From: Gregory Gombas (ggombas@gmail.com)
Date: Tue Nov 06 2007 - 23:25:39 ART
Thanks. I'll have to lab it up again to observe that behavior.
Thanks again!
On 11/6/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> Gregory,
> Not a problem. Narbik is a good friend of mine. We just like to
> tease each other once in a while. Coming back to your question.
>
> Static mapping support for HSRP allows the option of having only the HSRP
> active router respond to an incoming ARP for a router configured with a NAT
> address. Since both the routers have identical NAT configurations only the
> active one would respond to an arp request for configured static Nat
> Translation.
>
> HTH,
> Tarun
>
>
> On 11/7/07, Gregory Gombas <ggombas@gmail.com> wrote:
> > Sorry - did not mean to cause an argument, just trying to make sense
> > of this seemingly vestigial static option.
> >
> > What does linking the HSRP group to the static do exactly?
> >
> > Can you elaborate more on what kind of unpredictable results one might
> > see? From my testing as long as the static commands are the same on
> > both routers it will work, no "redundancy" option needed.
> >
> >
> >
> > On 11/6/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> > > Gregory,
> > > The redundancy keyword is very important in the config.
> If
> > > you do not link the two identical static translations on the route
> configs
> > > using the same HSRP Group, you will experience unpredictable results.
> > >
> > > I usually like to include links in my threads as I want people to read
> the
> > > theory behind a topic rather than answering only a specific question
> with
> > > specific values. It is more important to understand the concept than
> > > memorize the answer.
> > >
> > > I am not here to sell workbooks or offer classes, I am deeply gratified
> by
> > > the appreciation I get from students, Hence I enjoy responding to
> > > questions. The more appreciation I get, The more I will be around.
> > >
> > > HTH,
> > > Tarun
> > >
> > >
> > > On 11/6/07, Gregory Gombas <ggombas@gmail.com > wrote:
> > > > Thanks Tarun - thats what we observed.
> > > >
> > > > So is the "redundacy" option on the static command just one of those
> > > > useless options?
> > > >
> > > >
> > > >
> > > > On 11/6/07, Tarun Pahuja <pahujat@gmail.com> wrote:
> > > > > Gregory,
> > > > > Static Nat with HSRP. Here HSRP router pairs have
> identical
> > > NAT
> > > > > configurations for redundancy. No dynamic entries are replicated
> amongst
> > > > > routers in the same HSRP redundancy group.
> > > > >
> > > > > HTH,
> > > > > Tarun
> > > > >
> > > > >
> > > > > On 11/6/07, Gregory Gombas < ggombas@gmail.com> wrote:
> > > > > > Thanks. That covers scenario 2 and 3, how about scenario 1?
> > > > > >
> > > > > > On 11/6/07, Tarun Pahuja < pahujat@gmail.com> wrote:
> > > > > > > Gregory,
> > > > > > > Hopefully Narbik's Lawyer would not be calling me
> > > since I
> > > > > am
> > > > > > > jumping ahead of him to help you. I am sure he will have much
> more
> > > > > insight
> > > > > > > in this matter than me ;-)
> > > > > > >
> > > > > > > To answer your question, SNAT(Stateful Nat) can be configured in
> > > > > > > Primary/Backup Mode and HSRP mode. In Primary/Backup mode, you
> have
> > > to
> > > > > > > manually configure who the primary router is and who the
> secondary
> > > > > router is
> > > > > > > and hence you do not need the word redundancy.
> > > > > > >
> > > > > > > When you configure SNAT in HSRP mode, SNAT follows what HSRP
> tells
> > > it to
> > > > > > > hence you use the word redundancy to tie the two together.
> > > > > > >
> > > > > > > HTH,
> > > > > > > Tarun
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > On 11/6/07, Gregory Gombas <ggombas@gmail.com > wrote:
> > > > > > > >
> > > > > > > > I'm not sure I follow?
> > > > > > > >
> > > > > > > > Let me restate the question and I hope Narbik himself can
> chime in
> > > > > here.
> > > > > > > > There seem to be three different ways to configure NAT
> redundancy:
> > > > > > > >
> > > > > > > > Scenario 1 - Static NAT with HSRP:
> > > > > > > > Step 1. Configure HSRP groups named HSRP-1
> > > > > > > > Step 2. Tie the group name to the static command as follows:
> > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1 redundancy
> HSRP-1
> > > > > > > >
> > > > > > > > Scenario 2 - Stateful NAT with HSRP:
> > > > > > > > Step 1. Configure HSRP groups named HSRP-1
> > > > > > > > Step 2. Tie the group name to the stateful NAT configuration
> as
> > > > > follows:
> > > > > > > > Router 2:
> > > > > > > > ip nat Stateful id 1
> > > > > > > > redundancy HSRP-1
> > > > > > > > mapping-id 10
> > > > > > > > Router 3:
> > > > > > > > ip nat Stateful id 2
> > > > > > > > redundancy HSRP-1
> > > > > > > > mapping-id 10
> > > > > > > >
> > > > > > > > Scenario 3 - Stateful NAT without HSRP (Primary/Backup):
> > > > > > > > PRIMARY:
> > > > > > > > ip nat Stateful id 1
> > > > > > > > primary 10.88.194.17
> > > > > > > > peer 10.88.194.18
> > > > > > > > mapping-id 10
> > > > > > > > BACKUP
> > > > > > > > ip nat Stateful id 2
> > > > > > > > backup 10.88.194.18
> > > > > > > > peer 10.88.194.17
> > > > > > > > mapping-id 10
> > > > > > > >
> > > > > > > > My questions is what is the first scenario for? What is the
> > > > > > > > significance of the redundacy keyword? How does it tie in with
> the
> > > > > > > > HSRP config?
