[c-nsp] VASI fail on ASR...

[Derick Winkworth]

All:

Is anyone using VASI and NAT together on the ASR?

The VASI documentation that is publicly available (plus some other documentation 
you can through your SE) seems to indicate that VASI can enable services like 
NAT between VRFs.

However, the NAT part just isn't true.  As of right now, no version of XE 
supports VRFs configured on the NAT outside interface and NAT outside interfaces 
are not MPLS aware. This basically makes it impossible to use NAT with VASI. 
 You can't put "ip nat outside" on a VASI interface in a VRF (or any interface) 
and putting "ip nat inside" on the VASI interface is pointless because NAT is 
not MPLS aware on "outside" interfaces.

Previously I posted on this list (based on the documentation that I was 
provided) that the "match-in-vrf" keyword that is available on the 7200 is not 
needed on the ASR because supposedly this behavior was the default behavior of 
the ASR.  This is not true.  It is not the default behavior and "match-in-vrf" 
is not supported at all in XE.

Essentially you can only use VRF NAT in XE in the traditional NAT PE way with 
the NAT outside interface being in the main routing instance and NATing between 
a VRF and the main routing instance with all the restrictions that have always 
applied to this kind of NAT.



So.. I ask again is anyone actually using NAT with VASI on an ASR and what does 
that config look like?