[j-nsp] NAT Redundancy on Juniper routers

Gökhan Gümüş ggumus at gmail.com
Mon Jan 10 08:01:36 EST 2011


Actually i am doing Static-Nat 1:1 :(

Rgds,
Gokhan

On Mon, Jan 10, 2011 at 1:55 PM, Alex <alex.arseniev at gmail.com> wrote:

>  Actually on a second thought I reckon You might be able to achieve
> physical-box NAT redundancy using static NAT and IP-ALG but:
> 1/ it is not scalable (static NAT is 1:1)
> 2/ I never tried this myself :-)
> Where the port translation is involved the sequence of events is as I
> described below.
> Rgds
> Alex
>
>
> ----- Original Message -----
> *From:* Gökhan Gümüş <ggumus at gmail.com>
> *To:* Alex <alex.arseniev at gmail.com>
> *Cc:* juniper-nsp at puck.nether.net
> *Sent:* Monday, January 10, 2011 12:46 PM
> *Subject:* Re: [j-nsp] NAT Redundancy on Juniper routers
>
> Hi Alex,
>
> Thanks for the response.
> So there is nothing i can do at this moment :(
>
> Regards,
> Gokhan
>
> On Mon, Jan 10, 2011 at 1:43 PM, Alex <alex.arseniev at gmail.com> wrote:
>
>> Hello Gokhan Gumus,
>> AFAIK this is not possible at the moment since flows are not shared
>> between MSDPCs even inside same MX box let alone different physical boxes.
>> So if R1 goes down the:
>> 1/ TCP flows need to reestablish starting from 3-way handshake
>> 2/ UDP flows with ALG need to reestablish starting from scratch (every ALG
>> has different procedures)
>> 3/ non-ALG UDP flows _can_ continue as if nothing happened depending on
>> protocol, e.g. p2p UDP flows will resume from last xferred piece
>> 4/ ICMP flows continue as if nothing happened
>> If you need physical-box-redundant NAT I'd suggest to use SRX cluster.
>> HTH
>> Rgds
>> Alex
>>
>> ----- Original Message ----- From: "Gökhan Gümüs" <ggumus at gmail.com>
>> To: <juniper-nsp at puck.nether.net>
>> Sent: Monday, January 10, 2011 12:15 PM
>> Subject: [j-nsp] NAT Redundancy on Juniper routers
>>
>>
>>   Hi all,
>>>
>>> I am trying to achieve redundancy on Juniper routers while performing
>>> NAT.
>>>
>>> I have two Juniper MX960 router on the backbone with VRRP setup.I am
>>> configuring NAT on R1 successfull.Same NAT rules are existing on the
>>> other
>>> router but on R2,static route which is pointing sp interface is
>>> deactivated.Is there anyway to achieve automatic failover capability on
>>> NAT?In other words if something happened on R1, can R2 handle all NAT
>>> process without doing anything?
>>>
>>> Kind regards,
>>> Gokhan Gumus
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>>>
>>
>


More information about the juniper-nsp mailing list