[c-nsp] BGP and NAT

Richard Mikisa rmikisa at gmail.com
Thu Feb 2 07:42:44 EST 2006

On 2/2/06, Mark Tinka <mtinka at africaonline.co.zw> wrote:
> On Thursday 02 February 2006 14:08, Richard Mikisa wrote:
> > Hi all,
> Hi Richard.
> > I have  two router A and B running BGP. A is connected
> > to my general network which is natted and runs off the
> > block and B is connected to an IX. Using
> > the one-to -one Nat on the PIX, I have the router at
> > the IX (B) running on a public IP address.
> I assume you mean the exchange point fabric IP address
> space the exchange point management assigned to you.

That yes, plus another public IP from my own block that I have on my
source-update interface. Using the one-to -one nat option on my pix, I was
able to send a pure public ip through my natted network down to the IX

> Router A
> > however which has an iBGP session with B has a
> > ip.
> And I assume Router B has a similar 192.168.0.x IP address
> for the iBGP session to form, or similar?

True .. only way the iBGP will come up.

> With all the BGP configured, I have
> > everythig working 'alright'.. as in i get the router at
> > the IX to peer with the other routers. It then sends
> > those routes...
> You mean the network?

I mean that the peering at the IX is alright  and the received routes are
actually delivered to my network and my advertised prefixes are received by
my peers.

> to my router A. Upto that point,
> > everything seems fine. Trouble is I can't pass traffic.
> > The routing is fine. Traceroutes for the Natted network
> > get to the IX router and then,nothing. Traceroutes for
> > my peer partners also die at my IX router and die.e I
> > am thinking it's the NAT. Question is, is there away
> > around it?
> Hmmh, if Router B is receiving the RFC1918 space from
> Router A, and you can pass traffic beyond it, the
> quickest thing that comes to mind is your peers are
> blocking RFC1918 from being routed within their network
> (their exchange point routers include).

but, my then won't there traffic come my way. I am not blocking the RFC 1918

Either they have a prefix list blocking RFC1918 space
> and/or have an ACL on their network interfaces blocking
> the same.
> You might need to involve your eBGP neighbors.
> Cheers,
> Mark.
> --

More information about the cisco-nsp mailing list