[c-nsp] BGP and NAT

Richard Mikisa rmikisa at gmail.com
Thu Feb 2 07:42:44 EST 2006 

On 2/2/06, Mark Tinka <mtinka at africaonline.co.zw> wrote:
>
> On Thursday 02 February 2006 14:08, Richard Mikisa wrote:
> > Hi all,
>
> Hi Richard.
>
> > I have  two router A and B running BGP. A is connected
> > to my general network which is natted and runs off the
> > 192.168.0.0/24 block and B is connected to an IX. Using
> > the one-to -one Nat on the PIX, I have the router at
> > the IX (B) running on a public IP address.
>
> I assume you mean the exchange point fabric IP address
> space the exchange point management assigned to you.


That yes, plus another public IP from my own block that I have on my
source-update interface. Using the one-to -one nat option on my pix, I was
able to send a pure public ip through my natted network down to the IX

> Router A
> > however which has an iBGP session with B has a
> > 192.168.0.7 ip.
>
> And I assume Router B has a similar 192.168.0.x IP address
> for the iBGP session to form, or similar?


True .. only way the iBGP will come up.


> With all the BGP configured, I have
> > everythig working 'alright'.. as in i get the router at
> > the IX to peer with the other routers. It then sends
> > those routes...
>
> You mean the 192.168.0.0/24 network?


I mean that the peering at the IX is alright  and the received routes are
actually delivered to my network and my advertised prefixes are received by
my peers.

> to my router A. Upto that point,
> > everything seems fine. Trouble is I can't pass traffic.
> > The routing is fine. Traceroutes for the Natted network
> > get to the IX router and then,nothing. Traceroutes for
> > my peer partners also die at my IX router and die.e I
> > am thinking it's the NAT. Question is, is there away
> > around it?
>
> Hmmh, if Router B is receiving the RFC1918 space from
> Router A, and you can pass traffic beyond it, the
> quickest thing that comes to mind is your peers are
> blocking RFC1918 from being routed within their network
> (their exchange point routers include).


but, my then won't there traffic come my way. I am not blocking the RFC 1918
space.

Either they have a prefix list blocking RFC1918 space
> and/or have an ACL on their network interfaces blocking
> the same.
>
> You might need to involve your eBGP neighbors.
>
> Cheers,
>
> Mark.
>
>
> --
cheers
Richard

More information about the cisco-nsp mailing list