Re: NAT static mapping with HSRP for High Availability

jabouaf · ‎01-23-2004

Hello,

Can someone explain me how does this fonction works ?

The feature overview of http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087c4c.html

doesn't give so much explaination.

Regards,

skarundi · ‎01-23-2004

Let's break down what the document says, hopefully then it will make sense.

" When an Address Resolution Protocol (ARP) query is triggered for an address that is configured with Network Address Translation (NAT) static mapping and owned by the router, NAT responds with the BIA MAC address on the interface to which the ARP is pointing."

So if one has 2 routers on the same LAN with the same static route statement, then both could potentially respond to an ARP issued for the static NAT address. This wouldn't be good because its kind of like 2 PCs responding to the same ARP.

" The ARP queries are always replied to by the HSRP active router. In the event of failure of the active HSRP router, upstream devices will point to the new HSRP active router and will not have an ARP entry pointing to the original active router, which may no longer be available."

So the new feature makes sure that the standby HSRP interface doesn't respond to the ARP for the static nat address. The high availability piece comes to play in case of a failure. You want the new HSRP active interface to tell the

downstream routers that it is the way to go if you want to NAT the packets. So when an HSRP failover occurs, the new HSRP active router sends gratituous arps of the static NAT addresses with its BIA address to the LAN configured with HSRP. So now the traffic will then flow through the new hsrp active router.

hope this helps.

jabouaf · ‎01-26-2004

Hello,

Thank you for this explanaition.

AS the standby router do not have to respond to any ARP request (proxy-arp should be automatically devalided), then this new fonctionnality is just to make the new master HSRP router to send gratituous ARP. Is my understood well ?

The documentation says that this function is to be implemented on the "inside" interface of the routeurs.

In my customer's configuration, he has HSRP groups both on inside and outside interfaces (2 routers with the same static inside source NAT translation).

Should the HRSP master router on outside LAN interface also send gratituous ARP queries when the outside interface is going from standby to active/master ?

Regards,

Jean-david

skarundi · ‎01-26-2004

Since you have specified "ip nat inside", then only the inside interface HSRP setting applies. Try this: Configure HSRP tracking on the inside interface to track the outside interface. If the outside interface's line protocol goes down, then the inside interface's HSRP priority will decrease and the standby HSRP router to become active.

jabouaf · ‎01-26-2004

Hello,

So that is to say that the gratituous ARP queries (for static NAT inside source definition) are only send on the "inside" interface, even if HSRP is defined on the outside interface ? (then only the master outside interface answers to any ARP queries)

Is it right ?

Regards,

Jean-david

HSRP tracking is already defined.

skarundi · ‎01-26-2004

HSRP must be configured on the inside interface if you have "ip nat inside".. and if you have "ip nat outside" then hsrp must be configured on the outside interface.

If you have hsrp configured only on the outside interface but you have "ip nat inside", then the feature should not work.

jabouaf · ‎02-03-2004

Hello,

Thank you for all your explainations.

Best Regards,