NaaS ToCP Integration Inbound PAT
Marketing Roadmap version 2
NaaS Inbound PAT basic
NaaS Configuration flow
NaaS PAT Pool
NaaS Use Case 1
Use Case 1
NaaS Use Case 2
Backup Materials
Know Bugs

NaaS ToCP Integration Inbound PAT

1. NaaS ToCP Integration Inbound PAT

Pauline Halsey
Chief Technology Office
Aug 15th 2016

2. Marketing Roadmap version 2

Pilot – Jul 2016
MVP – Oct 2016
CPE Offering
100M VPN throughput
Proactively Managed Services
NaaS Managed Internet
Static IP (provided by underlay)
NAT
IPSec L3VPN
Mesh
L3 VPN with Internet Offload
SD-WAN
NaaS as backup link on 3rd party
MPLS
Security
Basic ACL firewall
Resiliency
Dual Wireline uplinks (active/standby)
6 port CPE (2 WAN, 4 LAN)
Public WiFi (Swift)
CPE Offering
NaaS Managed Internet
Port Forwarding
IPSec L3VPN
Hub and Spoke
Multi-VRF VPN
SD-WAN
NaaS for Internet Offload for
MPLS customers
Stateful TCP firewall
QoE
Up to 1G VPN throughput
Security Value-Added Service
Cloud UTM: anti-virus, URL filtering,
IDS/IPS
QoE
Application Discovery, Grouping
Application Group QoE levels
Resiliency
Dual CPE
Application-based Path Selection
(Active/Active), dynamic
Flow based QoE
Reporting
Resiliency
On Premise Capabilities
Proactively Managed Services
Security
Commercial Rel 1 – Jan 2017
Service-Level analytics
LTE Backup (Active/Standby)
Dual Wireline uplinks with Flow-Based
Path Selection (Active/Active), based
on customer policy
Reporting
Service-Level analytics
Reporting
Uptime Reporting
TELUS | TELUS Confidential
2

3. NaaS Inbound PAT basic

Feature summary
Available only for NaaS BI
Allow Customer to offer inbound service
WAN IP must be Public IP
Customer use 3rd Party DDNS
for WAN failover
NIC
10.1.9.104
Address
Pool2
NIC
10.3.27.104
Customer must know WAN IP
to configure PAT Pool
Address
Pool1
192.168.1.100
NIC
ovs
Customer need to change pool
when WAN IP changes.
192.168.1.101
LAN side
TELUS | TELUS Confidential
WAN side
3

4. NaaS Configuration flow

Configure
PAT
Provide Port
Map details
External/
internal IP/
ports
Create PATNAT
pools
Create PATNAT
entries
Select NSG
Port to attach
PATNAT pool
Associate the
Address Pool
to the NSG
PATNAT pool
Conf completed
TELUS | TELUS Confidential
4

5. NaaS PAT Pool

PATNAT pool
Defined in platform level.
Name must be unique.
Suugested format can be
<Cust-Name>-<nsg-name>port<ID>
Assign First/Last and default
IP.
PATNAT address maps
Map outside to inside IP
and port.
Port map for both
TCP/UDP.
Can map public IP to
multiple internal IPs
TELUS | TELUS Confidential
5

6. NaaS Use Case 1

Create PATNAT Pool for customer
v4_0/patnatpools
Internal
Server IP
192.168.1.100
192.168.1.101
192.168.1.101
192.168.1.100
192.168.1.101
192.168.1.101
# POST
{
"addressRange": null,
"defaultPATIP": "10.1.9.104",
"associatedGatewayType": null,
"associatedGatewayId": null,
Internal
Port
80
21
143
80
21
143
External
Port
8080
21
143
8080
21
143
WAN uplink
IP
10.1.9.104
10.1.9.104
10.1.9.104
10.3.27.104
10.3.27.104
10.3.27.104
Uplink
Port
1
1
1
2
2
2
"associatedVlanId": null,
"dynamicSourceEnabled": false,
"startSourceAddress": null,
"endSourceAddress": null,
"associatedSubnetId": null,
Create PATNAT address map
v4_0/patnatpools/{ID}/addressmaps
return from PATNAT Pool creation.
{
"name": "Cust-1-nsg1-port1",
"description": "PAT Pool Cust-1-nsg1-port1",
"privateIP": "192.168.1.101",
"startAddressRange": "10.1.9.104",
"publicIP": "10.1.9.104",
"endAddressRange": "10.1.9.104",
"privatePort": 8080,
"permittedAction": "ALL",
"publicPort": 8080,
"IPType": "IPV4"
}
# POST {ID} is the ID
"type": "MANY_TO_ONE_PAT"
# possible Types ONE_TO_ONE_NAT,
ONE_TO_MANY_PAT, MANY_TO_ONE_PAT, UNKNOWN,
}
TELUS | TELUS Confidential
6

7. Use Case 1

Assign the PATNAT pool to Enterprise NaaS
v4_0/patnatpools/{ID}/enterprisepermissions
# POST {ID} is the ID return from PATNAT Pool creation.
{
"permittedEntityID": "{ID}", # {ID} of the organization “NaaS”
"permittedAction": "USE"
}
Associate PATNAT Pool to NSG WAN port vlan 0
Vlan ID 0 = {ID}
API to update the patnat pool to associate with NSG.
v4_0/v4_0/patnatpools/{id}
! Put
{ID} is the ID of patnat pool created in step 1.
{
"associatedGatewayType": "NSGATEWAY",
"associatedGatewayId": "{ID}",
! {ID} is NSGateway ID.
"associatedVlanId": "{ID}"
}
Repeat for patnat pool 2.
TELUS | TELUS Confidential
7

8. NaaS Use Case 2

Update PATNAT pool after IP change
Remove port vlan0 association
Internal
Server IP
API to update the patnat pool to associate with NSG.
192.168.1.100
v4_0/v4_0/patnatpools/{id}?responseChoice=1
! Put {ID}
is the ID
192.168.1.101
1.
192.168.1.101
Internal
External
WAN uplink Uplink
Port
Port
IP
Port
80
8080
10.1.9.109
1
of
patnat
pool
associated
with
uplink
21
21
10.1.9.109
1 port
143
143
10.1.9.109
1
{
"associatedGatewayType": null,
"associatedGatewayId": null,
"associatedVlanId": null
}
Delete PATNAT Pool
v4_0/v4_0/patnatpools/{id}
! Delete
{
}
Recreate PATNAT Pool and address map
Associate with port+vlan 0 again
TELUS | TELUS Confidential
8

9. Backup Materials

10. Know Bugs

There is no IP checking whether the PATNAT Pool public IP match the WAN port IP address.
Hence the customer may attach wrong PATNAT Pool to the NSG port.
TELUS | TELUS Confidential
10
English     Русский Правила