[c-nsp] VRF-Aware NAT in ASR1k
Matthew Melbourne
matt at melbourne.org.uk
Sat Aug 7 11:22:07 EDT 2010
So, are you doing something like:
interface vasileft1
vrf forwarding MGMT
...
interface vasiright1
vrf forwarding CUST-1
...
interface vasileft2
vrf forwarding MGMT
...
interface vasiright2
vrf forwarding CUST-2
...
Do you have to perform NAT using NVI between VRFs. The limitation here may
be that ~500 pairs may not be enough.
The only other option I can see is to NAT the hosts within the Customer VRFs
into the global table and provide some upstream firewalling for external
connectivity?
Cheers,
Matt
________________________________________
From: Derick Winkworth [mailto:dwinkworth at att.net]
Sent: 07 August 2010 15:53
To: Matthew Melbourne; Neil Fenemor
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] VRF-Aware NAT in ASR1k
I believe the limit is 500 *pairs* of interfaces...
We are using the ASR too for this exact thing.
________________________________________
From: Matthew Melbourne <matt at melbourne.org.uk>
To: Neil Fenemor <Neil.Fenemor at fx.net.nz>
Cc: cisco-nsp at puck.nether.net
Sent: Sat, August 7, 2010 9:04:37 AM
Subject: Re: [c-nsp] VRF-Aware NAT in ASR1k
Yes, I saw VASI Enhancements Phase I in the latest ASR 3.1S release notes.
There is a limit of 500 VASI interfaces which may be an issue for multiple
customer VRFs. Basically, the requirement is to NAT hosts within hosted
customer private networks (VRFs) to another private range which makes them
available and routable from our management systems, and additionally
provides limited Internet access to update servers, etc.
-----Original Message-----
From: Neil Fenemor [mailto:Neil.Fenemor at fx.net.nz]
Sent: 07 August 2010 02:55
To: Matthew Melbourne
Subject: Re: [c-nsp] VRF-Aware NAT in ASR1k
Hi Matthew,
Have you looked at VASI at all? It's a reasonably recent addition to the
ASR1k codebase, but does some interesting things.
Cheers,
neil
On 6/08/2010, at 8:52 PM, Matthew Melbourne wrote:
> Hi,
>
> Is it possible to implement VRF-Aware NAT on the ASR1k, specifically
> NAT between two different VRFs? Ideally, I have a requirement to NAT
> between customers' VRFs and a management VRF and from customers' VRFs
> to the global table (for limited Internet access).
>
> Cheers,
>
> Matt
>
> --
> Matthew Melbourne
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Neil Fenemor
Señor Network Engineer
FX Networks
(m) 021 978 078
(e) neil.fenemor at fx.net.nz
(w) http://www.fx.net.nz/
(p) 04 498 9565
(f) 04 498 9649
Level 3
FX Networks House
138 The Terrace
Wellington
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.851 / Virus Database: 271.1.1/3056 - Release Date: 08/07/10
07:28:00
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.851 / Virus Database: 271.1.1/3056 - Release Date: 08/07/10
07:28:00
More information about the cisco-nsp
mailing list