Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1049
Views
0
Helpful
3
Replies

CGN NAT44 + BNG

manoj.karmacharya
Level 1
Level 1

‎09-03-2018 11:20 PM

For NAT process, i've forwarded NAT required traffic from access interface to VSM with help of ABF. Packets generated by subscriber can reach to destination after NAT process but return traffic doesn't get routed to subscriber interface from vrf.

 

Subscriber receives return traffic properly when /32 route is added to vrf.

Labels:
Preview file
4 KB
0 Helpful
3 Replies 3

Aleksandar Vidakovic
Cisco Employee
Cisco Employee

‎09-04-2018 12:57 AM

If the subscribers are local to this router, I don't think you can tweak the routing table in the outside vrf to send the return traffic to a next-hop interface other than the subscriber interface itself. You need to have the true next-hop interface in the outside VRF.

/Aleksandar

0 Helpful

manoj.karmacharya
Level 1
Level 1

‎09-04-2018 07:59 AM

I'm trying to tweak routing table in inside vrf as return traffic comes to outside vrf and then to inside vrf. 

 

Suppose a subscriber gets ip 10.0.0.10, if I add static route to /32 destination like config below in inside vrf NAT works perfectly fine.

 

router static
address-family ipv4 unicast
100.64.0.0/26 ServiceApp2
!
vrf InsideVRF
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
10.0.0.10/32 vrf default Bundle-Ether4.100
!
!
!

 

 

0 Helpful

Aleksandar Vidakovic
Cisco Employee
Cisco Employee
In response to manoj.karmacharya

‎09-04-2018 08:23 AM

I think I finally understood your question now. The additional static route (10.0.0.10/32 vrf default Bundle-Ether4.100) shouldn't be required. It would make the whole BNG+CGNAT integration very cumbersome.

 

VSM card has two NPs, the same ones that are used on any Typhoon line card. If configuring the static route resolves the issue, I doubt that the problem is in the translation table on the VSM. It seems more likely to be an issue with the forwarding table in the NPs. Can you send pings with timeout zero and see which NP counters are incrementing?

 

You can refer to these two docs for guidelines:

 

https://community.cisco.com/t5/service-providers-documents/asr9000-xr-troubleshooting-packet-drops-drops-in-np-microcode/ta-p/3155145

https://community.cisco.com/t5/service-providers-documents/asr9000-xr-troubleshooting-packet-drops-and-understanding-np/ta-p/3126715

 

/Aleksandar

0 Helpful
Customers Also Viewed These Support Documents