Welcome to Mat's Cloud: Scalability for Stateful NAT (SNAT)

Scalability for Stateful NAT feature allows Stateful Network Address Translation (SNAT) to control the Hot Standby Router Protocol (HSRP) state change until the NAT information is completely exchanged. Reference:
http://www.cisco.com/en/US/docs/ios/12_4/12_4_mainline/snatsca.html

Step 1:
You need to create the SNAT group, and assign a unique identifier to each router within the group:
(config)#ip nat stateful id 1

Step 2:
In order to configure the Stateful Failover, you need to have the HSRP previously configured. Within the stateful
nat group configurarion, assign the HSRP redundancy name to the router:
(config-ipnat-snat)#redundancy HSRP-1

Step 3:
The Active HSRP Router sends the NAT Translation to the Standby Routers. This translation is assigned an ID,
which is called "mapping-id" and it MUST BE THE SAME ON THE ENTIRE GROUP.
(config-ipnat-snat-red)#mapping-id 1

Step 4:
Consider adding features such Asymetric queuing, or define a specific protocol for the redundancy group:
IP Stateful NAT Redundancy mode configuration commands:
as-queuing Disable asymmetric process for this redundancy group
exit Exit from IP Stateful NAT Redundancy config mode
mapping-id Configure mapping-id for this redundancy group
no Negate or set default values of a command
protocol Select transport protocol for this redundancy group

Step 5:
Configure the Dynamic NAT, as described in my previous posts, and just attach the configured mapping-id:
(config)#ip nat inside source route-map ROUTE_MAP_MATCHING_ACL pool INSIDE_GLOBAL mapping-id 1

Step 6:
Check the translations
#sh ip snat distributed

Stateful NAT Connected Peers

No entries will appear until you perform a PING, and when you do, and do a debug, you'll see:
*Nov 7 14:47:12.081: SNAT (Add_node): Allocated database distributed-id 1
*Nov 7 14:47:12.081: SNAT (Add_node): Init RTree for distributed-id 1
*Nov 7 14:47:12.081: SNAT (Add_node): Allocate Node for nat-id 19, Router-id 1
*Nov 7 14:47:12.081: NAT: s=15.10.1.1->172.25.185.1, d=10.185.117.4 [271]
*Nov 7 14:47:12.081: NAT*: s=10.185.117.4, d=172.25.185.1->15.10.1.1 [271]
*Nov 7 14:47:12.085: NAT*: s=15.10.1.1->172.25.185.1, d=10.185.117.4 [272]
*Nov 7 14:47:12.085: NAT*: s=10.185.117.4, d=172.25.185.1->15.10.1.1 [272]
*Nov 7 14:47:12.085: NAT*: s=15.10.1.1->172.25.185.1, d=10.185.117.4 [273]
*Nov 7 14:47:12.085: NAT*: s=10.185.117.4, d=172.25.185.1->15.10.1.1 [273]
*Nov 7 14:47:12.089: NAT*: s=15.10.1.1->172.25.185.1, d=10.185.117.4 [274]
*Nov 7 14:47:12.089: NAT*: s=10.185.117.4, d=172.25.185.1->15.10.1.1 [274]
*Nov 7 14:47:12.089: NAT*: s=15.10.1.1->172.25.185.1, d=10.185.117.4 [275]
*Nov 7 14:47:12.089: NAT*: s=10.185.117.4, d=172.25.185.1->15.10.1.1 [275]

Welcome to Mat's Cloud

Scalability for Stateful NAT (SNAT)

No comments:

Post a Comment

Most Popular Posts