[c-nsp] BGP and NAT

Mark Tinka mtinka at africaonline.co.zw
Thu Feb 2 08:03:38 EST 2006

On Thursday 02 February 2006 14:42, Richard Mikisa wrote:

> That yes, plus another public IP from my own block that
> I have on my source-update interface. Using the one-to
> -one nat option on my pix, I was able to send a pure
> public ip through my natted network down to the IX

So if I undertsand you correctly, you are merely using an 
IP address from your public pool as an 'update-source' 
for your BGP updates at the local exchange point?

Why wouldn't you use the exchange-point-assigned IP 
address, as that goes on your Ethernet interface and it's 
point-to-point eBGP anyway?

> I mean that the peering at the IX is alright  and the
> received routes are actually delivered to my network
> and my advertised prefixes are received by my peers.

Let me understand this, what networks are you announcing 
to the exchange point, the RFC 1918 space, or are you 
announcing public IP address space as well.

So you are receiving networks from your peers, carrying 
those over the iBGP link to Router A, which the gateway 
for your network - that's pretty standard.

> but, my then won't there traffic come my way. I am not
> blocking the RFC 1918 space.

Because IP connectivity is a client-server process; you 
ask, they send.

You might not be blocking RFC 1918 space, but if they are, 
traffic from them to your network will be caught by their 
ACL's. Or, if they have prefix lists on their exchange 
point peering routers that block RFC 1918 space from 
being received in BGP update messages, they'll, 
technically, never see your network(s).

This is what I have for you, is this right:

Router A <--iBGP--> Router B <--eBGP> IXP
* Your backbone running on *
*           *
*                          *


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 827 bytes
Desc: not available
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20060202/d9bd3f5c/attachment.bin

More information about the cisco-nsp mailing list