RE: IP NAT INSIDE SOURCE with HSRP Redundancy? from Timothy Chin on 2009-10-26 (Ccielab archives 10/2009)

From: Timothy Chin <tim_at_1c-solutions.com>
Date: Mon, 26 Oct 2009 02:03:50 -0400

The active HSRP router will answer the arp queries using the outside
interface BIA MAC on initial inbound traffic destined for the static NAT
IP.
I'm using this on my network at home. Take a look at the output of a
"show arp" for one of my static IP addresses.

Active router:

Protocol Address Age (min) Hardware Addr Type Interface
Internet 96.57.114.170 - 001a.2f7f.0fc9 ARPA
FastEthernet0/1
Internet 96.57.114.171 - 001a.2f7f.0fc9 ARPA
FastEthernet0/1

96.57.114.170 is the active router's public IP and 96.57.114.171 is a
NAT IP.

The standby router will not have the NAT IP in its table:

Protocol Address Age (min) Hardware Addr Type Interface
Internet 96.57.114.173 - 0009.7cdc.2f61 ARPA
FastEthernet0/1

96.57.114.173 is the standby router's public IP but the NAT IP does not
appear in the table.

Now after shutting down the active router's inside interface:

Standby router (Now active):

Protocol Address Age (min) Hardware Addr Type Interface
Internet 96.57.114.171 - 0009.7cdc.2f61 ARPA
FastEthernet0/1
Internet 96.57.114.173 - 0009.7cdc.2f61 ARPA
FastEthernet0/1

HTH

Timothy Chin
CCIE #23866 (R&S)

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
groupstudy_at_nyms.net
Sent: Sunday, October 25, 2009 2:41 PM
To: ccielab_at_groupstudy.com
Subject: IP NAT INSIDE SOURCE with HSRP Redundancy?

I found a previous thread on this here:
http://www.groupstudy.com/archives/ccielab/200711/msg00420.html
The question never seems to get answered and I am stuck trying to
explain it.
What does the REDUNDANCY <hsrpgroup> switch do on the IP NAT INSIDE
SOURCE command?
The only explanations I can find are that it prevents unpredictable
NATting by allowing only the active HSRP router to perform the NAT (by
answering ARP with it's BIA MAC). Surely any packet to be NATted will
only ever arrive at the active router and will use the virtual MAC of
the HSRP address?

Cisco site says "Enables the router to respond to ARP queries using BIA
MAC, if HSRP is configured on the NAT inside interface."

What ARP queries are we talking about? I can't see how it's relevant for
a static source translation. Arp for HSRP def gate give virtual mac,
translated, arp for dest ip, then arp for HSRP def gate in reverse
direction gives another virtual mac, then arp for original source.

Can anyone help me out here? What am I missing - apart from my entire
weekend?
Thanks!

Blogs and organic groups at http://www.ccie.net
Received on Mon Oct 26 2009 - 02:03:50 ART

This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:51:00 ART