[c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions
Joe Maimon
jmaimon at ttec.com
Sun Jan 24 11:06:21 EST 2010
Hey All,
So as is commonly talked about, I have seen a number of end user sites
with simple redundancy service using IOS routers.
Multiple lines, coulds be the same provider, could be different
providers, no dynamic routing, different source addresses, uRPF/SAV at
the provider(s) is to be presumed. CBAC IOS firewall is also in place.
All this with event object tracking with policy routing and nat based on
egress works just fine EXCEPT.
Long lived NAT sessions, especially the UDP ones dont seem to become
inactive when the egress changes.
So the VOIP handsets are out of service after either a failover or
failback. Obviously this is the visible problem symptom.
I have seen this for ICMP as well for continuous pings.
I have in place the workaround of using EEM with clear ip nat trans *
Is there some better way to approach it, other than using dynamic
routing and routable addresses to eliminate NAT?
c1700-adventerprisek9-mz.124-25b.bin
Thanks in advance. Any and all feedback is most welcome.
Best,
Joe
More information about the cisco-nsp
mailing list