Routing
Routing

MS-PIC redundancy in Carrier Grade NAT

09.15.11   |  
‎09-15-2011 12:19 AM

Hello,

 

I'm trying to configure n+1 redundancy of MS-PICs in a M10i with a Carrier Grade NAT config, but I've been unable to find any example. I don't see how to configure this standby MS-PIC able to cope with any other MS-PIC's translations. CGNAT Implementation Guide (http://www.juniper.net/us/en/local/pdf/implementation-guides/8010076-en.pdf) and CGNAT webinar (http://juniper-emea.net/content/ipv6webreg) are great references, but they don't mention the way to configure this redundancy. I would be grateful if somebody could post a sample config or reference.

 

Thanks in advance

 

Regards

 

Octavio

5 REPLIES
Routing

Re: MS-PIC redundancy in Carrier Grade NAT

[ Edited ]
09.15.11   |  
‎09-15-2011 01:09 AM

Hello there,

Assuming you have 3 MS-PICs (2 working and 1 warm-standby) here is the config example:

 

    rsp0 {
        redundancy-options {
            primary sp-1/1/0;
            secondary sp-1/3/0;
            warm-standby;
        }
         unit 0 {
            family inet;
        }
    }
    rsp1 {
        redundancy-options {
            primary sp-1/2/0;
            secondary sp-1/3/0;
            warm-standby;
        }
         unit 0 {
            family inet;
        }
    }

And then use rsp0|rsp1 in Your favourite service-set(s).

You can use just unit 0 in interface-style service-set(s). To use NH-style services, add more units to rsp0|rsp1.

You don't need to configure sp-* member interfaces.

HTH

Rgds

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: MS-PIC redundancy in Carrier Grade NAT

09.15.11   |  
‎09-15-2011 02:42 AM

Thanks a lot, Alex. I was looking for the redundancy in the wrong part of the config, in the service-sets. ;-)  It's really simple redundancy config!!!

 

Thank you very much for your help

 

Regards

 

Octavio

Routing

Re: MS-PIC redundancy in Carrier Grade NAT

12.24.11   |  
‎12-24-2011 09:49 AM

Hello Octavio

 

One of my customer want to purchase another ms-pic for redundancy on M320 and doing following function

would you please share your experience to me if your customer also enable these function and do you have hit any problem ??

thanks very much

 

Customer enable function as

  1. NAT
  2. IPsec tunnel
  3. GRE tunnel
  4. Firewall   
Routing

Re: MS-PIC redundancy in Carrier Grade NAT

04.17.12   |  
‎04-17-2012 06:57 AM

Hello Rick

 

The services supported in redundancy configurations include stateful firewall, NAT,
IDS, and IPsec. Services mounted on the AS or Multiservices PIC that use interface
types other than sp- interfaces, such as tunneling and voice services, are not supported.
For information on flow monitoring redundancy, see Configuring Services Interface
Redundancy with Flow Monitoring.

Routing

Re: MS-PIC redundancy in Carrier Grade NAT

05.07.12   |  
‎05-07-2012 06:02 AM

 

   Hi.

 

   This is part of a working configuration. We use redundancy in other ms dpc card. A npu, can only offer backup service for a single npu at same time. If you have two failed npu, will only have backup for one of this if you use same secondary sp interface. 

 


set interfaces rsp0 redundancy-options primary sp-1/0/0
set interfaces rsp0 redundancy-options secondary sp-2/0/0
set interfaces rsp0 redundancy-options warm-standby

 

set interfaces rsp1 redundancy-options primary sp-1/1/0
set interfaces rsp1 redundancy-options secondary sp-2/1/0
set interfaces rsp1 redundancy-options warm-standby

 

/* used as source address for syslog. */

set interfaces rsp0 unit 0 family inet address 1.1.1.1/24

set interfaces rsp0 unit 1 family inet
set interfaces rsp0 unit 1 service-domain inside

set interfaces rsp0 unit 2 family inet
set interfaces rsp0 unit 2 service-domain outside

 

set services service-set Service1 next-hop-service inside-service-interface rsp0.1
set services service-set Service1 next-hop-service outside-service-interface rsp0.2

 

 

set services service-set Service2 next-hop-service inside-service-interface rsp1.1
set services service-set Service2 next-hop-service outside-service-interface rsp1.2

 

set services service-set Service1 syslog host 1.1.1.100 services any
set services service-set Service1 syslog host 1.1.1.100 facility-override local1
set services service-set Service1 syslog host 1.1.1.100 log-prefix S1
set services service-set Service1 syslog host 1.1.1.100 class nat-logs

 

 

Br
Alex

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to say thanks, the word is Kudos!!.

Thx.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JNCIA-JUNOS, JNCIS-ENT, JNCIS-SP, JNCIP-SP.
CCNA, CCNP, Written CCIE.