Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1345
Views
8
Helpful
4
Replies

ASR1001 and HSRP for NAT

Christian Boesch
Level 1
Level 1

‎12-03-2013 05:30 AM - last edited on ‎03-25-2019 03:40 PM by Community Manager

Hi,

I have 2 ASR1001 routers which are both connected with a P2P routing link to core router -1 and -2.

And there is an interface with a P2P routing link connecting both with each other (crosslink).

Both ASRs have an interface to the ISP. I get a default route over BGP on ASR1. If something fails

the default route is announced on ASR2.

For NAT I wanted to create a subinterface on the ISP interface with a NAT subnet with HSRP.

If the ISP interface goes down the default route moves to ASR2 and also the subinterface goes down and HSRP

should also move to ASR2.

But that does not seem to work because there is no L2 connection. If I put the HSRP NAT subinterface on the

crosslink interface it works. But then if one of both routers goes down (for upgrading etc) both HSRP subinterfaces

would go down and the NAT net would disappear.

Does anyone have an idea how to solve this design problem?

Thanks,

Chris

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎12-03-2013 06:39 AM

Chris

Think you are going to need to a L2 switch between the routers for your cross connect for the exact reasons you have described ie. HSRP requires L2 adjacency and because you have in effect with the subinterfaces made them point to point both interfaces will go down. A switch would obviously solve this problem although in a redundant setup you probably want 2 switches interconnected via the vlan HSRP is running in.

If you only had one switch then if it fails both routers are active.

Can't think of another way to do it.

Jon

Jon Marshall
Hall of Fame
Hall of Fame
In response to Jon Marshall

‎12-17-2013 05:29 AM

Chris

Are you successfully getting an adjacency between the routers ?

Jon

0 Helpful

Christian Boesch
Level 1
Level 1
In response to Jon Marshall

‎12-17-2013 05:37 AM

Jon thanks for the response!

no passive-interface for the new subinterace was missing in the router config.

Sorry for that stupid mistake...

Kind regards, Chris

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-03-2013 07:18 AM

Hello Chris,

Jon's suggestion to insert a L2 LAN switch is the best one for your current architecture.

However, I wonder if it would be wise to think of a network design review, in order to be able to use stateful NAT that would allow for a smarter switchover (NAT sessions are replicated on the standby device so device taking active role can process existing NAT translations).

The concepts and configuration for ASR 1000 are reported in the folllowing link

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/iadnat-stateful-int-chass.html

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/iadnat-stateful-int-chass.html#GUID-39D33772-863E-417C-BA4E-D6ACA0565071

This would require the use of an internal LAN and an external LAN segments implemented with L2 LAN switches

The feature coordinates HSRP groups states on internal and external LAN segments.

This would mean changing the p2p links to core routers in the internal LAN segment.

This might be feasible or not for your network setup, depending also on the state of implementation.

Hope to help

Giuseppe

Customers Also Viewed These Support Documents