[c-nsp] BGP and NAT
Mark Tinka
mtinka at africaonline.co.zw
Thu Feb 2 07:25:34 EST 2006
On Thursday 02 February 2006 14:08, Richard Mikisa wrote:
> Hi all,
Hi Richard.
> I have two router A and B running BGP. A is connected
> to my general network which is natted and runs off the
> 192.168.0.0/24 block and B is connected to an IX. Using
> the one-to -one Nat on the PIX, I have the router at
> the IX (B) running on a public IP address.
I assume you mean the exchange point fabric IP address
space the exchange point management assigned to you.
> Router A
> however which has an iBGP session with B has a
> 192.168.0.7 ip.
And I assume Router B has a similar 192.168.0.x IP address
for the iBGP session to form, or similar?
> With all the BGP configured, I have
> everythig working 'alright'.. as in i get the router at
> the IX to peer with the other routers. It then sends
> those routes...
You mean the 192.168.0.0/24 network?
> to my router A. Upto that point,
> everything seems fine. Trouble is I can't pass traffic.
> The routing is fine. Traceroutes for the Natted network
> get to the IX router and then,nothing. Traceroutes for
> my peer partners also die at my IX router and die.e I
> am thinking it's the NAT. Question is, is there away
> around it?
Hmmh, if Router B is receiving the RFC1918 space from
Router A, and you can pass traffic beyond it, the
quickest thing that comes to mind is your peers are
blocking RFC1918 from being routed within their network
(their exchange point routers include).
Either they have a prefix list blocking RFC1918 space
and/or have an ACL on their network interfaces blocking
the same.
You might need to involve your eBGP neighbors.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20060202/3dc092ba/attachment.bin
More information about the cisco-nsp
mailing list