May I have your opinion on the following matter?
Two 2911 routers.
Doing HSRP on Wan and LAN side with 2 standby groups.
Doing static nat to internal servers.
Added redundacy keyword on the nat statements .
Tracking wan side interface in LAN side hsrp group and tracking
LAN side interface in WAN side hsrp group.
All is working well but I discovered the following convergence time
Issues when hsrp failover.
1. Hsrp active device has a tcp translation in the table.
2. Hsrp active does a failover (shut the interface).
3. The failover goes well but the ip nat session table on the new active is updated with the tcp sessions after about 30s after the failover took place.
Seen from debugs.
The new active device received the nat session table update message from the old active after 30 sec or more.
My client wants the tcp session replication to take place in less than 15s when a hsrp failover.
I will post debug messages in a short time when I get back to work.
Is there a way to make it work in less than 15s?
Also , what are the recommended ip nat translation timeout timers when doing hsrp and static nat .
Thank you for your help.
Have a nice day.
I have found the issue.
The problem was my testing procedure. I simulated the http connection using telnet to http port but i didnt generated any traffic(requests). I repeated the tests using GET requests and the nat session table was replicated almost instant.
I post the degug messages.
The NAT replication trigger is the next segment,request in the tcp session.
Telnet from client
telnet 10.31.73.12 3099 *Nov 7 03:52:17.071: TCBB2701B60 connected to 10.31.73.12.3099GET / HTTP/1.0 GET / HTTP/1.0 GET / HTTP/1.0
Becomes Active at 03:52:32,34
NATGW2# *Nov 7 03:52:32.700: %HSRP-5-STATECHANGE: Ethernet0/2 Grp 100 state Standby -> Active NATGW2# *Nov 7 03:52:32.701: IP-ADDR: ipaddr_table_insert_w_tableid() 10.31.71.254, in global table on Ethernet0/2 NATGW2# *Nov 7 03:52:34.657: %HSRP-5-STATECHANGE: Ethernet0/1 Grp 200 state Standby -> Active
new Active listens for ARP requests for the HSRP IP
*Nov 7 03:52:34.658: IP-ADDR: ipaddr_table_insert_w_tableid() 192.168.153.253, in global table on Ethernet0/1
The nat session is recreated on the new Active .
*Nov 7 03:52:34.745: NAT: API parameters passed: src_addr:10.31.71.3, src_port: 0 dest_addr:10.31.73.12, dest_port:0, proto:6 if_input:Ethernet0/2 pak:B072F0A8 get_translated:1 *Nov 7 03:52:34.745: ipnat_api_translated_address_and_port_common, out->in want IL,OL *Nov 7 03:52:34.745: NAT: API Translated-Info(1): (src-addr:10.31.71.3, src-por t:0) (dest-addr:192.168.153.12, dest-port:0)
Thanks for helping.