Configuring NAT for High Availability
ErrorMessage : Error while constructing the Hinav

null
Downloads: This chapterpdf (PDF - 167.0KB) | Feedback

Configuring NAT for High Availability

Table Of Contents

Configuring NAT for High Availability

Finding Feature Information

Contents

Prerequisites for Configuring NAT for High Availability

Information About Configuring NAT for High Availability

Static Mapping Support with HSRP for High Availability Feature Overview

Address Resolution with ARP

How to Configure NAT for High Availability

Configuring NAT Static Mapping Support for HSRP

Restrictions for Configuring Static Mapping Support for HSRP

Benefits of Configuring Static Mapping Support for HSRP

Enabling HSRP on the NAT Interface

Enabling Static NAT in an HSRP Environment

Configuration Examples for NAT for High Availability

Configuring Static NAT in an HSRP Environment: Examples

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for Configuring NAT for High Availability


Configuring NAT for High Availability


First Published: May 2, 2005
Last Updated: May 4, 2009

This module contains procedures for configuring Network Address Translation (NAT) to support the increasing need for highly resilient IP networks. This network resiliency is required where application connectivity needs to continue unaffected by failures to links and routers at the NAT border.

Finding Feature Information

For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for Configuring NAT for High Availability" section.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS XE software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Configuring NAT for High Availability

Information About Configuring NAT for High Availability

How to Configure NAT for High Availability

Configuration Examples for NAT for High Availability

Additional References

Feature Information for Configuring NAT for High Availability

Prerequisites for Configuring NAT for High Availability

To understand how High Availability (HA) is implemented on the Cisco ASR 1000 Series Aggregation Services Routers, read the "High Availability Overview" chapter in the Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide.

Information About Configuring NAT for High Availability

To configure NAT for High Availability, you should understand the following concepts:

Static Mapping Support with HSRP for High Availability Feature Overview

Address Resolution with ARP

Static Mapping Support with HSRP for High Availability Feature Overview

When an Address Resolution Protocol (ARP) query is triggered for an address that is configured with NAT static mapping and owned by the router, NAT responds with the burned in MAC (BIA MAC) address on the interface to which the ARP is pointing. Two routers are acting as HSRP active and standby. Their NAT inside interfaces must be enabled and configured to belong to a group.

Address Resolution with ARP

A device in IP can have both a local address (which uniquely identifies the device on its local segment or LAN) and a network address (which identifies the network to which the device belongs). The local address is more properly known as a data link address because it is contained in the data link layer (Layer 2 of the OSI model) part of the packet header and is read by data-link devices (bridges and all device interfaces, for example). The local address is referred to as the MAC address, because the MAC sub-layer within the data link layer processes addresses for the layer.

To communicate with a device on Ethernet, for example, the Cisco IOS XE software first must determine the 48-bit MAC or local data-link address of that device. The process of determining the local data-link address from an IP address is called address resolution. The process of determining the IP address from a local data-link address is called reverse address resolution.

The software uses three forms of address resolution: Address Resolution Protocol (ARP), proxy ARP, and Probe (similar to ARP). The software also uses the Reverse Address Resolution Protocol (RARP). ARP, proxy ARP, and RARP are defined in RFCs 826, 1027, and 903, respectively. Probe is a protocol developed by the Hewlett-Packard Company (HP) for use on IEEE-802.3 networks.

ARP is used to associate IP addresses with media or MAC addresses. Taking an IP address as input, ARP determines the associated media address. Once a media or MAC address is determined, the IP address or media address association is stored in an ARP cache for rapid retrieval. Then the IP datagram is encapsulated in a link-layer frame and sent over the network. Encapsulation of IP datagrams and ARP requests and replies on IEEE 802 networks other than Ethernet is specified by the Subnetwork Access Protocol (SNAP).

How to Configure NAT for High Availability

This module contains one method for configuring NAT for high availability:

Configuring NAT Static Mapping Support for HSRP (optional)

Configuring NAT Static Mapping Support for HSRP

Both of the following tasks are required and must be performed on both the active and standby routers to configure NAT static mapping support for HSRP:

Enabling HSRP on the NAT Interface (required)

Enabling Static NAT in an HSRP Environment (required)

Restrictions for Configuring Static Mapping Support for HSRP

Configuring static mapping support for HSRP provides NAT support in the presence of HSRP using static mapping configuration only.

Static NAT mappings must be mirrored on two or more HSRP routers, because the NAT state will not be exchanged between the routers running NAT in an HSRP group.

Behavior will be unpredictable if both HSRP routers have the same static NAT and are not configured with the hsrp keyword linking them to the same HSRP group.

Benefits of Configuring Static Mapping Support for HSRP

Using static mapping support for HSRP, failover is ensured without having to time out and repopulate upstream ARP caches in a high-availability environment, where HSRP router pairs have identical NAT configuration for redundancy.

Static mapping support for HSRP allows the option of having only the HSRP active router respond to an incoming ARP for a router configured with a NAT address.

Enabling HSRP on the NAT Interface

Perform this task to enable HSRP on the NAT interface of both the active and standby routers.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number

4. ip address ip-address mask

5. no ip redirects

6. ip nat {inside | outside}

7. standby [group-number] ip [ip-address [secondary]]

8. standby name [group-name]

9. end

10. show standby

11. show ip nat translations [verbose]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number

Example:

Router(config)# interface GigabitEthernet 0/0/0

Enters interface configuration mode.

Step 4 

ip address ip-address mask

Example:

Router(config-if)# ip address 192.168.1.27 255.255.255.0

Sets the primary IP address on the interface.

