Configuring SyncIQ source and target clusters with NAT
Source and target clusters can use NAT (network address translation) for SyncIQ failover and failback purposes, but must be configured appropriately.
In this scenario, source and target clusters are typically at different physical locations, use private, non-routable address space, and do not have direct connections to the Internet. Each cluster is typically assigned a range of private IP addresses. For example, a cluster with 12 nodes might be assigned IP addresses 192.168.10.11 to 192.168.10.22.
To communicate over the public Internet, source and target clusters must have all incoming and outgoing data packets that are appropriately translated and redirected by a NAT-enabled firewall or router.
CAUTION:SyncIQ data is not encrypted by default. Running SyncIQ jobs over the public Internet provides no protection against data theft.
SyncIQ enables you to limit replication jobs to particular nodes within your cluster. For example, if your cluster was made up of 12 nodes, you could limit replication jobs to only three of those nodes. For NAT support, you must establish a one-for-one association between the source and target clusters. So, if you are limiting replication jobs to three nodes on your source cluster, you must associate three nodes on your target cluster.
In this instance, you must configure static NAT, sometimes known as inbound mapping. On both the source and target clusters, for the private address that is assigned to each node, you would associate a static NAT address. For example:
Table 1. Source and Target ClustersThe following table displays information about configuring source and target clusters.
Source cluster
Target Cluster
Node name
Private address
NAT address
Node name
Private address
NAT address
source-1
192.168.10.11
10.8.8.201
target-1
192.168.55.101
10.1.2.11
source-2
192.168.10.12
10.8.8.202
target-2
192.168.55.102
10.1.2.12
source-3
192.168.10.13
10.8.8.203
target-3
192.168.55.103
10.1.2.13
To configure static NAT, you must edit the
/etc/local/hosts file on all six nodes, and associate them with their counterparts by adding the appropriate NAT address and node name. For example, in the
/etc/local/hosts file on the three nodes of the source cluster, the entries would look like:
Similarly, on the three nodes of the target cluster, edit the
/etc/local/hosts file, and insert the NAT address and name of the associated node on the source cluster. For example, on the three nodes of the target cluster, the entries would look like:
When the NAT server receives packets of SyncIQ data from a node on the source cluster, the NAT server replaces the packet headers and the node port number and internal IP address with the NAT server's own port number and external IP address. The NAT server on the source network then sends the packets through the Internet to the target network, where another NAT server performs a similar process to transmit the data to the target node. The process is reversed when the data fails back.
With this type of configuration, SyncIQ can determine the correct addresses to connect with, so that SyncIQ can send and receive data. In this scenario, no SmartConnect zone configuration is required.
For information about the ports used by SyncIQ, see the
OneFS Security Configuration Guide for your OneFS version.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\