eBGP over NAT boundaries

Answered Question
Apr 7th, 2010
User Badges:

Hi there,

Let’s assume this unrealistic scenario in a totally private network. I have two eBGP peer connections coming into my private network, one for Customer A and one for Customer B.  Both Customer A and Customer B have identical subnet ranges, for example 10.15.100.0/24.  I know I could separate these with VRF's, but lets exclude this for the minute.

If Customer A wishes to exchange data with Customer B then I have a problem due to conflicting subnet ranges. If I were to use NAT, can I establish an eBGP session across a NAT boundary? Furthermore, can Customer A or Customer B have their BGP advertised networks NAT’d to a non conflicting private range of addresses?

If I did use VRF's to separate overlapping networks how could I get these two VRF's to communicate with the knowledge they have the same private networks?

Thanks, Wayne

Correct Answer by Jon Marshall about 7 years 1 month ago

wrgoulden wrote:


Jon,


I guess firstly can you establish a BGP session from a BGP NAT'd peer address? Secondly, would I need a transit network behind the customer BGP router to perform the NAT then advertise the NAT ranges into BGP?


Thanks,


Wayne


Wayne


The first one will be tricky - would the 2 EBGP peers be using WAN IPs from the same subnet ? If so that may take a bit of experimenting with but i though the requirement was simply to NAT an internal network.


As for natting an internal network this should be relatively straighforward and i suspect altho i would need to test the Natting could be done on the same router that runs EBGP.


Don't mind testing but could you just answer whether the WAN IPs would need Natting ?


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Wed, 04/07/2010 - 03:54
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

wrgoulden wrote:


Hi there,


Let’s assume this unrealistic scenario in a totally private network. I have two eBGP peer connections coming into my private network, one for Customer A and one for Customer B.  Both Customer A and Customer B have identical subnet ranges, for example 10.15.100.0/24.  I know I could separate these with VRF's, but lets exclude this for the minute.


If Customer A wishes to exchange data with Customer B then I have a problem due to conflicting subnet ranges. If I were to use NAT, can I establish an eBGP session across a NAT boundary? Furthermore, can Customer A or Customer B have their BGP advertised networks NAT’d to a non conflicting private range of addresses?


If I did use VRF's to separate overlapping networks how could I get these two VRF's to communicate with the knowledge they have the same private networks?


Thanks, Wayne


Wayne


Yes you can establish BGP, you would simply advertise out the Natted subnet range rather than the real subnet range. Is this what you are asking or are you asking whether the actual BGP peer address can be Natted ?


Jon

wrgoulden Wed, 04/07/2010 - 04:52
User Badges:

Jon,


I guess firstly can you establish a BGP session from a BGP NAT'd peer address? Secondly, would I need a transit network behind the customer BGP router to perform the NAT then advertise the NAT ranges into BGP?


Thanks,


Wayne

Correct Answer
Jon Marshall Wed, 04/07/2010 - 05:03
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

wrgoulden wrote:


Jon,


I guess firstly can you establish a BGP session from a BGP NAT'd peer address? Secondly, would I need a transit network behind the customer BGP router to perform the NAT then advertise the NAT ranges into BGP?


Thanks,


Wayne


Wayne


The first one will be tricky - would the 2 EBGP peers be using WAN IPs from the same subnet ? If so that may take a bit of experimenting with but i though the requirement was simply to NAT an internal network.


As for natting an internal network this should be relatively straighforward and i suspect altho i would need to test the Natting could be done on the same router that runs EBGP.


Don't mind testing but could you just answer whether the WAN IPs would need Natting ?


Jon

wrgoulden Wed, 04/07/2010 - 05:47
User Badges:

Jon,


Just looked over it again and the NAT'ing of the internal ranges is fine.  No need to set peers up over a NAT boundary as I first thought. Thanks for your help.


Wayne

Actions

This Discussion

Related Content