Static LAN + WAN with NAT (Basic SOHO Router Including DHCP and DNS Resolver)¶
Use Case¶
A typical use case for TNSR is a device that sits between a local area network (LAN) in an office or home and a wide area network (WAN) such as the Internet.
At a minimum, such a TNSR instance routes traffic between the LAN and the WAN. In many cases, it provides additional services that are useful for a LAN, including:
DHCP to provide hosts in the LAN with IP addresses.
DNS to respond to name resolution queries from hosts in the LAN
NAT (Network Address Translation), to map one public IPv4 address to internal (private) IP addresses assigned to hosts on the LAN.
See also
This document covers a basic configuration with static addressing. See Zero-to-Ping: Getting Started for a similar scenario with a dynamic (DHCP) WAN.
Example Scenario¶
This example configures TNSR with basic the basic functions mentioned earlier: DHCP, DNS, and NAT
Item |
Value |
|---|---|
Local PC |
DHCP: 172.16.1.100/24 |
TNSR Local Interface |
LAN (GigabitEthernet0/14/2) |
TNSR Local Address |
172.16.1.1/24 |
TNSR Internet Interface |
WAN (GigabitEthernet0/14/1) |
TNSR Internet Address |
203.0.113.2/24 |
Remote DNS |
8.8.8.8, 8.8.4.4 |
Basic SOHO Router Example¶
TNSR Configuration¶
Interface Names¶
This is an ideal time to set optional custom interface names since they are difficult to change later:
tnsr(config)# dataplane dpdk dev 0000:00:14.1 network name WAN
tnsr(config)# dataplane dpdk dev 0000:00:14.2 network name LAN
tnsr(config)# service dataplane restart
tnsr(config)# exit
Basic Connectivity¶
First, there is the basic interface configuration of TNSR to handle IP connectivity:
tnsr(config)# interface LAN
tnsr(config-interface)# ip address 172.16.1.1/24
tnsr(config-interface)# description Local
tnsr(config-interface)# enable
tnsr(config-interface)# exit
tnsr(config)# interface WAN
tnsr(config-interface)# ip address 203.0.113.2/24
tnsr(config-interface)# description Internet
tnsr(config-interface)# enable
tnsr(config-interface)# exit
DHCP¶
Next, configure the DHCP server and DHCP pool on TNSR:
tnsr(config)# dhcp4 server
tnsr(config-kea-dhcp4)# description LAN DHCP Server
tnsr(config-kea-dhcp4)# interface listen LAN
tnsr(config-kea-dhcp4)# lease lfc-interval 3600
tnsr(config-kea-dhcp4)# option domain-name
tnsr(config-kea-dhcp4-opt)# data example.com
tnsr(config-kea-dhcp4-opt)# exit
tnsr(config-kea-dhcp4)# subnet 172.16.1.0/24
tnsr(config-kea-subnet4)# id 1
tnsr(config-kea-subnet4)# pool 172.16.1.100-172.16.1.245
tnsr(config-kea-subnet4-pool)# exit
tnsr(config-kea-subnet4)# interface LAN
tnsr(config-kea-subnet4)# option domain-name-servers
tnsr(config-kea-subnet4-opt)# data 172.16.1.1
tnsr(config-kea-subnet4-opt)# exit
tnsr(config-kea-subnet4)# option routers
tnsr(config-kea-subnet4-opt)# data 172.16.1.1
tnsr(config-kea-subnet4-opt)# exit
tnsr(config-kea-dhcp4)# exit
tnsr(config)# dhcp4 enable
The above example configures example.com as the domain name supplied to all
clients. For the specific subnet in the example, the TNSR IP address inside the
subnet is supplied by DHCP as the default gateway for clients, and DHCP will
instruct clients to use the DNS Resolver daemon on TNSR at 172.16.1.1 for
DNS.
Outbound NAT¶
Now configure Outbound NAT:
tnsr(config)# vpf nat ruleset WAN-nat
tnsr(config-vpf-nat-ruleset)# description NAT for WAN
tnsr(config-vpf-nat-ruleset)# rule 1000
tnsr(config-vpf-nat-rule)# description NAT from LAN prefix
tnsr(config-vpf-nat-rule)# direction out
tnsr(config-vpf-nat-rule)# dynamic
tnsr(config-vpf-nat-rule)# algorithm ip-hash
tnsr(config-vpf-nat-rule)# from ipv4-prefix 172.16.1.0/24
tnsr(config-vpf-nat-rule)# nat-prefix 203.0.113.2/32
tnsr(config-vpf-nat-rule)# exit
tnsr(config-vpf-nat-ruleset)# exit
tnsr(config)# vpf options
tnsr(config-vpf-option)# interface WAN nat-ruleset WAN-nat
tnsr(config-vpf-option)# exit
tnsr(config)#
DNS Resolver¶
Finally, configure a DNS Resolver in forwarding mode:
tnsr# configure
tnsr(config)# unbound server
tnsr(config-unbound)# interface 127.0.0.1
tnsr(config-unbound)# interface 172.16.1.1
tnsr(config-unbound)# outgoing-interface 203.0.113.2
tnsr(config-unbound)# access-control 172.16.1.0/24 allow
tnsr(config-unbound)# forward-zone .
tnsr(config-unbound-fwd-zone)# nameserver address 8.8.8.8
tnsr(config-unbound-fwd-zone)# nameserver address 8.8.4.4
tnsr(config-unbound-fwd-zone)# exit
tnsr(config-unbound)# exit
tnsr(config)# unbound enable
This example enables the Unbound DNS service and configures it to listen on
localhost as well as 172.16.1.1 (LAN). It uses 203.0.113.2, which is
the example WAN interface address, for outgoing queries. The example also allows
clients inside that subnet, 172.16.1.0/24, to perform DNS queries and
receive responses. It will send all DNS queries to the upstream DNS servers
8.8.8.8 and 8.8.4.4.
Local PC Configuration¶
No configuration is necessary on the Local PC, it will pull all its required settings from DHCP.