[j-nsp] MX, Nat + BGP
alex.arseniev at gmail.com
Wed May 18 01:07:09 EDT 2011
I assume you are trying interface-style service- set (NH-style does not
Four things you can try:
1/ don't use same subnet on the link and for NAT pool. This is possible but
you have to configure proxy-arp for every host in this subnet.
2/ if you have to use, say 220.127.116.11/30 for link subnet and
18.104.22.168/24 as NAT pool,
configure NAT pool to exclude 22.214.171.124/30:
set services nat pool pool1 address-range low 126.96.36.199 high
3/ NAT source interface lo0 does not work by design on M/T/MX, period.
4/ Exclude BGP from being serviced:
set service-filter sf1-in term 1 from protocol tcp
set service-filter sf1-in term 1 from port 179
set service-filter sf1-in term 1 then skip
set service-filter sf1-in term 2 then service
set service-filter sf1-out term 1 from protocol tcp
set service-filter sf1-out term 1 from port 179
set service-filter sf1-out term 1 then skip
set service-filter sf1-out term 2 then service
----- Original Message -----
From: "OBrien, Will" <ObrienH at missouri.edu>
To: <juniper-nsp at puck.nether.net>
Sent: Wednesday, May 18, 2011 1:34 AM
Subject: [j-nsp] MX, Nat + BGP
> I've been working through a nat configuration on my lab MX960 with a
> MS-DPC blade that I've borrowed.
> To start, I'm trying to create a simple nat'd subnet. However, the NAT
> guide that I've been provided doesn't really fit my current design.
> The example I'm looking at uses a nat pool that's defined like so:
> with an outside interface that has say, 188.8.131.52/24 on it,
> Well, in my world, I use MX's for BGP announcements. So I'm trying to put
> the NAT source interface on a lo0 instead of a normal interface.
> Is anyone else doing it this way or is there some other sneaky trick I'm
> missing? So far applying the service filter only seems to break traffic.
> juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp