Использование NVI для организации NAT между VRF на Cisco ios (ISR G2)


Возникла тут необходимость запилить NAT между vrf.
Всё оказалось просто, хотя и местами не очевидно.



SPB-c3945-PE1#sh run vrf Internet
ip vrf Internet
 rd 65078:1
 route-target export 65078:1
 route-target import 65078:1
 maximum routes 1000 30
!
interface GigabitEthernet0/1.6
 description to_Internet_MT
 encapsulation dot1Q 6
 ip vrf forwarding Internet
 ip address 11.11.11.162 255.255.255.248
 ip nat enable
 ip virtual-reassembly in
!
router bgp 65000
 !
 address-family ipv4 vrf Internet
  redistribute connected
  redistribute static
  default-information originate
 exit-address-family
!
ip route vrf Internet 0.0.0.0 0.0.0.0 11.11.11.161 name default-for-vrf-Internet
end



SPB-c3945-PE1#sh run vrf NetAdmins
ip vrf NetAdmins
 rd 65000:155
 route-target export 65000:150
 route-target import 65000:150
 route-target import 65078:1
 maximum routes 1000 30
!
interface GigabitEthernet0/1.202
 description NetAdmins
 encapsulation dot1Q 202
 ip vrf forwarding NetAdmins
 ip address 10.0.10.161 255.255.255.224
 ip nat enable
!
router bgp 65000
 !
 address-family ipv4 vrf NetAdmins
  redistribute connected
  redistribute static
 exit-address-family
!


!
ip access-list extended LAN_NAT
 permit ip 10.0.0.0 0.255.255.255 any
!
ip nat pool MT-Pool 11.11.11.162 11.11.11.162 prefix-length 30
ip nat source list LAN_NAT pool MT-Pool vrf NetAdmins overload



SPB-c3945-PE1#sh ip ro vrf Internet                 
Routing Table: Internet
Gateway of last resort is 11.11.11.161 to network 0.0.0.0
S*    0.0.0.0/0 [1/0] via 11.11.11.161
      94.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        11.11.11.160/29 is directly connected, GigabitEthernet0/1.6
L        11.11.11.162/32 is directly connected, GigabitEthernet0/1.6


SPB-c3945-PE1#sh ip ro vrf NetAdmins
Routing Table: NetAdmins
Gateway of last resort is 11.11.11.161 to network 0.0.0.0
B*    0.0.0.0/0 [20/0] via 11.11.11.161 (Internet), 00:53:40
      10.0.0.0/8 is variably subnetted, 37 subnets, 9 masks
B        10.0.0.0/16 [200/0] via 10.77.19.1, 00:46:34
B        10.0.0.0/22 [200/0] via 10.77.19.1, 00:46:34
.....

SPB-c3945-PE1#sh ip nat nvi translations vrf NetAdmins
Pro Source global         Source local          Destin  local         Destin  global
udp 11.11.11.162:138    10.0.10.165:138       10.0.10.191:138       10.0.10.191:138
udp 11.11.11.162:1694   10.0.10.165:1694      64.4.23.142:40009     64.4.23.142:40009
udp 11.11.11.162:1694   10.0.10.165:1694      64.4.23.143:40009     64.4.23.143:40009
udp 11.11.11.162:1694   10.0.10.165:1694      64.4.23.146:40020     64.4.23.146:40020
udp 11.11.11.162:1694   10.0.10.165:1694      64.4.23.147:40003     64.4.23.147:40003
udp 11.11.11.162:1694   10.0.10.165:1694      64.4.23.157:40033     64.4.23.157:40033




SPB-c3945-PE1#sh ip nat nvi stati           
Total active translations: 157 (0 static, 157 dynamic; 157 extended)
NAT Enabled interfaces:
  GigabitEthernet0/1.6, GigabitEthernet0/1.202
Hits: 132618  Misses: 1896
CEF Translated packets: 45513, CEF Punted packets: 661
Expired translations: 1859
Dynamic mappings:
-- Source
[VRF: NetAdmins] [Id: 3] access-list LAN_NAT pool MT-Pool refcount 157
 pool MT-Pool: netmask 255.255.255.252
        start 11.11.11.162 end 11.11.11.162
        type generic, total addresses 1, allocated 1 (100%), misses 0
SPB-c3945-PE1#

Комментариев нет:

Отправить комментарий

Подписаться на: Комментарии к сообщению (Atom)