Step 5 

no ip redirects

Example:

Router(config-if)# no ip redirects

Disables the sending of redirect messages

Step 6 

ip nat {inside | outside}

Example:

Router(config-if)# ip nat inside

Marks the interface as connected to the inside or outside.

Step 7 

standby [group-number] ip [ip-address [secondary]]

Example:

Router(config-if)# standby 10 ip 192.168.5.30

Enables the HSRP protocol.

Step 8 

standby [group-number] name [group-name]

Example:

Router(config-if)# standby 10 name HSRP1

Sets the HSRP group name.

Step 9 

end

Example:

Router(config-if)# end

Returns to privileged EXEC mode.

Step 10 

show standby

Example:

Router# show standby

(Optional) Displays HSRP information

Step 11 

show ip nat translations [verbose]

Example:

Router# show ip nat translations verbose

(Optional) Displays active NAT translations.


Enabling Static NAT in an HSRP Environment

To enable static mapping support with HRSP for high availability, perform this task on both the active and standby routers.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip nat inside source static local-ip global- ip redundancy group-name

4. ip nat outside source static local-ip global- ip redundancy group-name

5. end

6. show ip nat translations [verbose]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables higher privilege levels, such as privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip nat inside source static local-ip global-ip redundancy group-name

Example:

Router(config)# ip nat inside source static 192.168.5.33 10.10.10.5 redundancy HSRP1

Enables the router to respond to ARP queries using BIA MAC, if HSRP is configured on the NAT inside interface.

Step 4 

ip nat outside source static local-ip global-ip redundancy group-name

Example:

Router(config)# ip nat outside source static 192.168.5.33 10.10.10.5 redundancy HSRP1

Enables the router to respond to ARP queries using BIA MAC, if HSRP is configured on the NAT outside interface.

Step 5 

end

Example:

Router(config-if)# end

Returns to privileged EXEC mode.

Step 6 

show ip nat translations [verbose]

Example:

Router# show ip nat translations verbose

(Optional) Displays active NAT translations.


Configuration Examples for NAT for High Availability

This section provides the following configuration example:

Configuring Static NAT in an HSRP Environment: Examples

Configuring Static NAT in an HSRP Environment: Examples

The following example shows support for NAT with a static configuration in an HSRP environment. Two routers are acting as HSRP active and standby, and the NAT inside interfaces are HSRP enabled and configured to belong to the group HSRP1.

Active Router Configuration

interface GigabitEthernet 0/1/1
 ip address 192.168.5.54 255.255.255.255.0 
 no ip redirects 
 ip nat inside 
 standby 10 priority 105 preempt 
 standby 10 name HSRP1 
 standby 10 ip 192.168.5.30 
 standby 10 track GigabitEthernet0/0/0 
! 
! 
 ip default-gateway 10.0.18.126 
 ip nat inside source static 192.168.5.33 10.10.10.5 redundancy HSRP1 
 ip classless 
 ip route 10.10.10.0 255.255.255.0 GigabitEthernet0/0/0 
 ip route 172.22.33.0 255.255.255.0 GigabitEthernet0/0/0 
 no ip http server 

Standby Router Configuration

interface GigabitEthernet 0/1/1
 ip address 192.168.5.56 255.255.255.255.0 
 no ip redirects 
 ip nat inside 
 standby 10 priority 100 preempt 
 standby 10 name HSRP1 
 standby 10 ip 192.168.5.30 
 standby 10 track GigabitEthernet0/0/1 
! 
 ip default-gateway 10.0.18.126 
 ip nat inside source static 192.168.5.33 3.3.3.5 redundancy HSRP1 
 ip classless 
 ip route 10.0.32.231 255.255.255 GigabitEthernet0/0/1 
 ip route 10.10.10.0 255.255.255.0 GigabitEthernet0/0/1 
 no ip http server 

Additional References

The following sections provide references related to NAT for high availability.

Related Documents

Related Topic
Document Title

High Availability on the Cisco ASR 1000 Series Aggregation Services Routers

"High Availability Overview" chapter in the Cisco ASR Series 1000 Aggregation Services Routers Software Configuration Guide

Cisco IOS XE ISSU NAT

"Cisco IOS XE In Service Software Upgrade Process" module

NAT configuration tasks

"Configuring NAT for IP Address Conservation" module

NAT commands: complete command syntax, command mode, command history, usage guidelines, and examples

Cisco IOS IP Addressing Services Command Reference

IP addressing configuration tasks and concepts.

Cisco IOS XE IP Addressing Services Configuration Guide


Standards

Standards
Title

None

 

MIBs

MIBs
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS XE software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

RFC 826

Ethernet Address Resolution Protocol: Or converting network protocol addresses to 48.bit Ethernet address for transmission on Ethernet hardware

RFC 903

Reverse Address Resolution Protocol

RFC 1027

Using ARP to implement transparent subnet gateways


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Feature Information for Configuring NAT for High Availability

Table 1 lists the features in this module and provides links to specific configuration information.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS XE software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 1 lists only the Cisco IOS XE software release that introduced support for a given feature in a given Cisco IOS XE software release train. Unless noted otherwise, subsequent releases of that Cisco IOS XE software release train also support that feature.


Table 1 Feature Information for Configuring NAT for High Availability 

Feature Name
Releases
Feature Configuration Information

NAT—Static Mapping Support with HSRP for High Availability

Cisco IOS XE Release 2.1

Static mapping support for HSRP allows the option of having only the HSRP active router respond to an incoming ARP for a router configured with a NAT address.

The following sections provide information about this feature:

"Configuring NAT Static Mapping Support for HSRP" section

"Configuring Static NAT in an HSRP Environment: Examples" section