[j-nsp] NAT Redundancy on Juniper routers
Derick Winkworth
dwinkworth at att.net
Mon Jan 10 09:46:21 EST 2011
Keep in mind that if you haven't already done so, you will need to have both an
'inside' and 'outside' rule for your NAT translation since the junos-ip ALG is
unidirectional.
________________________________
From: Alex <alex.arseniev at gmail.com>
To: Gökhan Gümüş <ggumus at gmail.com>
Cc: juniper-nsp at puck.nether.net
Sent: Mon, January 10, 2011 7:18:25 AM
Subject: Re: [j-nsp] NAT Redundancy on Juniper routers
Then you are in a better position than I thought :-)
Just change your NAT rule(s) to include match on "junos-ip" ALG which skips L4
checks like TCP 3WHS being complete, and test.
Let us know the test results please.
Rgds
Alex
----- Original Message -----
From: Gökhan Gümüş
To: Alex
Cc: juniper-nsp at puck.nether.net
Sent: Monday, January 10, 2011 1:01 PM
Subject: Re: [j-nsp] NAT Redundancy on Juniper routers
Actually i am doing Static-Nat 1:1 :(
Rgds,
Gokhan
On Mon, Jan 10, 2011 at 1:55 PM, Alex <alex.arseniev at gmail.com> wrote:
Actually on a second thought I reckon You might be able to achieve
physical-box NAT redundancy using static NAT and IP-ALG but:
1/ it is not scalable (static NAT is 1:1)
2/ I never tried this myself :-)
Where the port translation is involved the sequence of events is as I
described below.
Rgds
Alex
----- Original Message -----
From: Gökhan Gümüş
To: Alex
Cc: juniper-nsp at puck.nether.net
Sent: Monday, January 10, 2011 12:46 PM
Subject: Re: [j-nsp] NAT Redundancy on Juniper routers
Hi Alex,
Thanks for the response.
So there is nothing i can do at this moment :(
Regards,
Gokhan
On Mon, Jan 10, 2011 at 1:43 PM, Alex <alex.arseniev at gmail.com> wrote:
Hello Gokhan Gumus,
AFAIK this is not possible at the moment since flows are not shared
between MSDPCs even inside same MX box let alone different physical boxes.
So if R1 goes down the:
1/ TCP flows need to reestablish starting from 3-way handshake
2/ UDP flows with ALG need to reestablish starting from scratch (every
ALG has different procedures)
3/ non-ALG UDP flows _can_ continue as if nothing happened depending on
protocol, e.g. p2p UDP flows will resume from last xferred piece
4/ ICMP flows continue as if nothing happened
If you need physical-box-redundant NAT I'd suggest to use SRX cluster.
HTH
Rgds
Alex
----- Original Message ----- From: "Gökhan Gümüs" <ggumus at gmail.com>
To: <juniper-nsp at puck.nether.net>
Sent: Monday, January 10, 2011 12:15 PM
Subject: [j-nsp] NAT Redundancy on Juniper routers
Hi all,
I am trying to achieve redundancy on Juniper routers while performing
NAT.
I have two Juniper MX960 router on the backbone with VRRP setup.I am
configuring NAT on R1 successfull.Same NAT rules are existing on the
other
router but on R2,static route which is pointing sp interface is
deactivated.Is there anyway to achieve automatic failover capability
on
NAT?In other words if something happened on R1, can R2 handle all NAT
process without doing anything?
Kind regards,
Gokhan Gumus
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list