[c-nsp] BGP and NAT

Richard Mikisa rmikisa at gmail.com
Thu Feb 2 08:42:40 EST 2006 

On 2/2/06, Mark Tinka <mtinka at africaonline.co.zw> wrote:
> So if I undertsand you correctly, you are merely using an
> IP address from your public pool as an 'update-source'
> for your BGP updates at the local exchange point?

Not merely, it's fully routed and is totally accessible for the
external world. Blew a holein the NAT setup for it ..so to speak.

> Why wouldn't you use the exchange-point-assigned IP
> address, as that goes on your Ethernet interface and it's
> point-to-point eBGP anyway?

I am using it. That how I have the peer sessions with the other  guys going.

> > I mean that the peering at the IX is alright  and the
> > received routes are actually delivered to my network
> > and my advertised prefixes are received by my peers.
>
> Let me understand this, what networks are you announcing
> to the exchange point, the RFC 1918 space, or are you
> announcing public IP address space as well.

Only announcing Public space. The private  IP is on my  incoming
interface so as to set up my iBGP

> So you are receiving networks from your peers, carrying
> those over the iBGP link to Router A, which the gateway
> for your network - that's pretty standard.
>
> > but, my then won't there traffic come my way. I am not
> > blocking the RFC 1918 space.
>
> Because IP connectivity is a client-server process; you
> ask, they send.
> You might not be blocking RFC 1918 space, but if they are,
> traffic from them to your network will be caught by their
> ACL's. Or, if they have prefix lists on their exchange
> point peering routers that block RFC 1918 space from
> being received in BGP update messages, they'll,
> technically, never see your network(s).

Thought so myself, that why I use the Public IP int as the update source. :-(

> This is what I have for you, is this right:
>
>
> Router A <--iBGP--> Router B <--eBGP 192.168.0.0/24--> IXP
> ^^^
>  |
>  |
>  |
>  |
>  |
>  |
> vvv
> ****************************
> * Your backbone running on *
> * 192.168.0.0/24           *
> *                          *
> ****************************
 This is it ..





router A <--ibgp--> route B <--eBGP PUblic IP prefixes -> IXP
   |			|
   |			|
   |			|
   |			|
My network		|
(192.168.0.0/24)	|
			192 for the iBGP with A
			81.X.X.X on my update source (fully routed)
			195.X.X.X for the eth that connects to the IX

cheers
Richard

More information about the cisco-nsp mailing list