I've been trying to find the best solution for the following problem.
As I understand it, for me to send IP traffic to an ISM or VSM on an ASR9k for CGN(ex: NAT44), the solution would be to use ABF and configure the ISM/VSM as next-hop for pre-NAT outgoing traffic. My question is this: ABF deployment guide says that ABF does not support mpls-labeled traffic, in other words if an IP-packet I want to NAT comes in labeled, ABF would not be able to catch it an redirect it to VSM so it would be NATed. Can anybody share a posible (best) solution to this scenario?
indeed, our NPU will perform the ACL matching before handling the labels and therefore the labelled-traffic can not be matched. In other words, you can not apply ABF to push traffic to the CGN card if you are a PE box.
First approach will consist in making the penultimate router responsible for discarding the labels, at least for the traffic candidate for NATing.
Second, some customers overcome this limitation using a "loop" cable. Your label will be stripped and only IPv4 packet will get back inside the chassis and therefore can be matched by your ABF.
I understand that none of these options are satisfactory or technically elegant...
Thanks for your answer, nifevrie .
That's exactly the point, in my environment my PE (in this case a CMTS running mpls for l3vpn) has to have labels for L3VPN setup. This PE also has Internet access service. It connects to 2 ASR9000 P routers, that are the correct place for me to install an ISM or a VSM. So basically, the originating router would 'have to do PHP'.
So basically, for me to get to the CGN card, as far as I can tell, my 'only' option is the loop. I saw this being described in a CiscoLive presentation. Let's forget for a moment that is not an elegant solution, we're talking 10-20G of traffic here per POP. I cannot fathom telling my customer they have to invest in the CGN card AND 2-4 10G interfaces per loop, per ASR.
Seems to me it makes sense to work on ABF being able to catch mpls labels.
Unfortunately, I concur with your conclusion.
I will let other members of the community correct me if necessary, but AFAIK, we won't have the capability to do it with the current hardware (NPUs) nor the next generation.
You know, I've talked about this on and off for months with my coworkers and we always end up with the same comment: "we can't be the first ones to think about this and require a viable solution".
Hopefully, it'll come sooner rather than later.
We have the same problem. my interfaces are in MPLS labels. I need to create different nats for each segment of the same VRF. could be ABF my solution?. how you did?