[j-nsp] MX, Nat + BGP

OBrien, Will ObrienH at missouri.edu
Wed May 18 11:33:27 EDT 2011


The sad bit is that I've done Nat on SRX just like that as well.
Thanks for the sanity check. I pulled the lo0 address and poof it works.

Now I'm trying to stack my bandwidth policer with the nat config and hitting a similar issue.
I think the only way to do both is to put the nat process into a routing instance...

Any thoughts on that one? As soon as I enable my policer filter, traffic breaks again. I presume that it never returns to the interface filter to hit the service filter.


On May 17, 2011, at 11:45 PM, Julien Goodwin wrote:

> On 18/05/11 10:34, OBrien, Will wrote:
>> I've been working through a nat configuration on my lab MX960 with a MS-DPC blade that I've borrowed.
>> To start, I'm trying to create a simple nat'd subnet. However, the NAT guide that I've been provided doesn't really fit my current design.
>> 
>> The example I'm looking at uses a nat pool that's defined like so:
>> 150.150.150.0/24
>> 
>> with an outside interface that has say, 150.150.150.1/24 on it,
>> 
>> Ok.
>> 
>> Well, in my world, I use MX's for BGP announcements. So I'm trying to put the NAT source interface on a lo0 instead of a normal interface.
>> 
>> Is anyone else doing it this way or is there some other sneaky trick I'm missing? So far applying the service filter only seems to break traffic.
> 
> I've not done NAT on MX only SRX, but with an SRX just announce the NAT
> pool as a route (static and readvertise, for whatever reason just adding
> a pool isn't enough to make it eligible for redist), don't need to
> assign it to an interface at all.
> 
> -- 
> Julien Goodwin
> Studio442
> "Blue Sky Solutioneering"
> 

Will O'Brien
University of Missouri, DoIT DNPS
Network Systems Analyst - Redacted

obrienh at missouri.edu






More information about the juniper-nsp mailing list