Routing
Reply
Visitor
oalfageme
Posts: 2
Registered: ‎05-02-2011
0

MS-PIC redundancy in Carrier Grade NAT

Hello,

 

I'm trying to configure n+1 redundancy of MS-PICs in a M10i with a Carrier Grade NAT config, but I've been unable to find any example. I don't see how to configure this standby MS-PIC able to cope with any other MS-PIC's translations. CGNAT Implementation Guide (http://www.juniper.net/us/en/local/pdf/implementation-guides/8010076-en.pdf) and CGNAT webinar (http://juniper-emea.net/content/ipv6webreg) are great references, but they don't mention the way to configure this redundancy. I would be grateful if somebody could post a sample config or reference.

 

Thanks in advance

 

Regards

 

Octavio

Distinguished Expert
aarseniev
Posts: 1,679
Registered: ‎08-21-2009
0

Re: MS-PIC redundancy in Carrier Grade NAT

[ Edited ]

Hello there,

Assuming you have 3 MS-PICs (2 working and 1 warm-standby) here is the config example:

 

    rsp0 {
        redundancy-options {
            primary sp-1/1/0;
            secondary sp-1/3/0;
            warm-standby;
        }
         unit 0 {
            family inet;
        }
    }
    rsp1 {
        redundancy-options {
            primary sp-1/2/0;
            secondary sp-1/3/0;
            warm-standby;
        }
         unit 0 {
            family inet;
        }
    }

And then use rsp0|rsp1 in Your favourite service-set(s).

You can use just unit 0 in interface-style service-set(s). To use NH-style services, add more units to rsp0|rsp1.

You don't need to configure sp-* member interfaces.

HTH

Rgds

Alex

 

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Visitor
oalfageme
Posts: 2
Registered: ‎05-02-2011
0

Re: MS-PIC redundancy in Carrier Grade NAT

Thanks a lot, Alex. I was looking for the redundancy in the wrong part of the config, in the service-sets. ;-)  It's really simple redundancy config!!!

 

Thank you very much for your help

 

Regards

 

Octavio

Visitor
rhsu
Posts: 1
Registered: ‎12-18-2010
0

Re: MS-PIC redundancy in Carrier Grade NAT

Hello Octavio

 

One of my customer want to purchase another ms-pic for redundancy on M320 and doing following function

would you please share your experience to me if your customer also enable these function and do you have hit any problem ??

thanks very much

 

Customer enable function as

  1. NAT
  2. IPsec tunnel
  3. GRE tunnel
  4. Firewall   
JJJ
Regular Visitor
JJJ
Posts: 7
Registered: ‎04-28-2009
0

Re: MS-PIC redundancy in Carrier Grade NAT

Hello Rick

 

The services supported in redundancy configurations include stateful firewall, NAT,
IDS, and IPsec. Services mounted on the AS or Multiservices PIC that use interface
types other than sp- interfaces, such as tunneling and voice services, are not supported.
For information on flow monitoring redundancy, see Configuring Services Interface
Redundancy with Flow Monitoring.

Trusted Contributor
acecanal
Posts: 149
Registered: ‎07-05-2011
0

Re: MS-PIC redundancy in Carrier Grade NAT

 

   Hi.

 

   This is part of a working configuration. We use redundancy in other ms dpc card. A npu, can only offer backup service for a single npu at same time. If you have two failed npu, will only have backup for one of this if you use same secondary sp interface. 

 


set interfaces rsp0 redundancy-options primary sp-1/0/0
set interfaces rsp0 redundancy-options secondary sp-2/0/0
set interfaces rsp0 redundancy-options warm-standby

 

set interfaces rsp1 redundancy-options primary sp-1/1/0
set interfaces rsp1 redundancy-options secondary sp-2/1/0
set interfaces rsp1 redundancy-options warm-standby

 

/* used as source address for syslog. */

set interfaces rsp0 unit 0 family inet address 1.1.1.1/24

set interfaces rsp0 unit 1 family inet
set interfaces rsp0 unit 1 service-domain inside

set interfaces rsp0 unit 2 family inet
set interfaces rsp0 unit 2 service-domain outside

 

set services service-set Service1 next-hop-service inside-service-interface rsp0.1
set services service-set Service1 next-hop-service outside-service-interface rsp0.2

 

 

set services service-set Service2 next-hop-service inside-service-interface rsp1.1
set services service-set Service2 next-hop-service outside-service-interface rsp1.2

 

set services service-set Service1 syslog host 1.1.1.100 services any
set services service-set Service1 syslog host 1.1.1.100 facility-override local1
set services service-set Service1 syslog host 1.1.1.100 log-prefix S1
set services service-set Service1 syslog host 1.1.1.100 class nat-logs

 

 

Br
Alex

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to say thanks, the word is Kudos!!.

Thx.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JNCIA-JUNOS, JNCIS-ENT, JNCIS-SP, JNCIP-SP.
CCNA, CCNP, Written CCIE.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.