Stateful inter-chassis NAT redundancy provides seamless NAT failover between the two redundant SR OS nodes. A pair of redundant nodes operates in active or standby modes per NAT group. If traffic distribution between the nodes is needed, then up to four NAT groups per node can be deployed, and with each NAT group having its own set of ISAs. In this scenario, traffic between the nodes can be load-balanced per NAT group.
Figure: CGN stateful inter-chassis redundancy shows a scenario where inside routes are advertised from the node with the active NAT group that ensures traffic is symmetric. This means that upstream and downstream traffic is fully flowing through the same node. Although this scenario represents the majority of use cases, it is allowed for the upstream traffic to arrive on the node with a standby NAT group and be shunted over to the node with active nat-group over a link that interconnects the two nodes. This scenario is shown in Figure: Asymmetric traffic.
The redundant pair of NAT nodes protect against the following:
node failure
ISA failure
link failure
path failure (BFD, VRRP)
The basic premise of stateful inter-chassis NAT redundancy is as follows:
ISAs/ESAs within a NAT group can be either active or standby. This means that in a pair of redundant NAT nodes, only one node attracts traffic per NAT group while the NAT group on the peering node is in a standby state with synchronized flows (or sessions).
The activity (active or standby) of a NAT group is determined by an internal health parameter that represents the node’s ability to perform NAT at full capacity. The value of the health parameter can change dynamically and is based on the events that are related to various failures against which the stateful inter-chassis NAT redundancy offers protection. The health value is communicated between the redundant (or peering) nodes on the CPM level.
In case of equal health, an operator can, through configuration, influence the activity of a NAT group.
The activity of a NAT group is characterized by the advertisement of the NAT- related routes on the inside (steering and destination-prefix) and the outside (pool routes).
Only TCP/UDP/ICMP flows that are older than the preconfigured amount of time are synchronized.
Flow synchronization is performed directly between the ISAs, bypassing the CPM. The CPM’s main role is to determine the activity of a NAT group with health related parameters as shown in Figure: NAT synchronization.
Flows are created on the active NAT group and are synchronized from the active NAT group to the standby NAT group.
Immediately following the switchover, all flows on the newly standby NAT group are resynchronized from the newly active NAT group.
If the link between the chassis is lost, then each chassis operates in a standalone mode.
A reliable and redundant link should always be available between the two redundant NAT nodes. This link is referred to as Inter-Chassis Link (ICL) and is used for:
CPM communication (activity negotiation and presence detection)
ISA-to-ISA communication (flow synchronization)
transient forwarding of data traffic during switchovers