Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  CGNAT on MX using SPC3 for PS4?

    Posted 03-19-2021 08:54
    Hi all,


    Anyone here has been experience how to make the CGNAT use NAT Type 2 instead using NAT Type 3 for Playstation 4 (PS4).  Using NAT Type 3 it have an issue on PS4.


    Appreciate any feedback


  • 2.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 03-19-2021 11:07
    Hi,

    Is it other way MX-SPC3 can do similar like this?

    https://networkshinobi.wordpress.com/2015/06/26/playstation-network-xbox-live-nat-type-3-to-nat-type-2-on-juniper-srx-with-dynamic-public-ip-address/


    Thanks and appreciate any feedback


  • 3.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 03-20-2021 07:28

     

    Hi , you should enable EIM+EIF for PS services

     


    Juniper Business Use Only






  • 4.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 03-23-2021 09:22
    Hi,


    But is it possible on PS4 can get automatically NAT Type 2 when using CGNAT Juniper?  If i google many people complain of using NAT Type 3 on PS4.


    Thanks and appreciate any feedback


  • 5.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 03-24-2021 03:14
    Hi all,

    Just to update, now can get NAT Type 2 when we disable "match application". It mean all traffic will go through EIM + EIF. Still try to monitor session exactly what port need by PS4 to make sure PS4 can get NAT Type 2.


    Thanks


  • 6.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 03-25-2021 10:56
    I don't "match application" for any of my Juniper CGNat.  I use EIM, EIF, APP, and AMS LB... I also tune my customer-facing PE's to use the IGP metrically closest egress CGNat (MX960) Inet node to make it less possible for IP's to change from any given customer-facing-PE in my network...

    set services nat pool nat1 address-range low 999.999.131.0 high 999.999.131.255
    set services nat pool nat1 address-range low 999.999.132.0 high 999.999.132.255
    set services nat pool nat1 port range low 1100
    set services nat pool nat1 port range high 65499
    set services nat pool nat1 port secured-port-block-allocation block-size 100
    set services nat pool nat1 port secured-port-block-allocation max-blocks-per-address 30
    set services nat rule rule1 match-direction input
    set services nat rule rule1 term other1 from source-address 10.144.0.0/12
    set services nat rule rule1 term other1 from source-address 10.160.0.0/14
    set services nat rule rule1 term other1 then translated source-pool nat1
    set services nat rule rule1 term other1 then translated translation-type napt-44
    set services nat rule rule1 term other1 then translated mapping-type endpoint-independent
    set services nat rule rule1 term other1 then translated secure-nat-mapping eif-flow-limit 1000
    set services nat rule rule1 term other1 then translated secure-nat-mapping mapping-refresh outbound
    set services nat rule rule1 term other1 then translated filtering-type endpoint-independent
    set services nat rule rule1 term other1 then translated address-pooling paired

    ------------------------------
    Aaron Gould
    Senior Network Engineer
    aaron@gvtc.com
    https://www.linkedin.com/in/agould123/
    ------------------------------



  • 7.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 03-25-2021 11:36
    Hi Aaron,


    As i'm understand if u not do specific application/port that through EIM, EIF, APP it will eat the CPU resources? By the way the problem already solve due to miss knob load-balance under AMS0.


    Thanks


  • 8.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 03-25-2021 12:45
    I'm not aware of that.

    Glad you fixed it.

    ------------------------------
    Aaron Gould
    Senior Network Engineer
    aaron@gvtc.com
    https://www.linkedin.com/in/agould123/
    ------------------------------



  • 9.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 04-14-2021 23:24
    Hi kronicklez,

    Can you perhaps elaborate on the issue being resolved with the "load-balance under AMS0". Are you referring to the hash algorithm?

    We have customers complaining with various types of consoles regarding NAT type 3 strict and multiplayer gaming not working. 

    Inside interface
    set interfaces ams0 unit 100 load-balancing-options hash-keys ingress-key source-ip

    Outside interface
    set interfaces ams0 unit 200 load-balancing-options hash-keys ingress-key destination-ip


  • 10.  RE: CGNAT on MX using SPC3 for PS4?

    Posted 04-15-2021 18:57
    Edited by aaron.gould 04-15-2021 19:12
    here's some things i recall from working with cgnat...

    when you assign a public pool to an ams interface, it chops up the address pool into equal parts and codes those parts into the underlying ams members...

    if ams has 4 underlying members...

    mams-3/0/0
    mams-3/1/0
    mams-3/2/0
    mams-3/3/0

    ...and your public pool is for instance 1.2.3.0/24, then, you will have

    mams-3/0/0 - 1.2.3.0/26
    mams-3/1/0 - 1.2.3.64/26
    mams-3/2/0 - 1.2.3.128/26
    mams-3/3/0 - 1.2.3.192/26

    enabling ams0 "load-balancing-options hash-keys ingress-key source-ip" caused less randomness with public pool translations and caused a more stable mapping of customer-to-public-ip behavior

    my ams configs are...

    set interfaces ams0 load-balancing-options member-interface mams-3/0/0
    set interfaces ams0 load-balancing-options member-interface mams-3/1/0
    set interfaces ams0 load-balancing-options member-interface mams-3/2/0
    set interfaces ams0 load-balancing-options member-interface mams-3/3/0
    set interfaces ams0 load-balancing-options member-failure-options redistribute-all-traffic enable-rejoin

    set interfaces ams0 unit 51 description "nat inside - vrf blah"
    set interfaces ams0 unit 51 family inet address 10.10.1.1/30
    set interfaces ams0 unit 51 service-domain inside
    set interfaces ams0 unit 51 load-balancing-options hash-keys ingress-key source-ip

    set interfaces ams0 unit 52 description "nat outside - vrf blahblah"
    set interfaces ams0 unit 52 family inet
    set interfaces ams0 unit 52 service-domain outside


    show services nat pool detail
    ...will show the public pool mappings to ams mams members


    https://www.juniper.net/documentation/us/en/software/junos/interfaces-adaptive-services/topics/topic-map/load-balance-high-avail-AMS.html 
    ...
    By default, the traffic distribution over the member interfaces of an AMS interface happens in a round-robin fashion. You can also configure the following hash key values to regulate the traffic distribution: source-ip, destination-ip , and protocol. For services that require traffic symmetry, you must configure symmetrical hashing. Symmetrical hashing configuration ensures that both forward and reverse traffic is routed through the same member interface.
    ...

    i will emphasize, when working on a network with redundancy, load balanding, with multiple exit points to the internet using multiple stand-alone (not snat/stateful ha paring of any sort) cgnat boundary nodes, that the challenge to have subscribers use the same public ip address is a multi-layer/multi-faceted challenging task.

    items i recall that needed to be tuned and enabled, were...

    - igp/ldp tracking from customer PE to use same cgnat boundary node (needed when customers are in vrf's/L3VPN's)
    - ams source-ip lb hash
    - eim
    - eif
    - app 

    ------------------------------
    Aaron Gould
    Senior Network Engineer
    aaron@gvtc.com
    https://www.linkedin.com/in/agould123/
    ------------------------------