Re: [c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions

2010-01-25 Thread Ivan Pepelnjak
The problem is that the session stays active. I want the session to be lost. I believe the rules should be adhered to a bit more strictly. The session DOES NOT stay active. The phone is stupid. It should have realized there's no reply and restart the session. If the current matching nat

Re: [c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions

2010-01-25 Thread Joe Maimon
Ivan Pepelnjak wrote: The problem is that the session stays active. I want the session to be lost. I believe the rules should be adhered to a bit more strictly. The session DOES NOT stay active. The phone is stupid. It should have realized there's no reply and restart the session. With

Re: [c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions

2010-01-25 Thread Ivan Pepelnjak
Just did a few tests with 12.4(24)T. IOS NAT is extra stupid when it comes to clearing NAT translation table. Even though you have NAT rules tied to an interface (ip nat inside ... interface) they are not cleared when the interface IP address is lost or when the interface is shut down. So (I

[c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions

2010-01-24 Thread Joe Maimon
Hey All, So as is commonly talked about, I have seen a number of end user sites with simple redundancy service using IOS routers. Multiple lines, coulds be the same provider, could be different providers, no dynamic routing, different source addresses, uRPF/SAV at the provider(s) is to be

Re: [c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions

2010-01-24 Thread Ivan Pepelnjak
-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions Hey All, So as is commonly talked about, I have seen a number of end user sites with simple redundancy service using IOS routers. Multiple lines, coulds be the same provider, could be different providers, no dynamic

Re: [c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions

2010-01-24 Thread Joe Maimon
- From: Joe Maimon [mailto:jmai...@ttec.com] Sent: Sunday, January 24, 2010 5:06 PM To: cisco-nsp Subject: [c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions Hey All, So as is commonly talked about, I have seen a number of end user sites with simple redundancy service using

Re: [c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions

2010-01-24 Thread Ivan Pepelnjak
After the routing and egress changes, the router should be well aware that continued traffic no longer matches the ip nat inside source route-map ISPA Di1 overload and now matches the ip nat inside source route-map ISPB Di2 overload for a simplistic example. So the old

Re: [c-nsp] CPE with tracking redundancy and long lived (UDP) nat sessions

2010-01-24 Thread Joe Maimon
Ivan Pepelnjak wrote: Obviously the router does NOT check the ip nat rules if it gets a match in the NAT translation table. This behavior makes sense; if you'd change the NAT parameters of a live session, you'd lose the session anyway. The problem is that the session stays active. I want