[c-nsp] CGN ISM N:1 ABF-Based Redundancy

Mohammad Khalil eng_mssk at hotmail.com
Mon Aug 22 06:44:50 EDT 2016 

Regarding the ABF redundancy , I have tested the configuration below yesterday , please find my comments and appreciate your help:

vrf INSIDE-1
 address-family ipv4 unicast

vrf INSIDE-1-BACKUP
 address-family ipv4 unicast

hw-module service cgn location 0/1/CPU0
hw-module service cgn location 0/2/CPU0

ipv4 access-list ISM_ABF
 10 permit ipv4 192.168.199.0/24 any nexthop1 vrf INSIDE-1 ipv4 9.9.9.2 nexthop2 vrf INSIDE-1-BACKUP ipv4 19.19.19.2
 20 permit ipv4 any any

interface GigabitEthernet0/0/0/9
 description Inside_Traffic
 ipv4 address 192.168.199.1 255.255.255.0
 ipv4 access-group ISM_ABF ingress

interface ServiceApp1
 vrf INSIDE-1
 ipv4 address 9.9.9.1 255.255.255.252
 service cgn cgn1 service-type nat44

interface ServiceApp2
 ipv4 address 10.10.10.1 255.255.255.252
 service cgn cgn1 service-type nat44

interface ServiceApp3
 vrf INSIDE-1-BACKUP
 ipv4 address 19.19.19.1 255.255.255.252
 service cgn cgn2 service-type nat44

interface ServiceApp4
 ipv4 address 20.20.20.1 255.255.255.252
 service cgn cgn2 service-type nat44

interface ServiceInfra1
 ipv4 address 10.89.89.1 255.255.255.0
 service-location 0/1/CPU0

interface ServiceInfra2
 ipv4 address 10.93.93.1 255.255.255.0
 service-location 0/2/CPU0

router static
 address-family ipv4 unicast
  0.0.0.0/0 172.66.66.65
  85.159.218.160/27 ServiceApp4
  85.159.218.192/27 ServiceApp2

 vrf INSIDE-1
  address-family ipv4 unicast
   0.0.0.0/0 ServiceApp1

 vrf INSIDE-1-BACKUP
  address-family ipv4 unicast
   0.0.0.0/0 ServiceApp3

service cgn cgn1
 service-location preferred-active 0/1/CPU0
 service-type nat44 nat1
  portlimit 4096
  alg ActiveFTP
  inside-vrf INSIDE-1
   map outsideServiceApp ServiceApp2 address-pool 85.159.218.192/27

  protocol udp
   session initial timeout 240
   session active timeout 600

  protocol tcp
   session initial timeout 240
   session active timeout 600

  protocol icmp
   timeout 60

  refresh-direction Outbound

service cgn cgn2
 service-location preferred-active 0/2/CPU0
 service-type nat44 nat2
  portlimit 4096
  alg ActiveFTP

  inside-vrf INSIDE-1-BACKUP
   map outsideServiceApp ServiceApp4 address-pool 85.159.218.160/27

  protocol udp
   session initial timeout 240
   session active timeout 600

  protocol tcp
   session initial timeout 240
   session active timeout 600

  protocol icmp
   timeout 60

  refresh-direction Outbound

The G0/0/0/9 interface is where the host is connected (incoming traffic) , I have removed the VRF binding from it and kept it in the global routing table but it did not work
When I bind the interface to VRF INSIDE-1 , it works with ABF applied
When I bind the interface to VRF INSIDE-1-BACKUP with ABF applied , it do not work , when I remove the ABF it works
As well , when the ABF applied , I can access the Internet , but there is no output in the show cgn nat44 nat1 statistics or show cgn nat44 nat2 statistics
What is wrong with the configuration I have done ? by the way , I have removed the VRF OUTSIDE because am using the outside serviceapp interface and the pool mapping under the service cgn configuration as you can see above



________________________________
From: Richard <rgolodner at infratection.com>
Sent: Wednesday, August 3, 2016 1:49 AM
To: Mohammad Khalil
Subject: Re: [c-nsp] CGN ISM N:1 ABF-Based Redundancy


Mohammad, just curious if your 3-G ACL statement is working as that was the only issue I saw in the forum. If the ASK-9 is the gateway, the ACL should be applied to the interface that TX's the 3-G.

Have you tested warm stand-by with moderate amounts of traffic and it was good? I would say you are ready to put it into production.

Let me ask though, is there one specific issue that you want looked at? I don't have any full configs as i give them to the customer and they give me a copy me if i need them.

If I can be of help, please let me know.

Sincerely, Richard

On 08/02/2016 02:27 AM, Mohammad Khalil wrote:
https://supportforums.cisco.com/document/11939006/cgv6-ism-cgnnat44-deployment-guide#comment-11519566

Thanks Richard

> Subject: Re: [c-nsp] CGN ISM N:1 ABF-Based Redundancy
> To: eng_mssk at hotmail.com<mailto:eng_mssk at hotmail.com>
> From: rgolodner at infratection.com<mailto:rgolodner at infratection.com>
> Date: Sun, 31 Jul 2016 15:46:26 -0500
>
> On 07/31/2016 03:26 AM, Mohammad Khalil wrote:
>
> > Hi Dears
> >
> > I am the process of deploying N:1 ABF-Based Redundancy for two ISM installed on the same chassis
> >
> > I have read the configuration notes in the below link:
> >
> > https://supportforums.cisco.com/document/11939006/cgv6-ism-cgnnat44-depl...
> >
> > I just want to know if anyone can share full configuration
> >
> > I have tested warm stand-by redundancy and it worked like a charm
> >
> > Thanks in advance
> >
> >
> > BR,
> >
> > Mohammad
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> >
> Mohammad, I did try to look at the support forum regarding
> configuration, but received a 404 error. Do you have another link?
> Sincerely, Richard Golodner

More information about the cisco-nsp mailing list