cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
354
Views
5
Helpful
5
Replies
Tuff
Beginner

BGP WITH 2 ISPs and NAT

Hi guys! 

   I am a newbie and trying to learn and understand BGP when connecting to two different ISPs with multiple(2) local routers. I have vlans that span, using sub-interfaces and HSRP between CORE1 and CORE2. CORE1 is the ACTIVE HSRP thus forwards the traffic. I want my end devices to be able to go out on the Internet and i want to use NAT

 

I have a provider independent address 192.168.128.0/24 so i am not dependent on the ISPs public address space. Both R1 and R2 are AS1000 and advertise the same PA (192.168.128.0/24) to connected ISPs and i want to use an ip address in that subnet for my NAT....Both ISP1 and ISP2 chose path through R1 as the best route to reach the 192.168.128.0/24 that both R1 and R1 advertised. 

 

I then created a Default Static route on CORE1 and pointed it R2 and i created the same Dynamic nat   ip nat pool test 192.168.128.1 192.168.128.1 netmask 255.255.255.0 ---> ip nat inside source list 10 pool test overload on both R1 and R2. When i ping from the PC to the internet(90.90.90.1) the traffic goes from PC --> CORE1 --> exit int e2/1 --> to R2 and R2 does the NAT and send it to ISP2 (best route). The problem now is when the reply is coming back from ISP2, it is sent to R1 (because all both ISPs chose to reach the 192.168.128.0/24 via R1) and R1 just drops the packet and send an unreachable message back to ISP2. So the ping never works. But if i change the default route on the CORE1 and point it to R1 the ping works fine.

All i want to do is to provide some redundancy so that the CORE1 can use the other link when one fails, and also R1 or R2 can use its other link if one fail. How can i achieve this ? What am i doing wrong ? Thank You

 

topo.PNG

1 ACCEPTED SOLUTION

Accepted Solutions
Giuseppe Larosa
Hall of Fame Master

Hello @Tuff ,

several years ago there was a feature called Stateful NAT that allowed to coordinate NAT between two routers.

I am afraid it is not supported anymore and however was based on the use of HSRP.

 

However, in your case a possible solution is the following:

divide in two the subnet pool :

192.168.128.0/25  to R1 reduce R1 NAT pool accordingly to this resize

192.168.128.128/25 to R2  reduce R2 NAT pool accordingly to this resize

Have routes on R1 and R2 so that R1 knows that a packet for a host in 192.168.128.128/25 has to be sent to R2.

The opposite on R2.

You need an additional link between R1 and R2 to be able to put ip nat outside over it  to be used for this route exchange.

 

As an alternative you can build a hierarchy with R1 master for default route and R2 providing a backup default route.

 

Hope to help

Giuseppe

 

View solution in original post

5 REPLIES 5
Giuseppe Larosa
Hall of Fame Master

Hello @Tuff ,

several years ago there was a feature called Stateful NAT that allowed to coordinate NAT between two routers.

I am afraid it is not supported anymore and however was based on the use of HSRP.

 

However, in your case a possible solution is the following:

divide in two the subnet pool :

192.168.128.0/25  to R1 reduce R1 NAT pool accordingly to this resize

192.168.128.128/25 to R2  reduce R2 NAT pool accordingly to this resize

Have routes on R1 and R2 so that R1 knows that a packet for a host in 192.168.128.128/25 has to be sent to R2.

The opposite on R2.

You need an additional link between R1 and R2 to be able to put ip nat outside over it  to be used for this route exchange.

 

As an alternative you can build a hierarchy with R1 master for default route and R2 providing a backup default route.

 

Hope to help

Giuseppe

 

View solution in original post

Hi Giuseppe

   Thanks for the reply. I think i do understand the first solution you provide. The link that i am going to create between R1 and R2 does it have to be IGP or iBGP and how do i advertise the 192.168.128.0/25 and 192.168.128.128/25 to respective router? And does it really have to be ip nat outside on the new link between R1 and R2?.

Giuseppe Larosa
Hall of Fame Master

Hello @Tuff ,

how you announce the /25 prefixes is not important, I would use static routes at this point to be sure that is preferred over IGP over the new dedicated link between R1 and R2.

The ip nat outside should be needed to trigger the translation back to the private address. (to be sure it is translated back to the corresponding private IP address )

 

Hope to help

Giuseppe

 

Hello

Statefull NAT was replaced with B2B (box-to-Box) nat, I've never used it in a production environment but came across it when i upgraded a couple of wan rtrs which were running stateful nat and post upgrade failed to work as it wasn't supported -ouch!


Since then I have labbed it a few times for posts on here, and there is some good material on these forums and cisco cco about it.

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-b2b-ha.pdf
https://community.cisco.com/t5/networking-documents/nat-box-to-box-high-availability-overview/ta-p/3145368



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
MHM Cisco World
Rising star

As I study your SP routers config bgp must connect through ibgp via additional link and make both SP router prefer through core1.

Thus if SP router 2 receive the packet it will forward to R1.

this my approach.