Mapping configuration

Port and device mappings are configured by leveraging node tags.

Configuration

As mentioned in PATty Tool Overview, you can add multiple PAT and device mappings by adding one or more node tags to a node.

For PAT wit TCP, simply add pat:<outside-port>:<inside-port> as a tag to a node of a lab. For example, pat:4201:22. Alternatively, an explicit pat:tcp:4201:22 also works.

Similar for UDP PAT: add pat:udp:<outside-port>:<inside-port> as a tag to a node of a lab. For example, pat:udp:4201:22. For UDP, the protocol must be specified.

For serial devices / console access, add serial:<outside-port>:<line-number> as a tag to a node of a lab. If the console / line 0 should be used, the line-number can be omitted. For example, serial:4001 for console access or serial:4001:1 for line number 1 which is typically the aux port on a router.

For VNC devices, add vnc:<outside-port> as a tag to a node of a lab. For example, vnc:4901. Note that there’s only one VNC device per node, at a maximum.

Note

Outside ports are constrained to the minimum and maximum port number configured for PATty. The defaults are 2000-7999. This can be changed via options passed to the PATty service.

PAT requirements

While device access works regardless of external IP exposure, PAT requires nodes to be “externally exposed”. The specific requirements are:

  • A node must have outside connectivity via an external connector.

  • This external connector must be configured to use the “NAT” bridge.

  • The node must have acquired an IPv4 address from the NAT bridge segment or must be configured to use a static IPv4 address on the NAT bridge network segment.

This typically means that the PATed node must be layer 2 connected to the NAT bridge:

  • External connector [NAT] -- Alpine node

  • External connector [NAT] -- Unmanaged switch -- Alpine node

  • External connector [NAT] -- IOSvL2 -- IOSvL2 -- Alpine node (assuming the switches are layer 2 and do not route)

  • External connector [Bridge] -- Alpine node (device is not seen by the IP snooper for the NAT bridge. Besides, PAT wouldn’t be needed anyway)

  • External connector [NAT] -- IOSv -- Alpine node (Alpine node does not acquire an IP on the NAT bridge)

  • Alpine node (Alpine node does not have any external connectivity)

Service Configuration

Configuration is mostly done in the environment file /etc/default/patty.env. Things to consider are:

  • Log level verbosity. Change to “info” if actual connections to devices should be shown, at the “warn” level, only adds and deletes to the rule set will be shown. And errors will be shown if there’s a port / rule conflict like duplicate ports or conflicting rules.

  • Poll interval. The default is one minute. However, if this is a personal installation, then turning this down to 10 or even 5 seconds should be fine. Changes in tags will be picked up faster, obviously.

  • Options. By default, VNC and serial access is OFF, for security reasons. To turn them on (either one or both), uncomment the line and edit the command line options (-vnc -serial for both or -vnc or -serial for only VNC or only serial, respectively).

The allowed port range is by default 2000-7999. This can be changed, if needed, by providing -portmin and -portmax options.

Service Enablement

The PATty service is disabled by default. If you require the functionality of PATty, you can easily enable and start the service through the System Administration Cockpit:

  1. Log into the System Administration Cockpit as the system administrator account. See Logging into the System Administration Cockpit.

  2. Navigate to the Services tab on the main menu.

  3. In the list of services, find virl2-patty and select it to view its status and controls.

  4. Use the “Start and Enable” switch to set the service to start on boot and to initiate the service immediately.

The service’s page will update to indicate a Status of Running. The service is now running and ready for use.