[j-nsp] cgnat routing architecture

Aaron aaron1 at gvtc.com
Tue Apr 5 20:19:30 EDT 2016


My customers are currently in a vrf for internet access. they all have
public ip addresses.  I'm running low on IP's and I'm planning a CGNat
deployment.

 

Call my current vrf "one"

 

I'm planning on creating a new inside nat domain, and throwing customers
into that new vrf.

 

Call the new vrf "three"

 

I'm currently testing a Juniper MX104 with MS-MIC-16G and it seems to be
working nicely thus far. (actually I'm testing redundant cgn nodes, the
other one is a cisco asr9k w/vsm-500)

 

On the juniper cgn node I have ..

 

ms-1/0/0.2 - vrf "one" - service-domain outside

 

ms-1/0/0.1 - vrf "three" - service-domain inside

 

My current way of getting traffic towards the nat's is via static routes and
thus being advertised into vrf "three" where remote pe's learn about those
dual default routes and it all works good... but. static routes always scare
me when not tied to some other logic.

 

My concerns are that if the wan (nat outside, ms-1/0/0/2, vrf "one") side of
the nat node dies, then I don't want traffic arriving at that nat node and
being dropped/blackholed.

 

What are the best ways to conditionally advertise a few routes based on some
external reachability info ?

 

I've recently learned about rib-groups and doing inter-vrf route leaking.. I
wonder if I should learn the vrf "one" default route and leak it into vrf
"three" across the control plane of those dual nat nodes.

 

I've recently learned about conditionally generated routes and wonder if
there's a nice solution there.

 

I welcome any and all suggestions.

 

Thanks y'all

 

Aaron

 

 

 

 



More information about the juniper-nsp mailing list