A10 CGNAT – LSN – Work, and stuff

Carrier Grade NAT or as A10 calls it – Large Scale NAT is simply source NAT with a few more configuration options. Here is what a configuration looks like inside of a partition on a VRRP-a cluster using the non-default VRID.

active-partition CGN
!
!
class-list CGN-INTERNAL-CLIENTS-CL-1       ## ACCESS LIST USED TO DETERMINE WHICH
  192.168.0.0/16 lsn-lid 1                 ## SOURCES SHOULD BE NATTED
!
vlan 1/101
  tagged ethernet 1
  router-interface ve 101
  name CGN_HA
!
vlan 2/101
  tagged ethernet 1
  router-interface ve 101
  name CGN_HA
!
fan-speed 50
!
interface ethernet 1/2
  name PUBLIC
  enable
  lldp enable rx tx
  lldp notification enable
  lldp tx-dot1-tlvs link-aggregation vlan
  ip address 34.34.34.5 255.255.255.0
  ip nat outside                                ## NAT CONFIG
!
interface ethernet 1/3
  name PRIVATE
  enable
  lldp enable rx tx
  lldp notification enable
  lldp tx-dot1-tlvs link-aggregation vlan
  ip address 192.168.0.5 255.255.255.0
  ip nat inside                                ## NAT CONFIG
!
interface ethernet 2/2
  name PUBLIC
  enable
  lldp enable rx tx
  lldp notification enable
  lldp tx-dot1-tlvs link-aggregation vlan
  ip address 34.34.34.6 255.255.255.0
  ip nat outside                                ## NAT CONFIG
!
interface ethernet 2/3
  name PRIVATE
  enable
  lldp enable rx tx
  lldp notification enable
  lldp tx-dot1-tlvs link-aggregation
  ip address 192.168.0.6 255.255.255.0
  ip nat inside                                ## NAT CONFIG
!
interface ve 1/101
  name CGN_HA
  ip address 10.10.101.253 255.255.255.0
!
interface ve 2/101
  name CGN_HA
  ip address 10.10.101.254 255.255.255.0
!
vrrp-a vrid 1
  floating-ip 34.34.34.4
  floating-ip 192.168.0.4
  device-context 1
    blade-parameters
      priority 200
      tracking-options
        interface ethernet 2 priority-cost 110   ## SHOULD EITHER INTERFACE FAIL
        interface ethernet 3 priority-cost 110   ## VRID WILL FAILOVER TO
  device-context 2                               ## SECONDARY DEVICE
    blade-parameters
      priority 100
!
device-context 1
  ip route 0.0.0.0 /0 34.34.34.1 1 description default
!
device-context 2
  ip route 0.0.0.0 /0 34.34.34.1 1 description default
!
cgnv6 lsn endpoint-independent-mapping tcp      ## ENABLE PORT TRANSLATION
  port 1024 to 65535                            ## NOT JUST ADDRESS TRANSLATION
!
cgnv6 lsn endpoint-independent-mapping udp
  port 1024 to 65535
!
cgnv6 lsn endpoint-independent-filtering tcp
  port 1024 to 65535
!
cgnv6 lsn endpoint-independent-filtering udp
  port 1024 to 65535
!
cgnv6 lsn inside source class-list CGN-INTERNAL-CLIENTS-CL-1 ## TIES ACCESS LIST
!                                                            ## TO GLOBAL CGN CONF 
cgnv6 nat pool LSN-POOL-1-VRID-1 88.88.88.1 88.88.88.254 netmask /24 vrid 1
!                                                            ## ADDRESS POOL
cgnv6 lsn icmp send-on-port-unavailable admin-filtered
!
cgnv6 nat pool-group LSN-POOL-GROUP-1-VRID-1 vrid 1    ## IF YOU HAVE MULTIPLE POOL
  member LSN-POOL-1-VRID-1                             ## PLACE THEM INTO A GROUP
!
cgnv6 lsn-lid 1                                    ## TIES ALL THE CONFIG
  name LSN-LID-1-VRID-1                            ## TOGETHER
  source-nat-pool LSN-POOL-GROUP-1-VRID-1
!
end
!Current config commit point for partition 1 is 0 & config mode is classical-mode

Share this:

Related

Leave a comment Cancel reply