SD-WAN

 View Only
last person joined: 4 days ago 

Ask questions and share experiences with SD-WAN and Session Smart Router (formerly 128T).
  • 1.  Anything needed to enable inbound sessions through a NAT in 3.2.1?

     
    Posted 03-24-2018 00:00
    Just upgraded to 3.2.1, which has the following listed in the release note:

    I95-14820 The 128T now has a signaled mechanism for establishing inbound flows to systems behind firewalled or LTE environments. 

    I've got a router (r2) deployed behind a NAT device that isn't explicitly configured to forward any ports to the router. It peers with another router (r1). Prior to upgrading, peering and sessions from r2 -> r1 was working fine (and still works after upgrading to 3.2.1). However I tried adding a service which routes from r1 -> r2 inbound through the NAT, and it does not appear to be making it through. 

    Any details on what is needed to make this feature work?


  • 2.  RE: Anything needed to enable inbound sessions through a NAT in 3.2.1?

     
    Posted 03-24-2018 00:00

     

    Aha, figured it out. On the r2 router interface that was deployed behind the NAT, I needed to set the ""Peer Connectivity"" to ""outbound-only"" in the neighborhood config.

     

     

    After setting this in the neighborhood on r2, the setting was reflected on in the adjacency config in r1, and inbound sessions worked through the NAT.

     

    Handy feature!!

     



  • 3.  RE: Anything needed to enable inbound sessions through a NAT in 3.2.1?

     
    Posted 03-24-2018 00:00

    Just tried this functionality on an LTE interface that was operating through a carrier NAT. Worked like a charm!



  • 4.  RE: Anything needed to enable inbound sessions through a NAT in 3.2.1?

     
    Posted 03-24-2018 00:00

    Thanks, Reid, I was wondering about the purpose of the Peer Connectivity setting. I should point out that the change in Neighborhood from bidirectional to outbound-only doesn't seem to be inherited in the auto-generated Adjacency under it. The only way to affect it is to set adjacency auto-gen=FALSE, and set the Peer Connectivity option manually to outbound-only.



  • 5.  RE: Anything needed to enable inbound sessions through a NAT in 3.2.1?

     
    Posted 03-24-2018 00:00

    Gene, it should absolutely get propagated... but perhaps not as you're expecting. When you set it on the neighborhood in r2, it gets set in the adjacency on r1. (This is where it's actually relevant. The router r1 -- in Reid's example -- needs to know that r2 is outbound only.)

     

    Can you double check to make sure your configuration is getting generated as described here?



  • 6.  RE: Anything needed to enable inbound sessions through a NAT in 3.2.1?

     
    Posted 03-24-2018 00:00

    Patrick A Timmons I just tested out the behavior you described, and indeed that's exactly what I've obseved. Thanks for the clarification.



  • 7.  RE: Anything needed to enable inbound sessions through a NAT in 3.2.1?

     
    Posted 03-24-2018 00:00

    Great, thanks for checking!