LISP NAT traversal

gabriel.gearip · ‎06-10-2013

Hi,

I'm testing a scenario with LISP in GNS3 in which 2 LISP-enabled sites are communicating over an IPv4 "Internet" network (consisting on 2 non-LISP routers). On the left side I have 2 routers acting as xTR's and on the right side, one router acting as xTR and MS/MR. LISP is working fine, even load balancing the connections.

Now I'm changing the scenario to run NAT on the non-LISP routers. The target is to accomplish communication over NAT between the 2 LISP sites. I'm using "ip lisp source-locator Loopback..." on the "Internet"-facing interfaces on the left-side. The Lookpback interfaces have the global NAT IP address as seen by the right-side LISP side. Also, the database-mapping is using these addresses instead of the IP's of the router's interfaces.

It's not working. I don't know if this is the correct solution to run LISP over NAT.

What do you think?

Thanks.

Note: I'm using 7200 IOS routers with 15.2(4).

gabriel.gearip · ‎06-10-2013

Now I see that you would have to do a port forward on the NAT gateway to reach the inside LISP routers.

Is there any way to accomplish LISP communication without the port forward?

pvinci · ‎09-01-2013

Hi Gabriel,

If you are trying to do NAT between the RLOCs on your xTR and your map server, you need an IOS version that supports info-request packets (look at the XB12 release) for the control plane, and PxTR's are replaced with the concept of the RTR and serve as an anchor point in non-NATed space for the data plane. You can read about the details here:

http://tools.ietf.org/html/draft-ermagan-lisp-nat-traversal-01

We run commercial LISP mapping and proxy gateways across the US, so, if you have more questions, let us know.

http://vinciconsulting.com/lisp-mapping-and-proxy-services

Regards,

Paul