Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
5
Helpful
2
Replies

Packet drop about 50% - Identical segment with NAT + VRF

Go to solution
g114112118s
Level 1
Level 1

‎05-17-2019 02:14 AM - edited ‎05-17-2019 02:16 AM

Hello,

 

Indeed it's an odd design and we are trying to avoid it. however without going into reasoning. Let me quickly summarize the topology and problem we are facing.

 

We have a few hosts and each needs identical IP setup. hosts can remain in separate vlan and intervlan routing is NOT required. 

 

As example: Four vlan configured and with uplink trunk port to the router.

Router has also four vrf with four subinterfaces. 

Each subinterfaces has NAT enabled

non vrf outgoing interface has also NAT enabled 

 

source static NAT enabled for each vrf

default route configurated for each vrf

reverse-route configured for each vrf

 

Please read 8.8.8.8 as random public IP and we can control only two routers and a switch in the diagram.

 

Config in the diagram tested on a real platform but noticed the about 50% pack drop. 

 

 

 

 

 

 

 

 

 

 

Labels:
Preview file
76 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chrihussey
VIP Alumni
VIP Alumni

‎05-17-2019 05:16 AM

Could be wrong but I don't think you need the static routes to the 192.168.x.0 /24 in VRF Router A. The NAT process should be doing the translation and sending the packets to the original IP.

Hope this helps

 

PS - Really not too odd of a design in that it explains the purpose and capabilities of VRFs pretty well.

View solution in original post

2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-17-2019 02:35 AM - edited ‎05-17-2019 02:36 AM

Hello g114112118s,

 

I have a question in the network diagram you show that you ping 8.8.8.8 from a device that looks like a router DMN because I see a prompt ending in #.

This specific router is acting as one of the Pcs in the four VRFs in the diagram, or it is the router where all the NAT configuration and VRF is performed?

 

I agree it is a strange design, but your configuration looks like correct. In production you should use 4 different NAT pools for scalability.

 

 

Hope to help

Giuseppe

0 Helpful

Go to solution
chrihussey
VIP Alumni
VIP Alumni

‎05-17-2019 05:16 AM

Could be wrong but I don't think you need the static routes to the 192.168.x.0 /24 in VRF Router A. The NAT process should be doing the translation and sending the packets to the original IP.

Hope this helps

 

PS - Really not too odd of a design in that it explains the purpose and capabilities of VRFs pretty well.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card