Routing
Highlighted
Routing

Stateful NAT for J-Series routers?

[ Edited ]
‎09-25-2014 01:01 PM

Hello,

 

I have a remote office which has two links into our WAN. One circuit on each J-series router. Both running BGP and OSPF. Both routers connect to a common core switch (in this case an L3 EX-3200 switch) which is also running OSPF. Router A is the primary path in/out, while Router B is the backup path. The core is learning BGP routes from both routers (via route redistribution of BGP into OSPF), with Router B advertising its routes to the core with a higher metric. Return traffic routes back into Router A. All internal and internet traffic routes this path in/out.

 

We would like to use Router-A solely for internal business and Router-B for internet routing since that link is never utilized, however if I simply block the default route from being advertised to the core from Router-A, we get assymetric routing path (endpoint -> to core -> Router B for outbound). Return path would be (far end node -> Router A -> core sw).

 

I thought about NAT'ing internet destined traffic outbound, but then I would have to put in some special pre-pending of routes for the NAT address range being advertised out both routers. Additionally I run into the issue of what happens when the WAN link or BGP goes down, those TCP sessions get stuck and would have to reset. 

 

SO, here is my question, is there a way to implement stateful NAT so the session information is shared between the two WAN routers (very much like Cisco IP SNAT solution)? Keep in mind, both routers are currently in packet mode (not flow mode).

 

Or maybe there is a simpler solution such as using VRRP?

 

Any suggestions?

 

Thanks.

1 REPLY 1
Highlighted
Routing

Re: Stateful NAT for J-Series routers?

‎09-29-2014 01:26 AM

Hello there,

 


@Marc.almodovar@katz-media.com wrote:

 

SO, here is my question, is there a way to implement stateful NAT so the session information is shared between the two WAN routers (very much like Cisco IP SNAT solution)? Keep in mind, both routers are currently in packet mode (not flow mode).

 



Yes but not on J-series routers in packet mode.

You may want to convert them to flow-mode (+selective packet mode if need be) and build a cluster.

Thanks

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Feedback