Re: Static NAT Redundancy with HSRP

From: Gregory Gombas (ggombas@gmail.com)
Date: Tue Nov 06 2007 - 21:03:58 ART

• Next message: Tarun Pahuja: "Re: Static NAT Redundancy with HSRP"
• Previous message: William Nellis: "Re: CCIE Important Interview Quesition asked by Sunrise, Swiss"
• Maybe in reply to: Gregory Gombas: "Static NAT Redundancy with HSRP"
• Next in thread: Tarun Pahuja: "Re: Static NAT Redundancy with HSRP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sorry - did not mean to cause an argument, just trying to make sense
of this seemingly vestigial static option.

What does linking the HSRP group to the static do exactly?

Can you elaborate more on what kind of unpredictable results one might
see? From my testing as long as the static commands are the same on
both routers it will work, no "redundancy" option needed.

On 11/6/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> Gregory,
> The redundancy keyword is very important in the config. If
> you do not link the two identical static translations on the route configs
> using the same HSRP Group, you will experience unpredictable results.
>
> I usually like to include links in my threads as I want people to read the
> theory behind a topic rather than answering only a specific question with
> specific values. It is more important to understand the concept than
> memorize the answer.
>
> I am not here to sell workbooks or offer classes, I am deeply gratified by
> the appreciation I get from students, Hence I enjoy responding to
> questions. The more appreciation I get, The more I will be around.
>
> HTH,
> Tarun
>
>
> On 11/6/07, Gregory Gombas <ggombas@gmail.com> wrote:
> > Thanks Tarun - thats what we observed.
> >
> > So is the "redundacy" option on the static command just one of those
> > useless options?
> >
> >
> >
> > On 11/6/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> > > Gregory,
> > > Static Nat with HSRP. Here HSRP router pairs have identical
> NAT
> > > configurations for redundancy. No dynamic entries are replicated amongst
> > > routers in the same HSRP redundancy group.
> > >
> > > HTH,
> > > Tarun
> > >
> > >
> > > On 11/6/07, Gregory Gombas < ggombas@gmail.com> wrote:
> > > > Thanks. That covers scenario 2 and 3, how about scenario 1?
> > > >
> > > > On 11/6/07, Tarun Pahuja < pahujat@gmail.com> wrote:
> > > > > Gregory,
> > > > > Hopefully Narbik's Lawyer would not be calling me
> since I
> > > am
> > > > > jumping ahead of him to help you. I am sure he will have much more
> > > insight
> > > > > in this matter than me ;-)
> > > > >
> > > > > To answer your question, SNAT(Stateful Nat) can be configured in
> > > > > Primary/Backup Mode and HSRP mode. In Primary/Backup mode, you have
> to
> > > > > manually configure who the primary router is and who the secondary
> > > router is
> > > > > and hence you do not need the word redundancy.
> > > > >
> > > > > When you configure SNAT in HSRP mode, SNAT follows what HSRP tells
> it to
> > > > > hence you use the word redundancy to tie the two together.
> > > > >
> > > > > HTH,
> > > > > Tarun
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > On 11/6/07, Gregory Gombas <ggombas@gmail.com> wrote:
> > > > > >
> > > > > > I'm not sure I follow?
> > > > > >
> > > > > > Let me restate the question and I hope Narbik himself can chime in
> > > here.
> > > > > > There seem to be three different ways to configure NAT redundancy:
> > > > > >
> > > > > > Scenario 1 - Static NAT with HSRP:
> > > > > > Step 1. Configure HSRP groups named HSRP-1
> > > > > > Step 2. Tie the group name to the static command as follows:
> > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy HSRP-1
> > > > > >
> > > > > > Scenario 2 - Stateful NAT with HSRP:
> > > > > > Step 1. Configure HSRP groups named HSRP-1
> > > > > > Step 2. Tie the group name to the stateful NAT configuration as
> > > follows:
> > > > > > Router 2:
> > > > > > ip nat Stateful id 1
> > > > > > redundancy HSRP-1
> > > > > > mapping-id 10
> > > > > > Router 3:
> > > > > > ip nat Stateful id 2
> > > > > > redundancy HSRP-1
> > > > > > mapping-id 10
> > > > > >
> > > > > > Scenario 3 - Stateful NAT without HSRP (Primary/Backup):
> > > > > > PRIMARY:
> > > > > > ip nat Stateful id 1
> > > > > > primary 10.88.194.17
> > > > > > peer 10.88.194.18
> > > > > > mapping-id 10
> > > > > > BACKUP
> > > > > > ip nat Stateful id 2
> > > > > > backup 10.88.194.18
> > > > > > peer 10.88.194.17
> > > > > > mapping-id 10
> > > > > >
> > > > > > My questions is what is the first scenario for? What is the
> > > > > > significance of the redundacy keyword? How does it tie in with the
> > > > > > HSRP config?
