Delphix server and NAT

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I have a Delphix VM with IP - A.A.A.A. It has a NAT IP - B.B.B.B. I have a environment which is C.C.C.C

When i try to configure the Environment into Delphix, I add the environment IP - C.C.C.C into the add environment dialog. The Delphix Engine is able to push the JRE and the Toolkit. When it tries to discover the applications and databases on the environment, it errors with the error message as unable to connect to the Delphix VM IP-A.A.A.A from host IP C.C.C.C. 

From the host , we can make a connection to the Delphix Engine only through the NAT IP of the delphix engine which is B.B.B.B

Can we set some manual configuration to allow the host to connect to the Delphix Engine through its NAT IP - B.B.B.B

Regards,
Charles
Photo of Charles Theophilus

Charles Theophilus

  • 524 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Michael Brown

Michael Brown

  • 1,540 Points 1k badge 2x thumb
Official Response
Charles,

Thank you for your question. The VDB mount scripts are generated with the mount-from address determined by the interface on the Delphix Engine that is closest to the target. Thus, only addresses that the Engine is aware of would be used, which rules out NAT. Typically, the Engine is in the same security domain as its targets, so NAT between them isn't an issue. There is currently no supported method to override this, but I have raised the issue with Engineering, requesting they add a configurable setting to allow use of the NAT address to mount VDBs. This will obviously not be a short-term solution for you.

If your target is Linux, or a *nix that has iptables installed, you can overcome the NAT issue using a DNAT (destination NAT) for outbound traffic from the target. A rule similar to this would work:
iptables -t nat -A PREROUTING -d 10.2.0.1 -j DNAT --no-destination 192.115.106.31
This instructs iptables to NAT the destination of outbound packets destined to 10.2.0.1 (substitute the actual address of the Delphix Engine here) to 192.115.106.31 (substitute the Engine's NAT address here) before putting the packets on the wire. This will add CPU load on the target and add latency to every packet transmitted, so performance will suffer, probably noticeably, but should at least allow VDB provisioning to succeed.

A better option may be the creation of a private network for the NFS traffic between Delphix Engine and its targets. The Engine does not route traffic, consequently can't bypass the security between production and non-production domains that the NAT is intended to maintain. 

Cheers,

Michael