SRX Services Gateway
SRX Services Gateway

Advertise NAT pools to BGP

[ Edited ]
09.01.10   |  
‎09-01-2010 06:08 AM

NAT Pools:

1.1.1.0/24

2.2.2.0/24

3.3.3.0/24

 

SRX has interface in only one of these networks (1.1.1.1) with a BGP peer at 1.1.1.254.

 

Since 1.1.1.0/24 is active in our routing table, no problem getting that into our BGP advertisement.

 

What is the most appropriate way to inject the 2.2.2.0/24 and 3.3.3.0/24 NAT pools into BGP?

 

Static route with discard action? Static route with receive action? Other?

4 REPLIES
Highlighted
SRX Services Gateway

Re: Advertise NAT pools to BGP

09.01.10   |  
‎09-01-2010 08:06 AM

My standard method is to create a discard static route and use that for the BGP export.

 

There are other methods. Choose one you like best. I like discard, it's worked well for me.

 

Like this:

 

routing-options {
    static {
        route 2.0.0.0/24 discard;

  }

}

 

policy-options {
    policy-statement public-to-bgp {
        from {
            protocol static;
            route-filter 2.0.0.0/24 exact;
        }
        then accept;
    }
}

 

protocols {
    bgp {
        export public-to-bgp;

  }

}

SRX Services Gateway

Re: Advertise NAT pools to BGP

09.01.10   |  
‎09-01-2010 11:46 AM
That works. I guess the NAT process grabs it before it actually discards it. It seemed to work that way but it felt counter-intuitive to tell it to discard traffic destined for a network for which I wanted to receive traffic. Thanks for the reply.
SRX Services Gateway

Re: Advertise NAT pools to BGP

06.29.15   |  
‎06-29-2015 11:50 PM

Hey

Is there a more specific route installed?

If I look at the flow-chart for sessions:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16110&smlogin=true

 

- then source-NAT comes after route-lookup

SRX Services Gateway

Re: Advertise NAT pools to BGP

05.04.17   |  
‎05-04-2017 05:33 AM

Just saw your response (I know it's been a few years), but I've been working through the same solution for a customer that has two upstream routers:

 

I think the reason that this works is that traffic TO the source-nat prefix would always be part of an existing session (eg: outbound traffic has already been source-NATted, return traffic is coming back to the advertised prefixes), so in the SRX Order of Operations, it would skip straight to the Existing Sessions section and avoid route look-up.

Ben Dale
JNCIP-ENT, JNCIP-SP, JNCIP-DC, JNCIE-SEC #63
Juniper Ambassador
Follow me @labelswitcher