Is there a way to get output for outside global addresses ? I would like to do this so I could backtrack what translations relate to my inside ip’s, etc ?
I mean I would like to look for outside global destinations but I don’t know a command to type that would list all the outside global addresses or specific outside global address. Like in the output below, how would I type a command to look only for entries relating to 11.22.33.44 ? (maybe this is what logging is for ! … but would be nice to know if the IOS XR or CGN cli has something for this) RP/0/RSP0/CPU0:eng-lab-9k-1#sh cgn nat44 nat1 session protocol tcp inside-vrf six inside-address 10.144.0.11 port 50430 Tue Dec 15 14:24:11.878 CST ------------------------------------------------------ NAT44 instance : nat1 ------------------------------------------------------ Outside Address : 99.88.77.66 Outside Port : 2762 Translation Type : dynamic Protocol : tcp ------------------------------------------------------ Destination Address Destination Port ------------------------------------------------------ 11.22.33.44 20480 Aaron From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Friday, November 06, 2015 3:18 PM To: Aaron; cisco-nsp@puck.nether.net; Aftab Siddiqui; quinn snyder Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500 Hi, We use them inside our PEs (so it's MPLS in, MPLS out). The thing is those cards are effectively completely independent from the IOS XR setup (they run their own linux (in case of VSM on top of KVM)). The 9K forwards pure IP packets towards them (the interfaces of that card are visible in the config as ServiceAppX and ServiceAppX+1) and receives pure IP packets, so the card is an internal 'CE'. kind regards Pshem On Sat, 7 Nov 2015 at 05:43 Aaron <aar...@gvtc.com> wrote: Q/Pshem/Aftab, et al, I think what I'm asking is that I want to ensure that I can do something that I guess would be termed PE-CGN... borrowing and combining the terms CGN (ios xr term I guess) and PE NAT (vrf aware, ios term I guess). PE-CGN I guess meaning CGN integration with MPLS L3VPN So basically, I would want my asr9k mpls pe which is sitting on my internet boundary (mpls side is inside towards *my* mpls cloud) to house the vsm cgn module and do nat there. So I think I would be disposing of labels hopefully before the nat inside of vsm, and in the reverse direction, imposing labels after the nat inside of the vsm Aaron -----Original Message----- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Aaron Sent: Thursday, November 05, 2015 9:28 PM To: 'Pshem Kowalczyk'; cisco-nsp@puck.nether.net; 'Aftab Siddiqui' Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500 Thanks Pshem and Aftab, I will be glad to share my findings later with you all and the community. Aftab, I looked over your notes and I see you show 3 examples… 1 – vrf inside and default/core vrf outside 2 – vrf inside and vrf outside 3 – ABF (acl based forwarding) But please tell me how you think my scenario would be config’d. My scenario is mpls default/core vrf inside, and vrf outside. I’m guessing that it’s the opposite of your example #1, but just wanted to ask you what you think. Aaron From: Pshem Kowalczyk [mailto:pshe...@gmail.com] Sent: Thursday, November 05, 2015 7:58 PM To: Aaron; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] ASR9006 - CG NAT - VSM-500 Hi, We use the previous non-virtualised cards (ISM-100) in our 9Ks. The experience has been generally positive. The configuration is quite simple and the cards work well. Do spend some time analysing various limitations of the card (pool sizes, throughput per ServiceApp pair, allowed bulk allocation sizes (if you plan on bulk allocation)). I'm interested in knowing the results of your tests, as we're told by the BU that if we want more throughput we'll have to go to VSM anyway. kind regards Pshem On Fri, 6 Nov 2015 at 06:24 Aaron <aar...@gvtc.com> wrote: Hi Group, I'm going to test Nat on my ASR9006 in my lab using the RSP440-TR and the VSM-500. Looking for any links to information or experience you all might have on how to get going on this. I'm looking for this to be implemented at my internet boundary ASR9k so I will test it like that in the lab. My asr9k at my internet boundary is the PE Edge of my mpls l3vpn's internal to my network, so the nat would need to work like that. The asr9k internet connection is PE-CE bgp, native ip connection put into my internet vrf for my internal customer vrf. Same vrf. Aaron _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
