[j-nsp] cgnat routing architecture

Mon Apr 11 09:00:43 EDT 2016

Hello,
Run BGP through MS-MIC and You'd have conditional scenarios covered plus 
the following:
1/ Service PIC is misconfigured (i.e. service-set does not exist)
2/ Service PIC has flow-control enabled because i.e. incoming PPS is 
above the rated value
Thanks
Alex

On 11/04/2016 10:55, Faizal Rachman wrote:
> Hi Aaron,
> You should apply dynamic redistribution of default route to your internal
> network. First you need to have dynamic 0/0 in your outside domain, it can
> be generated (aggregated) from routes contributed by bgp (assuming your
> cgnat also running ebgp to your upstream provider), or generated by router
> above cgnat, and redistribute this 0/0 to your cgnat.
> Secondly, your inside domain will have default static route to your
> external domain, and also redistribute this 0/0 to your internal network
> based on condition, which is 0/0 exist in your outside domain. Once your
> bgp down, your outside domain will lose 0/0, and your inside domain will
> stop redistributing 0/0 to your internal network.
> Thanks.
>
> Faizal R
>
>
> On Wed, Apr 6, 2016 at 7:19 AM, Aaron <aaron1 at gvtc.com> wrote:
>
>> My customers are currently in a vrf for internet access. they all have
>> public ip addresses.  I'm running low on IP's and I'm planning a CGNat
>> deployment.
>>
>>
>>
>> Call my current vrf "one"
>>
>>
>>
>> I'm planning on creating a new inside nat domain, and throwing customers
>> into that new vrf.
>>
>>
>>
>> Call the new vrf "three"
>>
>>
>>
>> I'm currently testing a Juniper MX104 with MS-MIC-16G and it seems to be
>> working nicely thus far. (actually I'm testing redundant cgn nodes, the
>> other one is a cisco asr9k w/vsm-500)
>>
>>
>>
>> On the juniper cgn node I have ..
>>
>>
>>
>> ms-1/0/0.2 - vrf "one" - service-domain outside
>>
>>
>>
>> ms-1/0/0.1 - vrf "three" - service-domain inside
>>
>>
>>
>> My current way of getting traffic towards the nat's is via static routes
>> and
>> thus being advertised into vrf "three" where remote pe's learn about those
>> dual default routes and it all works good... but. static routes always
>> scare
>> me when not tied to some other logic.
>>
>>
>>
>> My concerns are that if the wan (nat outside, ms-1/0/0/2, vrf "one") side
>> of
>> the nat node dies, then I don't want traffic arriving at that nat node and
>> being dropped/blackholed.
>>
>>
>>
>> What are the best ways to conditionally advertise a few routes based on
>> some
>> external reachability info ?
>>
>>
>>
>> I've recently learned about rib-groups and doing inter-vrf route leaking..
>> I
>> wonder if I should learn the vrf "one" default route and leak it into vrf
>> "three" across the control plane of those dual nat nodes.
>>
>>
>>
>> I've recently learned about conditionally generated routes and wonder if
>> there's a nice solution there.
>>
>>
>>
>> I welcome any and all suggestions.
>>
>>
>>
>> Thanks y'all
>>
>>
>>
>> Aaron
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>