[c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions
Ivan Pepelnjak
ip at ioshints.info
Sun Jan 24 14:19:34 EST 2010
> After the routing and egress changes, the router should be well aware
> that continued traffic no longer matches the
>
> ip nat inside source route-map ISPA Di1 overload
>
> and now matches the
>
> ip nat inside source route-map ISPB Di2 overload
>
> for a simplistic example.
>
> So the old translations are no longer valid with the new egress. They
> should be abandoned and new ones created.
Obviously the router does NOT check the "ip nat" rules if it gets a match in the NAT translation table. This behavior makes sense; if you'd change the NAT parameters of a live session, you'd lose the session anyway.
> And I would be quite happy clearing just the translations for the
> "wrong" global for all local inside translations, but syntax does not
> seem to allow that.
Write a Tcl script that does "show ip nat translations" and kills only the relevant ones ;)
Ivan Pepelnjak
blog.ioshints.info / www.ioshints.info
More information about the cisco-nsp
mailing list