NAT with HSRP

lamav · ‎06-09-2008

Folks:

What the heck does the "redundancy HSRP" part of this command mean?

ip nat inside source static 192.168.5.33 3.3.3.5 redundancy HSRP1

I am trying to get a full appreciation for the challenges of running NAT in a redundant environment, such as with HSRP, and I saw the following cryptic statement on a Cisco web page:

Feature Overview

When an Address Resolution Protocol (ARP) query is triggered for an address that is configured with Network Address Translation (NAT) static mapping and owned by the router, NAT responds with the BIA MAC address on the interface to which the ARP is pointing. Two routers are acting as HSRP active and standby. Their NAT inside interfaces must be enabled and configured to belong to a group.

Maybe its just me and Im being dense today, but this paragraph seems convoluted. An example to show what they mean would have been nice.

Cisco has some great white paprers and some outstanding explanations for different technologies, but it seems that the white papers for SNAT and NAT with HSRP are not one of them.Maybe its because the technology is relatively new. I also hate it when the grammar is poor and there are egregious punctuation erros in a document. It makes it difficult to read.

Anyway, can anyone clear the cloud from my brain? I mean as far as this is concerned. It would take God and his sister to clear ALL the fog from my head! LOL

Thanks, folks

Victor

Mark Yeates · ‎06-09-2008

Victor,

I'm not sure if I will be able clear the fog out of your head but I will try to help clear some of it. The redundancy (group) command will basically use the virtual IP address used in the particular HSRP instance. The configurations must be mirrored on each device. I do think that we are referencing the same article in regards to the ARP query, and I do find it quite confusing also. I do believe that HSRP will still work as it normally does by using the standard HSRP MAC address because it does say that "Static mapping support for HSRP allows the option of having only the HSRP active router respond to an incoming ARP for a router configured with a NAT address". That makes me think that all ARP queries will be directed to the HSRP address. Here is the article that I found.

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t4/feature/guide/ftnthsrp.html#wp1028476

HTH,

Mark

lamav · ‎06-10-2008

Thanks, Mark.

All I guess I am really asking is what the purpose of the "redundant HSRP1" keywords is. A NAT statement is created that says NAT this to that...OK...so what is the rest of that command doing?

I understand that it is part of mechanism to minimize downtime and maybe even prevent the need to have to rebuild the ARP cache on the secondary HSRP router when it has to start forwarding traffic...or maybe Im wrong about what I think I understand....this is what I need clarification on.

What are those keywords there for and how do they achieve their goal -- whatever that gol is?

Victor

lamav · ‎06-10-2008

Where are all the brains on here???

Jon? Rick? Edison? Joseph? Harold? Etc?

Victor

Mark Yeates · ‎06-10-2008

The command enables the router to respond to ARP queries using BIA MAC if HSRP is configured on the NAT inside interface.The goal is to statefully keep track of the ARP queries between the active and standby routers. The difference between using the virtual IP vs the HSRP redundancy command in the static map is the MAC address that is used. Hope this helps

Mark

lamav · ‎06-10-2008

Mark:

Thank you kindly for your time and effort. I appreciate it.

Victor