Community discussions

 
Strand
just joined
Topic Author
Posts: 1
Joined: Tue Apr 02, 2019 11:29 pm

SRC-NAT with hashing algorithm

Wed Apr 03, 2019 12:31 am

Hello,

I currently working on a design with two CCR1036 terminating a 10Gb WAN each.

The setup looks like is:

|---- FIREWALL01 --- CORE ----- DIST ----- ACCESS ----- CLIENT01
ISP CPE ------| /////////////////////////////////// | /////////////// |
|---- FIREWALL02 --- CORE ----- DIST ----- ACCESS ----- CLIENT02

Both firewall is routing BGP to the ISP with /30 routing links
We have assigned a /24 PA scope, which we can use for NAT.

Each firewall announce a /25 via BGP

SRC-NAT rule on firewall01:
[flash=]add action=src-nat chain=srcnat disabled=no out-interface=sfp-sfpplus2 src-address=10.0.0.0/8 to-addresses=193.160.1.0/25[/flash]

SRC-NAT rule on firewall02:
[flash=]add action=src-nat chain=srcnat disabled=no out-interface=sfp-sfpplus2 src-address=10.0.0.0/8 to-addresses=193.160.1.128/25[/flash]

When client01 will make an connection to the internet, how will NAT in the Mikrotik be done?
Will it use a hash for each flow or is it a combination of SRC/DST IP?

// Henrik

Who is online

Users browsing this forum: No registered users and 32 guests