> > > > > > How does that differ from configuring the two routers with static
> NAT
> > > > > > and no redundancy keyword????
> > > > > >
> > > > > >
> > > > > > On 11/6/07, Victor Cappuccio < vcappuccio@gmail.com> wrote:
> > > > > > > Hi Gregory,
> > > > > > > I had in CANTV this same issue, checking my old emails I found
> that
> > > > > > > probably this link could help a lot
> > > > > > >
> > > > >
> > >
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper0900aecd8052870b.shtml
> > > > > > > Also:
> > > > > > >
> > > > >
> > >
> http://www.iphelp.ru/faq/29/cisconut2-CHP-13-SECT-3.html
> > > > > > >
> > > > >
> > >
> http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1079180
> > > > > > >
> > > > >
> > >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftnthsrp.htm
> > > > > > >
> > > > > > > Also be aware that CPU Process utilization and memory is
> critical in
> > > > > this
> > > > > > > situation, using the using the following TCL Script to capture
> the
> > > > > number
> > > > > > > of translations and using the show ip nat statistics to
> determine
> > > the
> > > > > > > number of dynamic entries created in the NAT tables such as in:
> > > Active
> > > > > as to
> > > > > > > Standby
> > > > > > >
> > > > > > > proc SNAT { DURANTE interval } {
> > > > > > > set end [expr [clock seconds] + $DURANTE]
> > > > > > > set cur [clock seconds]
> > > > > > > set interval "${INTEVALO}000"
> > > > > > > while { $cur < $end } {
> > > > > > > show clock
> > > > > > > show IP NAT sta | inc To
> > > > > > > show proc cpu | exc 0.00
> > > > > > > show memory statistics
> > > > > > > puts "\n"
> > > > > > > after $TIEMPO
> > > > > > > set cur [clock seconds]
> > > > > > > }
> > > > > > > }
> > > > > > >
> > > > > > > My 2 cents
> > > > > > >
> > > > > > > Victor Cappuccio
> > > > > > > www.vcappuccio.wordpress.com
> > > > > > >
> > > > > > >
> > > > > > > On Nov 6, 2007 3:51 PM, Gregory Gombas < ggombas@gmail.com >
> wrote:
> > > > > > > >
> > > > > > > > Can someone please explain what the redundancy keyword at the
> end
> > > of a
> > > > > > > > static nat statement does? For example:
> > > > > > > >
> > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy
> HSRP-1
> > > > > > > >
> > > > > > > > We tried the configuration from Narkbik's NAT lab excercise
> #9,
> > > and we
> > > > > > > > found that failover worked the same with or without the
> redundancy
> > > > > > > > keyword:
> > > > > > > >
> > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1
> > > > > > > >
> > > > > > > > Here is the relevant configuration:
> > > > > > > >
> > > > > > > > On R2
> > > > > > > > interface FastEthernet0/0
> > > > > > > > Standby 1 ip 10.1.123.100
> > > > > > > > Standby 1 priority 110
> > > > > > > > Standby 1 preempt
> > > > > > > > Standby 1 name HSRP-1
> > > > > > > > Standby 1 track FastEthernet0/1 50
> > > > > > > > ip nat inside
> > > > > > > >
> > > > > > > > interface FastEthernet0/1
> > > > > > > > Standby 2 ip 200.1.1.100
> > > > > > > > Standby 2 priority 110
> > > > > > > > Standby 2 preempt
> > > > > > > > Standby 2 track FastEthernet0/0 50
> > > > > > > > ip nat outside
> > > > > > > >
> > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy
> HSRP-1
> > > > > > > >
> > > > > > > >
> > > > > > > > On R3
> > > > > > > > Interface FastEthernet0/0
> > > > > > > > Standby 1 ip 10.1.123.100
> > > > > > > > Standby 1 preempt
> > > > > > > > Standby 1 name HSRP-1
> > > > > > > > ip nat inside
> > > > > > > >
> > > > > > > > Interface FastEthernet0/1
> > > > > > > > Standby 2 ip 200.1.1.100
> > > > > > > > Standby 2 priority 100
> > > > > > > > Standby 2 preempt
> > > > > > > > ip nat outside
> > > > > > > >
> > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy
> HSRP-1
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > >
> > >
> _______________________________________________________________________
> > > > > > > > Subscription information may be found at:
> > > > > > > > http://www.groupstudy.com/list/CCIELab.html
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > >
> > > > > >
> > > > >
> > >
> _______________________________________________________________________
> > > > > > Subscription information may be found at:
> > > > > > http://www.groupstudy.com/list/CCIELab.html

• Next message: Tarun Pahuja: "Re: Static NAT Redundancy with HSRP"
• Previous message: William Nellis: "Re: CCIE Important Interview Quesition asked by Sunrise, Swiss"
• Maybe in reply to: Gregory Gombas: "Static NAT Redundancy with HSRP"
• Next in thread: Tarun Pahuja: "Re: Static NAT Redundancy with HSRP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART