12-21-2016 11:49 AM - edited 03-05-2019 07:43 AM
Hi, guys,
Please refer to the following topology:
172.16.1.1 ---- [inside]CSR1KV[outside]-----BGP/vti----Partner
I have a CSR1KV running in AWS which interconnects with a 3rd party over BGP/VTI, I have to statically nat my AWS instance 172.16.1.1 to its corresponding AWS EIP (say 1.2.3.4/32) on CSR and advertise this /32 AWS EIP over BGP to this partner, how do I make BGP aware of 1.2.3.4/32? (note that 1.2.3.4/32 is purely used for NAT translations, it does not have to be a AWS routable IP) I can not statically null route it and then redistribute to BGP... Basically I want BGP to originate a route which is not in routing table ...
Thanks
Solved! Go to Solution.
12-21-2016 01:19 PM
What I meant was, don't put any 'ip nat inside' config on the loopback...
12-21-2016 12:11 PM
Hello,
the short answer is: you can't. The route needs to be in the routing table for BGP to originate it (with the exception of the default-information originate induced route that is artificially generated). That can be done by either using the 'network' command or by redistributing it from another process.
However, creative traffic engineering could be a solution. Can you not simply create a loopback interface with the 1.2.3.4/32 address ?
12-21-2016 01:14 PM
Thanks, I sure can, but would that interrupt NAT translation? conceptually, when IPsec decrypts, it finds the destination IP of the packet is CSR itself, it would bypass the static NAT rule, right? I want to lab it up, but it is not trivial.
If only AWS can give us continuous EIP assignment for a VPC, even a /31!
12-21-2016 01:14 PM
Hello,
the Loopback would simply be created to get the /32 in the routing table. I am thinking, if you don't include the Loopback in any NAT configuration, it shouldn't have any effect on the NAT translation...
12-21-2016 01:19 PM
What I meant was, don't put any 'ip nat inside' config on the loopback...
12-21-2016 01:26 PM
Good point, it might work, I will need to lab it up.
12-21-2016 01:21 PM
I don't understand your "if you don't include the Loopback in any NAT configuration", the loopback IP you are proposing has to be the same as inside global IP of the static nat
12-21-2016 01:21 PM
What are actuallly the AWS guidelines for your scenario, if there are any ?
12-21-2016 01:27 PM
This is not an AWS problem per se, well unless they can guarantee continuous EIP assignment ...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide