[j-nsp] cgnat on service module - interesting bgp advertisements
Aaron
aaron1 at gvtc.com
Wed Apr 20 13:59:49 EDT 2016
Ok thanks… yep I’m seeing them getting used….
agould at eng-lab-mx104-cgn> show services sessions | grep 1.2.3.128
TCP 52.26.119.1:80 -> 1.2.3.128:1053 Forward O 4
TCP 64.12.245.38:80 -> 1.2.3.128:1052 Forward O 5
ICMP 8.8.8.8 -> 1.2.3.128 Forward O 6873
agould at eng-lab-mx104-cgn> show services sessions | grep 1.2.3.255
TCP 54.240.170.135:80 -> 1.2.3.255:1052 Forward O 7
TCP 2.4.178.10:80 -> 1.2.3.255:1051 Forward O 9
Aaron
From: Alexander Arseniev [mailto:arseniev at btinternet.com]
Sent: Wednesday, April 20, 2016 11:58 AM
To: Aaron <aaron1 at gvtc.com>; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] cgnat on service module - interesting bgp advertisements
Hello,
When using "address X.Y.Z.W/TV" definition, the net and bcast IPs are NOT used and JUNOS carves them out.
When using "address-range low X.Y.Z.W high X.Y.W.U", ALL addresses are used and JUNOS does NOT carve the net and bcast IPs out.
Whether You _should_ use net and bcast IPs - it depends on the app mix.
Some legacy apps such as eMule frown upon IPs ending with 0 (i.e. net IP for /24), and gives them "low id"
https://en.wikipedia.org/wiki/EMule#Low_ID
HTH
Thanks
Alex
On 20/04/2016 17:11, Aaron wrote:
Awesome Alex, good find !
So I wonder if the high-cpu issue with the all-zero and all-ones address of the named subnet means that when using address-range that the net-id and bcast address for the low/high definition will NOT be used in the nat pool ? …or that net-id and bcast addresses WILL be used for nat translations ?
Thanks again
agould at eng-lab-mx104-cgn# show | compare
[edit services nat pool nat1]
- address 1.2.3.128/25;
[edit services nat pool nat1]
+ address-range low 1.2.3.128 high 1.2.3.255;
agould at eng-lab-mx104-cgn# run show route advertising-protocol bgp 10.101.0.2 table one.inet.0
one.inet.0: 771 destinations, 1915 routes (771 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 10.144.2.4/30 Self 100 I
* 1.2.3.128/25 Self 100 I
[edit]
From: Alexander Arseniev [mailto:arseniev at btinternet.com]
Sent: Wednesday, April 20, 2016 1:36 AM
To: Aaron <mailto:aaron1 at gvtc.com> <aaron1 at gvtc.com>; juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] cgnat on service module - interesting bgp advertisements
Hello,
MS-MIC (and MS-MPC NPUs as well) automatically cuts out network (in your case .128) and broadcast (in your case .255) IPs.
The rest cannot be expressed as single prefix, hence a bunch of smaller prefixes is annonced instead.
This was done as PR 1019354 fix
https://prsearch.juniper.net/InfoCenter/index?page=prcontent <https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1019354> &id=PR1019354
HTH
Thx
Alex
On 20/04/2016 00:48, Aaron wrote:
Very interesting. anyone know why this is happening ? Is this documented ?
I put a /25 as the public nat pool, but look what this mx104 is advertising
via bgp.. It appears to chop up that /25 into a bunch of smaller subnets and
advertise those out
agould at eng-lab-mx104-cgn> show configuration | grep 1.2.3. | display set
set services nat pool nat1 address 1.2.3.128/25
agould at eng-lab-mx104-cgn> show route advertising-protocol bgp 10.101.0.2
table one.inet.0
one.inet.0: 782 destinations, 970 routes (782 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
* 10.144.2.4/30 Self 100 I
* 1.2.3.129/32 Self 100 I
* 1.2.3.130/31 Self 100 I
* 1.2.3.132/30 Self 100 I
* 1.2.3.136/29 Self 100 I
* 1.2.3.144/28 Self 100 I
* 1.2.3.160/27 Self 100 I
* 1.2.3.192/27 Self 100 I
* 1.2.3.224/28 Self 100 I
* 1.2.3.240/29 Self 100 I
* 1.2.3.248/30 Self 100 I
* 1.2.3.252/31 Self 100 I
* 1.2.3.254/32 Self 100 I
Aaron
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list