HPE Community
WAN Routing
1751693 Members
5044 Online
108781 Solutions
New Discussion

Multi-peer BGP Issue with NAT

 
ChopKC
Occasional Contributor

‎07-03-2018 12:33 PM - edited ‎07-03-2018 01:33 PM

‎07-03-2018 12:33 PM - edited ‎07-03-2018 01:33 PM

Multi-peer BGP Issue with NAT

I am running an HPE MSR3044 router.  I have a bgp session setup as follows with my ISP with one link between us and I have implemented NAT444 and it has worked well.  I've obviously changed the IP addresses below for security purposes in this post.  

bgp 65004
router-id 7.7.7.7
peer 9.1.1.1 as-number 27446
peer 9.1.1.2 as-number 27446
#
address-family ipv4 unicast
dampening
network 8.8.20.0 255.255.255.0
network 8.8.21.0 255.255.255.0
peer 9.1.1.1 enable
peer 9.1.1.2 enable

The port where I have the link to my ISP is configured as follows:

interface GigabitEthernet5/3
port link-mode route
ip address 9.1.1.3 255.255.255.248
nat outbound port-preserved disable
nat outbound port-block-group 1
nat outbound port-block-group 2

Now for my problem.  I have been allocated a 2nd port between myself and my ISP for additional bandwidth.  I have added the new meeting point into my BGP session and I can successfully send traffic over both ports between us.  However, I am having intermittent NAT and connectivity issues with this setup.  My new BGP setup with both sets of peers is as follows:

 bgp 65004
router-id 7.7.7.7
peer 9.1.1.1 as-number 27446
peer 9.1.1.2 as-number 27446
peer 9.2.2.1 as-number 27446
peer 9.2.2.2 as-number 27446
#
address-family ipv4 unicast
dampening
balance 2
network 8.8.20.0 255.255.255.0
network 8.8.21.0 255.255.255.0
peer 9.1.1.1 enable
peer 9.1.1.2 enable
peer 9.2.2.1 enable
peer 9.2.2.2 enable

The 2nd interface is configured identical to the first one and is as follows:

interface GigabitEthernet5/2
port link-mode route
ip address 9.2.2.3 255.255.255.248
nat outbound port-preserved disable
nat outbound port-block-group 1
nat outbound port-block-group 2

I have added the following command to my config but it hasn't helped

nat port-block global-share enable

Ideally I just need for packets from the same source to be routed out a single interface.  It appears that packets from a source are traversing both paths and thus having issue with return traffic, especially NAT involved addresses.  My ISP has a Cisco router on the other end and it may be something in their configuration but since I'm doing NAT on my end I'm pretty sure I'm missing something in my config.  Additionally, it seems that when I do any kind of route aggregation or multi-path setup between us my performance takes a hit instead of improving as one would expect.  By performance I mean more packet loss and less bandwidth than with a single port.  What am I doing wrong?

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.