus, a particular client could be using either of the two NAT servers at any particular time. Use the traceroute command to determine which of the NAT servers configured in the /etc/init.d/default_gateway script serves a given client at a given time.
Printable version
