[c-nsp] ASR9006 - CG NAT - VSM-500

Aaron aaron1 at gvtc.com
Tue Dec 15 15:30:37 EST 2015 

Is there a way to get output for outside global addresses ?   I would like to do this so I could backtrack what translations relate to my inside ip’s, etc ?

 

I mean I would like to look for outside global destinations but I don’t know a command to type that would list all the outside global addresses or specific outside global address.  Like in the output below, how would I type a command to look only for entries relating to 11.22.33.44 ?

 

(maybe this is what logging is for ! … but would be nice to know if the IOS XR or CGN cli has something for this)

 

RP/0/RSP0/CPU0:eng-lab-9k-1#sh cgn nat44 nat1 session protocol tcp inside-vrf six inside-address 10.144.0.11 port 50430

Tue Dec 15 14:24:11.878 CST

------------------------------------------------------

NAT44 instance : nat1

------------------------------------------------------

Outside Address     : 99.88.77.66

Outside Port        : 2762

Translation Type    : dynamic

Protocol            : tcp

------------------------------------------------------

  Destination Address       Destination Port

------------------------------------------------------

  11.22.33.44             20480

 

 

 

Aaron

 

 

 

 

 

 

 

 

 

From: Pshem Kowalczyk [mailto:pshem.k at gmail.com] 
Sent: Friday, November 06, 2015 3:18 PM
To: Aaron; cisco-nsp at puck.nether.net; Aftab Siddiqui; quinn snyder
Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500

 

Hi,

 

We use them inside our PEs (so it's MPLS in, MPLS out). The thing is those cards are effectively completely independent from the IOS XR setup (they run their own linux (in case of VSM on top of KVM)). The 9K forwards pure IP packets towards them (the interfaces of that card are visible in the config as ServiceAppX and ServiceAppX+1) and receives pure IP packets, so the card is an internal 'CE'.

 

kind regards

Pshem

 

 

On Sat, 7 Nov 2015 at 05:43 Aaron <aaron1 at gvtc.com> wrote:

Q/Pshem/Aftab, et al,

I think what I'm asking is that I want to ensure that I can do something that I guess would be termed PE-CGN... borrowing and combining the terms CGN (ios xr term I guess) and PE NAT (vrf aware, ios term I guess).  PE-CGN I guess meaning CGN integration with MPLS L3VPN

So basically, I would want my asr9k mpls pe which is sitting on my internet boundary (mpls side is inside towards *my* mpls cloud) to house the vsm cgn module and do nat there.  So I think I would be disposing of labels hopefully before the nat inside of vsm, and in the reverse direction, imposing labels after the nat inside of the vsm

Aaron


-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aaron
Sent: Thursday, November 05, 2015 9:28 PM
To: 'Pshem Kowalczyk'; cisco-nsp at puck.nether.net; 'Aftab Siddiqui'
Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500

Thanks Pshem and Aftab, I will be glad to share my findings later with you all and the community.



Aftab, I looked over your notes and I see you show 3 examples…

1 – vrf inside and default/core vrf outside

2 – vrf inside and vrf outside

3 – ABF (acl based forwarding)



But please tell me how you think my scenario would be config’d.  My scenario is mpls default/core vrf inside, and vrf outside.  I’m guessing that it’s the opposite of your example #1, but just wanted to ask you what you think.



Aaron





From: Pshem Kowalczyk [mailto:pshem.k at gmail.com]
Sent: Thursday, November 05, 2015 7:58 PM
To: Aaron; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500



Hi,



We use the previous non-virtualised cards (ISM-100) in our 9Ks. The experience has been generally positive. The configuration is quite simple and the cards work well.

Do spend some time analysing various limitations of the card (pool sizes, throughput per ServiceApp pair, allowed bulk allocation sizes (if you plan on bulk allocation)).



I'm interested in knowing the results of your tests, as we're told by the BU that if we want more throughput we'll have to go to VSM anyway.



kind regards

Pshem





On Fri, 6 Nov 2015 at 06:24 Aaron <aaron1 at gvtc.com> wrote:

Hi Group,



I'm going to test Nat on my ASR9006 in my lab using the RSP440-TR and the VSM-500.



Looking for any links to information or experience you all might have on how to get going on this.



I'm looking for this to be implemented at my internet boundary ASR9k so I will test it like that in the lab.



My asr9k at my internet boundary is the PE Edge of my mpls l3vpn's internal to my network, so the nat would need to work like that.  The asr9k internet connection is PE-CE bgp, native ip connection put into my internet vrf for my internal customer vrf.  Same vrf.



Aaron



_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list