Comware

 View Only
last person joined: 5 days ago 

Multi-peer BGP Issue with NAT

This thread has been viewed 0 times
  • 1.  Multi-peer BGP Issue with NAT

    Posted Jul 03, 2018 03:33 PM

    I am running an HPE MSR3044 router.  I have a bgp session setup as follows with my ISP with one link between us and I have implemented NAT444 and it has worked well.  I've obviously changed the IP addresses below for security purposes in this post.  

    bgp 65004
    router-id 7.7.7.7
    peer 9.1.1.1 as-number 27446
    peer 9.1.1.2 as-number 27446
    #
    address-family ipv4 unicast
    dampening
    network 8.8.20.0 255.255.255.0
    network 8.8.21.0 255.255.255.0
    peer 9.1.1.1 enable
    peer 9.1.1.2 enable

    The port where I have the link to my ISP is configured as follows:

    interface GigabitEthernet5/3
    port link-mode route
    ip address 9.1.1.3 255.255.255.248
    nat outbound port-preserved disable
    nat outbound port-block-group 1
    nat outbound port-block-group 2

    Now for my problem.  I have been allocated a 2nd port between myself and my ISP for additional bandwidth.  I have added the new meeting point into my BGP session and I can successfully send traffic over both ports between us.  However, I am having intermittent NAT and connectivity issues with this setup.  My new BGP setup with both sets of peers is as follows:

     bgp 65004
    router-id 7.7.7.7
    peer 9.1.1.1 as-number 27446
    peer 9.1.1.2 as-number 27446
    peer 9.2.2.1 as-number 27446
    peer 9.2.2.2 as-number 27446
    #
    address-family ipv4 unicast
    dampening
    balance 2
    network 8.8.20.0 255.255.255.0
    network 8.8.21.0 255.255.255.0
    peer 9.1.1.1 enable
    peer 9.1.1.2 enable
    peer 9.2.2.1 enable
    peer 9.2.2.2 enable

    The 2nd interface is configured identical to the first one and is as follows:

    interface GigabitEthernet5/2
    port link-mode route
    ip address 9.2.2.3 255.255.255.248
    nat outbound port-preserved disable
    nat outbound port-block-group 1
    nat outbound port-block-group 2

    I have added the following command to my config but it hasn't helped

    nat port-block global-share enable

    Ideally I just need for packets from the same source to be routed out a single interface.  It appears that packets from a source are traversing both paths and thus having issue with return traffic, especially NAT involved addresses.  My ISP has a Cisco router on the other end and it may be something in their configuration but since I'm doing NAT on my end I'm pretty sure I'm missing something in my config.  Additionally, it seems that when I do any kind of route aggregation or multi-path setup between us my performance takes a hit instead of improving as one would expect.  By performance I mean more packet loss and less bandwidth than with a single port.  What am I doing wrong?

     


    #NAT444
    #BGP
    #NAT