[j-nsp] cgnat routing architecture

Faizal Rachman faizalr81 at gmail.com
Mon Apr 11 05:55:22 EDT 2016


Hi Aaron,
You should apply dynamic redistribution of default route to your internal
network. First you need to have dynamic 0/0 in your outside domain, it can
be generated (aggregated) from routes contributed by bgp (assuming your
cgnat also running ebgp to your upstream provider), or generated by router
above cgnat, and redistribute this 0/0 to your cgnat.
Secondly, your inside domain will have default static route to your
external domain, and also redistribute this 0/0 to your internal network
based on condition, which is 0/0 exist in your outside domain. Once your
bgp down, your outside domain will lose 0/0, and your inside domain will
stop redistributing 0/0 to your internal network.
Thanks.

Faizal R


On Wed, Apr 6, 2016 at 7:19 AM, Aaron <aaron1 at gvtc.com> wrote:

> My customers are currently in a vrf for internet access. they all have
> public ip addresses.  I'm running low on IP's and I'm planning a CGNat
> deployment.
>
>
>
> Call my current vrf "one"
>
>
>
> I'm planning on creating a new inside nat domain, and throwing customers
> into that new vrf.
>
>
>
> Call the new vrf "three"
>
>
>
> I'm currently testing a Juniper MX104 with MS-MIC-16G and it seems to be
> working nicely thus far. (actually I'm testing redundant cgn nodes, the
> other one is a cisco asr9k w/vsm-500)
>
>
>
> On the juniper cgn node I have ..
>
>
>
> ms-1/0/0.2 - vrf "one" - service-domain outside
>
>
>
> ms-1/0/0.1 - vrf "three" - service-domain inside
>
>
>
> My current way of getting traffic towards the nat's is via static routes
> and
> thus being advertised into vrf "three" where remote pe's learn about those
> dual default routes and it all works good... but. static routes always
> scare
> me when not tied to some other logic.
>
>
>
> My concerns are that if the wan (nat outside, ms-1/0/0/2, vrf "one") side
> of
> the nat node dies, then I don't want traffic arriving at that nat node and
> being dropped/blackholed.
>
>
>
> What are the best ways to conditionally advertise a few routes based on
> some
> external reachability info ?
>
>
>
> I've recently learned about rib-groups and doing inter-vrf route leaking..
> I
> wonder if I should learn the vrf "one" default route and leak it into vrf
> "three" across the control plane of those dual nat nodes.
>
>
>
> I've recently learned about conditionally generated routes and wonder if
> there's a nice solution there.
>
>
>
> I welcome any and all suggestions.
>
>
>
> Thanks y'all
>
>
>
> Aaron
>
>
>
>
>
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Regards,
Faizal R


More information about the juniper-nsp mailing list