routing options

Unanswered Question

Hi, i have a partner who wants to connect its single site with our 2 sites using ethernet over fiber. They have an ip pool which conflicts with an already ip pool advertised in our network. Our suggestion of implenting NAT has already been rejected due to some unknown reasons. They have suggested implementing GRE tunnel, which in my own opinion is worthless and also complicated in implemented 2 GRE tunnels from my side. I need to know if there is any better ides to achieve this connectivity. we will run OSPF with them, with their site area being stub.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
paolo bevilacqua Tue, 04/21/2009 - 02:43
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

If the overlapping sites need to communicates with each other, you must use NAT.

Else regular routing will work, just eliminate the overlapping addresses from the announcements.


GRE is used when you connect over the internet, not when you have your own circuits.

Edison Ortiz Tue, 04/21/2009 - 06:29
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

mohsin,


We are not aware of your customer's or your network requirements but if NAT has been rejected as an option, you can explore MPLS as an alternative.


You can create a VRF for this partner's connection and treat it as a separate entity. Traffic in/out the VRF can be controlled rather easily and you don't have to advertise this partner's subnet into your global routing table.


HTH,


__


Edison.

I got an approval for the NAT from the partner, there again is a question, rather a confirmation just for my understanding. If my partner puts his eth interface as nat inside, and both its wan links connecting to my sites as nat outside, and defines a subnet frm my network as the overload nat pool, then all is going to work fine? i mean in firewall the nat is binded to the interfaces, however in routers i believe we can allocate the nat pool and use at multiple interfaces simaltaneously as outside nat interfaces, correct? How would traffic be effected, coz i want give a single subnet as a nat pool to my partner, and traffic will be coming on both of my sites (though different ospf costs)


Also, this VRF option is interesting, and just want to knw if VRF is applicable in low end routers as well, or is it only available in 6500/7600 etc?

Edison Ortiz Thu, 04/23/2009 - 06:29
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

If my partner puts his eth interface as nat inside, and both its wan links connecting to my sites as nat outside, and defines a subnet frm my network as the overload nat pool, then all is going to work fine?


Yes.


You can create an ACL to match the source|destination on the traffic to be NAT'd. For instance:


access-list 101 permit ip [partner's subnet] [your subnet]


ip nat inside source list 101 .....


interface fx/x

description inside

ip nat in


interface fx/x

description outside

ip nat out


You can use a NAT-POOL or interface overload - that's a design call.


Also, this VRF option is interesting, and just want to knw if VRF is applicable in low end routers as well, or is it only available in 6500/7600 etc?


VRF is supported on low end routers as well but since you got the green light on the NAT, I believe that's an easier design. If you aren't familiar with VRF or MPLS, things can become a bit complicated.


__


Edison.

Actions

This Discussion