[c-nsp] ASR9006 - CG NAT - VSM-500

Fri Nov 6 16:17:38 EST 2015

Hi,

We use them inside our PEs (so it's MPLS in, MPLS out). The thing is those
cards are effectively completely independent from the IOS XR setup (they
run their own linux (in case of VSM on top of KVM)). The 9K forwards pure
IP packets towards them (the interfaces of that card are visible in the
config as ServiceAppX and ServiceAppX+1) and receives pure IP packets, so
the card is an internal 'CE'.

kind regards
Pshem

On Sat, 7 Nov 2015 at 05:43 Aaron <aaron1 at gvtc.com> wrote:

> Q/Pshem/Aftab, et al,
>
> I think what I'm asking is that I want to ensure that I can do something
> that I guess would be termed PE-CGN... borrowing and combining the terms
> CGN (ios xr term I guess) and PE NAT (vrf aware, ios term I guess).  PE-CGN
> I guess meaning CGN integration with MPLS L3VPN
>
> So basically, I would want my asr9k mpls pe which is sitting on my
> internet boundary (mpls side is inside towards *my* mpls cloud) to house
> the vsm cgn module and do nat there.  So I think I would be disposing of
> labels hopefully before the nat inside of vsm, and in the reverse
> direction, imposing labels after the nat inside of the vsm
>
> Aaron
>
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Aaron
> Sent: Thursday, November 05, 2015 9:28 PM
> To: 'Pshem Kowalczyk'; cisco-nsp at puck.nether.net; 'Aftab Siddiqui'
> Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500
>
> Thanks Pshem and Aftab, I will be glad to share my findings later with you
> all and the community.
>
>
>
> Aftab, I looked over your notes and I see you show 3 examples…
>
> 1 – vrf inside and default/core vrf outside
>
> 2 – vrf inside and vrf outside
>
> 3 – ABF (acl based forwarding)
>
>
>
> But please tell me how you think my scenario would be config’d.  My
> scenario is mpls default/core vrf inside, and vrf outside.  I’m guessing
> that it’s the opposite of your example #1, but just wanted to ask you what
> you think.
>
>
>
> Aaron
>
>
>
>
>
> From: Pshem Kowalczyk [mailto:pshem.k at gmail.com]
> Sent: Thursday, November 05, 2015 7:58 PM
> To: Aaron; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500
>
>
>
> Hi,
>
>
>
> We use the previous non-virtualised cards (ISM-100) in our 9Ks. The
> experience has been generally positive. The configuration is quite simple
> and the cards work well.
>
> Do spend some time analysing various limitations of the card (pool sizes,
> throughput per ServiceApp pair, allowed bulk allocation sizes (if you plan
> on bulk allocation)).
>
>
>
> I'm interested in knowing the results of your tests, as we're told by the
> BU that if we want more throughput we'll have to go to VSM anyway.
>
>
>
> kind regards
>
> Pshem
>
>
>
>
>
> On Fri, 6 Nov 2015 at 06:24 Aaron <aaron1 at gvtc.com> wrote:
>
> Hi Group,
>
>
>
> I'm going to test Nat on my ASR9006 in my lab using the RSP440-TR and the
> VSM-500.
>
>
>
> Looking for any links to information or experience you all might have on
> how to get going on this.
>
>
>
> I'm looking for this to be implemented at my internet boundary ASR9k so I
> will test it like that in the lab.
>
>
>
> My asr9k at my internet boundary is the PE Edge of my mpls l3vpn's
> internal to my network, so the nat would need to work like that.  The asr9k
> internet connection is PE-CE bgp, native ip connection put into my internet
> vrf for my internal customer vrf.  Same vrf.
>
>
>
> Aaron
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>