cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
715
Views
5
Helpful
1
Replies

Static NAT HSRP

adi822001
Level 1
Level 1

Hi experts,

May I have your opinion on the following matter?

Configuration

Two 2911 routers.

Doing HSRP on Wan and LAN side with 2 standby groups.

Doing static nat to internal servers.

Added redundacy keyword on the nat statements .

Tracking wan side interface in LAN side hsrp group and tracking

LAN side interface in WAN side hsrp group.

All is working well but I discovered the following convergence time

Issues when hsrp failover.

1. Hsrp active device has a tcp translation in the table.

2. Hsrp active does a failover (shut the interface).

3. The failover goes well but the ip nat session table on the new active is updated with the tcp sessions after about 30s after the failover took place.

Seen from debugs.

The new active device received  the nat session table  update  message from the old active after 30 sec or more.

My client wants the tcp session replication to take  place in less than 15s when a hsrp failover.

I will post debug messages in a short time when I get back to work.

Is there a way to make it work in less than 15s?

Also , what are the recommended ip nat translation timeout timers when doing hsrp and static nat .

Thank you for your help.

Have a nice day.

エイドリアン
1 Reply 1

adi822001
Level 1
Level 1

I have found the issue.

The problem was my testing procedure. I simulated the http connection using telnet to http port but i didnt generated any traffic(requests). I repeated the tests using GET requests and the nat session table was replicated almost instant.

I post the degug messages.

The NAT replication trigger is the next segment,request in the tcp session.

Debug messages

Telnet from client

telnet 10.31.73.12 3099 *Nov 7 03:52:17.071: TCBB2701B60 connected to 10.31.73.12.3099GET / HTTP/1.0 GET / HTTP/1.0 GET / HTTP/1.0

New active

Becomes Active at 03:52:32,34

NATGW2# *Nov 7 03:52:32.700: %HSRP-5-STATECHANGE: Ethernet0/2 Grp 100 state Standby -> Active NATGW2# *Nov 7 03:52:32.701: IP-ADDR: ipaddr_table_insert_w_tableid() 10.31.71.254, in global table on Ethernet0/2 NATGW2# *Nov 7 03:52:34.657: %HSRP-5-STATECHANGE: Ethernet0/1 Grp 200 state Standby -> Active

new Active listens for ARP requests for the HSRP IP

*Nov 7 03:52:34.658: IP-ADDR: ipaddr_table_insert_w_tableid() 192.168.153.253, in global table on Ethernet0/1

The nat session is recreated on the new Active .

*Nov 7 03:52:34.745: NAT: API parameters passed: src_addr:10.31.71.3, src_port: 0 dest_addr:10.31.73.12, dest_port:0, proto:6 if_input:Ethernet0/2 pak:B072F0A8 get_translated:1 *Nov 7 03:52:34.745: ipnat_api_translated_address_and_port_common, out->in want IL,OL *Nov 7 03:52:34.745: NAT: API Translated-Info(1): (src-addr:10.31.71.3, src-por t:0) (dest-addr:192.168.153.12, dest-port:0)

Thanks for helping.

エイドリアン
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco