Hi All,
I have a simple setup:
Several customers on the same CCR1036.
Each customer has 2 VLAN in its own VRF : IaaS VLAN + Internet Transit VLAN.
IaaS VLAN is using the same /24 subnet for each customer (192.168.179.0/24)
Everything is working well.
As soon as we need NAT configuration for outside access, I have a weird behaviour:
- Customer A can go outside using public IP A
- Customer B can go outside using public IP B
NB 1: As Transit is provided by eBGP sessions, the NAT is SRC NAT with a loopback send by BGP
In order to keep trafic segregated with NAT, I have set up mangle rules - that is - each customer come from a specific VLAN interface, mandatory information to mark connection and packet and NAT with a different public IP
UDP & TCP are working but ICMP works from time to time :
If, for example, the 2 customers try to reach 8.8.8.8 with echo request from the same IP 192.168.179.1 (in différent VLAN), only one is OK, the second one is NOK until I stop request from the first customer.
Sometimes, it’s working and I can see - like for UDP & TCP - marked trafic
Any idea how to solve this problem ?