cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2184
Views
0
Helpful
8
Replies

How to anchor a /32 host route or make BGP aware of a NAT'd host route?

oldcreek12
Level 1
Level 1

Hi, guys,

Please refer to the following topology:

172.16.1.1 ---- [inside]CSR1KV[outside]-----BGP/vti----Partner

I have a CSR1KV running in AWS which interconnects with a 3rd party over BGP/VTI, I have to statically nat my AWS instance 172.16.1.1 to its corresponding AWS EIP (say 1.2.3.4/32) on CSR and advertise this /32 AWS EIP over BGP to this partner, how do I make BGP aware of 1.2.3.4/32? (note that 1.2.3.4/32 is purely used for NAT translations, it does not have to be a AWS routable IP) I can not statically null route it and then redistribute to BGP... Basically I want BGP to originate a route which is not in routing table ...

Thanks

1 Accepted Solution

Accepted Solutions

What I meant was, don't put any 'ip nat inside' config on the loopback...

View solution in original post

8 Replies 8

Hello,

the short answer is: you can't. The route needs to be in the routing table for BGP to originate it (with the exception of the default-information originate induced route that is artificially generated). That can be done by either using the 'network' command or by redistributing it from another process.

However, creative traffic engineering could be a solution. Can you not simply create a loopback interface with the 1.2.3.4/32 address ?

Thanks, I sure can, but would that interrupt NAT translation? conceptually, when IPsec decrypts, it finds the destination IP of the packet is CSR itself, it would bypass the static NAT rule, right? I want to lab it up, but it is not trivial.

If only AWS can give us continuous EIP assignment for a VPC, even a /31!

Hello,

the Loopback would simply be created to get the /32 in the routing table. I am thinking, if you don't include the Loopback in any NAT configuration, it shouldn't have any effect on the NAT translation...

What I meant was, don't put any 'ip nat inside' config on the loopback...

Good point, it might work, I will need to lab it up.

I don't understand your "if you don't include the Loopback in any NAT configuration", the loopback IP you are proposing has to be the same as inside global IP of the static nat

What are actuallly the AWS guidelines for your scenario, if there are any ?

This is not an AWS problem per se, well unless they can guarantee continuous EIP assignment ...

Review Cisco Networking for a $25 gift card