> > > > > > > > How does that differ from configuring the two routers with
> static
> > > NAT
> > > > > > > > and no redundancy keyword????
> > > > > > > >
> > > > > > > >
> > > > > > > > On 11/6/07, Victor Cappuccio < vcappuccio@gmail.com> wrote:
> > > > > > > > > Hi Gregory,
> > > > > > > > > I had in CANTV this same issue, checking my old emails I
> found
> > > that
> > > > > > > > > probably this link could help a lot
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_white_paper0900aecd8052870b.shtml
> > > > > > > > > Also:
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://www.iphelp.ru/faq/29/cisconut2-CHP-13-SECT-3.html
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i2g.html#wp1079180
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t4/ftnthsrp.htm
> > > > > > > > >
> > > > > > > > > Also be aware that CPU Process utilization and memory is
> > > critical in
> > > > > > > this
> > > > > > > > > situation, using the using the following TCL Script to
> capture
> > > the
> > > > > > > number
> > > > > > > > > of translations and using the show ip nat statistics to
> > > determine
> > > > > the
> > > > > > > > > number of dynamic entries created in the NAT tables such as
> in:
> > > > > Active
> > > > > > > as to
> > > > > > > > > Standby
> > > > > > > > >
> > > > > > > > > proc SNAT { DURANTE interval } {
> > > > > > > > > set end [expr [clock seconds] + $DURANTE]
> > > > > > > > > set cur [clock seconds]
> > > > > > > > > set interval "${INTEVALO}000"
> > > > > > > > > while { $cur < $end } {
> > > > > > > > > show clock
> > > > > > > > > show IP NAT sta | inc To
> > > > > > > > > show proc cpu | exc 0.00
> > > > > > > > > show memory statistics
> > > > > > > > > puts "\n"
> > > > > > > > > after $TIEMPO
> > > > > > > > > set cur [clock seconds]
> > > > > > > > > }
> > > > > > > > > }
> > > > > > > > >
> > > > > > > > > My 2 cents
> > > > > > > > >
> > > > > > > > > Victor Cappuccio
> > > > > > > > > www.vcappuccio.wordpress.com
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > On Nov 6, 2007 3:51 PM, Gregory Gombas < ggombas@gmail.com >
> > > wrote:
> > > > > > > > > >
> > > > > > > > > > Can someone please explain what the redundancy keyword at
> the
> > > end
> > > > > of a
> > > > > > > > > > static nat statement does? For example:
> > > > > > > > > >
> > > > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1
> redundancy
> > > HSRP-1
> > > > > > > > > >
> > > > > > > > > > We tried the configuration from Narkbik's NAT lab
> excercise
> > > #9,
> > > > > and we
> > > > > > > > > > found that failover worked the same with or without the
> > > redundancy
> > > > > > > > > > keyword:
> > > > > > > > > >
> > > > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1
> > > > > > > > > >
> > > > > > > > > > Here is the relevant configuration:
> > > > > > > > > >
> > > > > > > > > > On R2
> > > > > > > > > > interface FastEthernet0/0
> > > > > > > > > > Standby 1 ip 10.1.123.100
> > > > > > > > > > Standby 1 priority 110
> > > > > > > > > > Standby 1 preempt
> > > > > > > > > > Standby 1 name HSRP-1
> > > > > > > > > > Standby 1 track FastEthernet0/1 50
> > > > > > > > > > ip nat inside
> > > > > > > > > >
> > > > > > > > > > interface FastEthernet0/1
> > > > > > > > > > Standby 2 ip 200.1.1.100
> > > > > > > > > > Standby 2 priority 110
> > > > > > > > > > Standby 2 preempt
> > > > > > > > > > Standby 2 track FastEthernet0/0 50
> > > > > > > > > > ip nat outside
> > > > > > > > > >
> > > > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1
> redundancy
> > > HSRP-1
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > On R3
> > > > > > > > > > Interface FastEthernet0/0
> > > > > > > > > > Standby 1 ip 10.1.123.100
> > > > > > > > > > Standby 1 preempt
> > > > > > > > > > Standby 1 name HSRP-1
> > > > > > > > > > ip nat inside
> > > > > > > > > >
> > > > > > > > > > Interface FastEthernet0/1
> > > > > > > > > > Standby 2 ip 200.1.1.100
> > > > > > > > > > Standby 2 priority 100
> > > > > > > > > > Standby 2 preempt
> > > > > > > > > > ip nat outside
> > > > > > > > > >
> > > > > > > > > > Ip nat inside source static 10.1.123.1 192.1.1.1
> redundancy
> > > HSRP-1
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> _______________________________________________________________________
> > > > > > > > > > Subscription information may be found at:
> > > > > > > > > >
> http://www.groupstudy.com/list/CCIELab.html
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > >
> > >
> _______________________________________________________________________
> > > > > > > > Subscription information may be found at:
> > > > > > > > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART