Best practice on what to advertise the “non-connected”/”non-static” NAT space.

Reply
Highlighted
L1 Bithead

Best practice on what to advertise the “non-connected”/”non-static” NAT space.

Hi Guys my customer is in the heat of battle with policy and NAT review, but I wanted to toss something out there regarding the advertising/redistribution of the NAT space.

 

 There’s some discussion on how to advertise the NATs (aka non-connected or routes not in local table), and I want to make sure we have a consensus.

 

Adding static routes versus using a redistribution rule?

 

It was discussed that we would need to add static routes for all the NATs, and set the next hop to whatever the “real” address uses.  As we are advertising statics, this would send the routes downstream.  Although I’m curious what that would do to the local route table, as the NAT IPs themselves are not technically “next-hop” routed.  I’ve never, personally, added static addresses for the NAT IPs, so I don’t have experience with this…which is why I ask the questions.  J

 

Is there a reason we wouldn’t just add the NAT addresses/subnets/whatever as an entry in the redistribution rules?  Aggregating where we can, or using host routes.

 

 

https://live.paloaltonetworks.com/t5/Configuration-Articles/BGP-Redistribution-Rules-to-Explicitly-A...

Conceptually I had this idea, just didn’t know what “button to push”.

 

 Customer need to advertise non-connected address space used by the NATs.  So I’m curious what the best practice would be.

 

Thanks in Advance.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!