Actually i am doing Static-Nat 1:1 :( Rgds, Gokhan
On Mon, Jan 10, 2011 at 1:55 PM, Alex <alex.arsen...@gmail.com> wrote: > Actually on a second thought I reckon You might be able to achieve > physical-box NAT redundancy using static NAT and IP-ALG but: > 1/ it is not scalable (static NAT is 1:1) > 2/ I never tried this myself :-) > Where the port translation is involved the sequence of events is as I > described below. > Rgds > Alex > > > ----- Original Message ----- > *From:* Gökhan Gümüş <ggu...@gmail.com> > *To:* Alex <alex.arsen...@gmail.com> > *Cc:* juniper-nsp@puck.nether.net > *Sent:* Monday, January 10, 2011 12:46 PM > *Subject:* Re: [j-nsp] NAT Redundancy on Juniper routers > > Hi Alex, > > Thanks for the response. > So there is nothing i can do at this moment :( > > Regards, > Gokhan > > On Mon, Jan 10, 2011 at 1:43 PM, Alex <alex.arsen...@gmail.com> wrote: > >> Hello Gokhan Gumus, >> AFAIK this is not possible at the moment since flows are not shared >> between MSDPCs even inside same MX box let alone different physical boxes. >> So if R1 goes down the: >> 1/ TCP flows need to reestablish starting from 3-way handshake >> 2/ UDP flows with ALG need to reestablish starting from scratch (every ALG >> has different procedures) >> 3/ non-ALG UDP flows _can_ continue as if nothing happened depending on >> protocol, e.g. p2p UDP flows will resume from last xferred piece >> 4/ ICMP flows continue as if nothing happened >> If you need physical-box-redundant NAT I'd suggest to use SRX cluster. >> HTH >> Rgds >> Alex >> >> ----- Original Message ----- From: "Gökhan Gümüs" <ggu...@gmail.com> >> To: <juniper-nsp@puck.nether.net> >> Sent: Monday, January 10, 2011 12:15 PM >> Subject: [j-nsp] NAT Redundancy on Juniper routers >> >> >> Hi all, >>> >>> I am trying to achieve redundancy on Juniper routers while performing >>> NAT. >>> >>> I have two Juniper MX960 router on the backbone with VRRP setup.I am >>> configuring NAT on R1 successfull.Same NAT rules are existing on the >>> other >>> router but on R2,static route which is pointing sp interface is >>> deactivated.Is there anyway to achieve automatic failover capability on >>> NAT?In other words if something happened on R1, can R2 handle all NAT >>> process without doing anything? >>> >>> Kind regards, >>> Gokhan Gumus >>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp >>> >>> >> > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
