[c-nsp] asymmetric multihoming & nat

Max Pierson nmaxpierson at gmail.com
Fri Jan 21 17:44:18 EST 2011 

How are the pools configured?? Are they mapped to different public's
(prefix's from each of you)?? Or is it common subnet??

Obviously, if they're NAT'd to different prefixes (a prefix to each pool),
this is likely the problem. What goes out to provider (a) must come back in
provider (a) as it is NAT'd with uniqueness and the (b) path won't know what
do with (a)'s addressing. (More crazy NAT'ing foo would fix the issue,
question is do you wanna keep going down that road)???

If they do have just one prefix (let's just use a /24 to keep it simple), no
amount of asymmetrical traffic _should_ be broken by NAT unless it is
mis-configured. If this is the case, your problem probably lies elsewhere.

Max

On Fri, Jan 21, 2011 at 3:09 PM, Adam Greene <maillist at webjogger.net> wrote:

> Hi guys,
>
> I have a multihomed customer who receives full BGP routes from both us and
> another provider and load balances between the two connections. Things are
> working fine until the traffic becomes asymmetric (i.e. inbound through one
> provider, outbound through the other).
>
> The block they are announcing to their providers is NATed on their BGP
> router. In other words, all their internal hosts are on private IP space.
> The internal interface is designated "ip nat inside" and both WAN interfaces
> are designated "ip nat outside". The actual NAT configurations do not
> reference any interfaces, just pools.
>
> Could the NAT be prohibiting asymmetric traffic in this case? i.e. if the
> inbound traffic is NATed coming in on one interface, will the router refuse
> to NAT the outbound traffic through the other interface?
>
> If the NAT is the problem, I suppose they could do the NAT on a loopback
> interface instead ... but I understand that the traffic will all be
> process-switched if we do that, and performance will probably suffer.
>
> Thanks for your insight,
> Adam
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list