Manage NAT for virtual datacenters

Display NAT rules

When the Network Address Translation (NAT) integration is available in your environment, to display NAT IPs and NAT rules:

Go to Virtual datacenters → select virtual datacenter → Network → NAT

To display NAT rules for a VM:

Go to Virtual datacenters → select VM → go to VM control panel → select NAT

To manage or display NAT rules for a VM:

Go to Virtual datacenters → edit VM → Networks → NAT

Create a NAT rule for DNAT

To enable VMs outside your VDC to connect to a VM with a private IP address, after you obtain a NAT IP, create a destination NAT rule, which is also called a DNAT rule.

To create a DNAT rule:

Go to Virtual datacenters → Virtual appliances → edit VM
If your VM does not yet have an IP, go to Network → NICs and add a private IP
Go to Network → DNAT
Click the + add button on the top right-hand side of the tab
Enter the details of the DNAT rule
Unable to render {include} The included page could not be found.
Click Add
Save the VM

Create a NAT rule for SNAT

To send outgoing traffic through a NAT IP that is not the default one, add an additional SNAT rule with these steps:

To create an SNAT rule:

Go to Virtual datacenters → Virtual appliances → edit VM
If your VM does not yet have an IP, go to Network → NICs and add a private IP
Go to Network → SNAT
Click the + add button on the top right-hand side of the tab
Enter the addresses of the SNAT rule

Field Description
Original Select the IP that is attached to the VM
Translated (NAT IP)
Select the IP address for outgoing connections
Click Add
Save the VM

Use a NAT IP for a load balancer

To use a NAT IP address as a public IP address for a load balancer:

Use the virtual datacenter's NAT IP address or obtain an additional NAT IP address. See Obtain an additional NAT IP address for a virtual datacenter
Create the load balancer and select the NAT IP

The platform will automatically create a NAT rule to match the port mappings of the routing rule of the load balancer.

Obtain an additional NAT IP for your virtual datacenter

In addition to the NAT IP address assigned to the virtual datacenter, you can obtain NAT IP addresses for creating additional NAT rules.

To obtain an additional NAT IP address:

Go to Virtual datacenters → Network → NAT
Click the + add button on the top right-hand side of the screen
Select the NAT network and click Accept

The platform will reserve an IP address and allocate it to your virtual datacenter.

You can then use the NAT IP address as the public IP address for a load balancer or to provide access to a private IP address.

Limit NAT IP bandwidth for a VDC

You can use Quality of Service (QoS) traffic shaping parameters to limit the bandwidth for all the NSX NAT IPs in a virtual datacenter.

Privileges: Manage NAT bandwidth limit

When you create a virtual datacenter, the new "natbandwidthlimit" attribute is present but you must edit the virtual datacenter to enable it in the platform and in the NSX.

To edit the bandwidth limit and apply it in the NSX:

Select the virtual datacenter and go to Network → QoS

Click the pencil edit button

To enable the bandwidth limit in a specific direction, select the Enabled checkbox for that direction
Set QoS values for your virtual datacenter. Be sure to allow enough bandwidth to share between all the NAT IPs in the virtual datacenter.

Field	Description
Provider ID	Read only
Enabled	To enable traffic shaping in a specific direction, select this checkbox
Average	The average amount of bandwidth, in bits per second, that the virtual datacenter can use
Peak	The maximum bandwidth in bits per second that the virtual datacenter can use
Burst size	The amount of data that can be transmitted at the peak bandwidth rate in bytes. A burst bonus accumulates when traffic is below the Average value and this bandwidth can be used for bursts.

To register changes that were made outside the platform, save existing NAT bandwidth values. In the API, to register changes, send a POST request with the existing values.

Field	Description
Original	Select the IP that is attached to the VM
Translated (NAT IP)	Select the IP address for outgoing connections