cgn scaleout - a10 networks

CGN SCALEOUT Advantages of CGN Scaleout Technology and Configuration Overview

CGN Scaleout

i

TABLE OF CONTENTS

THE CGN SCALEOUT SOLUTION ....................................................................... 1

On-Demand Traffic Scaling ................................................................................................................................... 1 Inherited Fault Tolerance ....................................................................................................................................... 1

CGN SCALEOUT IMPLEMENTATION ................................................................. 2

Prerequisites ............................................................................................................................................................ 2 CGN technologies ................................................................................................................................................... 2

CGN SCALEOUT ARCHITECTURE ...................................................................... 3

CGN Scaleout Traffic Distribution ....................................................................................................................... 3

CONFIGURING CGN SCALEOUT ......................................................................... 4

CGN Scaleout overview ......................................................................................................................................... 4 CGN Scaleout CLI example ................................................................................................................................... 5 CGN traffic profile ................................................................................................................................................... 6

CONFIGURATION AND OUTPUT COMMANDS ................................................. 7

Helpful links: .......................................................................................................................................................... 10 ABOUT A10 NETWORKS ..................................................................................................................................... 11

CGN Scaleout

1

THE CGN SCALEOUT SOLUTION Carrier Grade NAT (CGN) Scaleout is a powerful solution for high speed CGN network architecture. This is mainly due to CGN Scaleout’s on-demand traffic scaling and inherited fault tolerance.

ON-DEMAND TRAFFIC SCALING

The CGN Scaleout feature provides the ability to add capacity on-demand without service interruption as CGN

traffic increases. CGN Scaleout distributes traffic evenly across the cluster and makes provisioning

additional ACOS devices a seamless process. All devices in the Scaleout cluster can process CGN traffic and

maintain redundancy at the same time.

INHERITED FAULT TOLERANCE

CGN Scaleout reduces administrative overhead for capacity or high availability planning. It dynamically absorbs traffic surges by intelligently distributing traffic to other ACOS devices in the Scaleout cluster. In case of a node failure, the traffic load gets distributed among the remaining nodes without traffic interruption. This means that there is no need to re-architect the network due to traffic scaling requirements and events causing sudden traffic spikes.

This article focuses on how to implement CGN Scaleout to maximize its benefits. It also includes a CGN architecture and configuration examples.

CGN Scaleout

2

CGN SCALEOUT IMPLEMENTATION The key advantages of CGN Scaleout are scalability, efficiency, and redundancy. CGN Scaleout ensures all

devices in the scaleout cluster process CGN traffic without any devices remaining idle. In addition, the

implementation of CGN Scaleout follows a concise workflow process.

PREREQUISITES

Before implementing CGN Scaleout, check the following prerequisites.

o To run CGN Scaleout on ACOS devices, ensure the following minimum requirements:

- The minimum software requirement is 4.1.2-P1.

- The minimum number of devices for a CGN Scaleout cluster is 2 and the maximum number of ACOS

devices is 8.

- CGN Scaleout devices must be L2 adjacent on the client side of the network architecture.

- The minimum CGN pool IP address range must be 256 contiguous addresses or a full Class C subnet.

o To use hairpinning, enable Endpoint Independent Mapping (EIM) and Endpoint Independent Filtering (EIF).

CGN TECHNOLOGIES

o CGN Scaleout currently supports:

- LSN (NAT 44, NAT64).

- Fixed-NAT (NAT44, NAT64).

CGN Scaleout

3

CGN SCALEOUT ARCHITECTURE This section illustrates CGN Scaleout architecture.

CGN SCALEOUT TRAFFIC DISTRIBUTION

In the following diagram, the CGN Scaleout cluster represented below includes 8 nodes. It shows the traffic

distribution with relation to the CGN Cluster.

CGN Scaleout – Traffic Distribution

CGN Cluster

Inbound traffic arrives on a specific cluster node based on advertised NAT address route

Subscriber outbound traffic distributed by upstream node using ECMP hash

Subscriber networks/Users

1

2

3

4

5

6

7

8

All ACOS nodes process CGN traffic in Scaleout cluster

L2 Redirection Bus

ACOS nodes use BGP to announce NAT routes to upstream routers

BGP

NAT POOL: 10.100.0.0 /24

ACOS Internal Interfaces:192.168.10.0 /24

ACOS External Interfaces:10.100.10.0 /24

Figure 1: Example of CGN Scaleout Architecture

Below is a high-level walkthrough of CGN Scaleout traffic processing as illustrated in Figure 1:

o The subscriber networks initiate application traffic. They send the traffic to the CGN Scaleout cluster and

to the Internet.

o The aggregation router of the subscriber networks uses ECMP to distribute the traffic to the CGN Scaleout

cluster. CGN Scaleout cluster uses a hash calculation to distribute each new traffic flow across the CGN

Scaleout cluster.

o The return traffic from the Internet is sent on the path that it was received on based on the advertised NAT

address.

o CGN Scaleout cluster’s built-in fault tolerance determines when CGN traffic is sent to an alternate node.

Subscriber traffic initiating traffic to the Internet is sent to an alternate node in the following conditions:

- When a node failure is detected, Layer 2 redirection is performed and the subscriber traffic is forwarded

to an alternate node.

CGN Scaleout

4

- When subscriber traffic arrives on an erroneous node, Layer 2 redirection forwards traffic to the correct

node.

o If a node failure is detected when the CGN traffic is returning from the Internet, the Scaleout cluster does

the following:

- Layer 2 redirects the flow to an alternate node.

- It withdraws the route with the NAT pool advertised by the ACOS device on the upstream router.

- It installs the route with the same NAT pool on the upstream router.

- It chooses an alternate node in the Scaleout cluster to process the return traffic.

CONFIGURING CGN SCALEOUT CGN SCALEOUT OVERVIEW

o Remove all CGN or ADC configurations from the ACOS devices.

o Globally configure Scaleout with a cluster ID.

- Command: ACOS(config)# <scaleout <1-64>>

o Configure the local device settings.

- Command: ACOS(config-cluster:10)# <local-device>

o Set the priority of the local device.

- Command: ACOS(config-cluster:10-local-device)# <priority <1-255>>

o Set the node ID of the cluster.

- Command: ACOS(config-cluster:10-local-device)# <id <1-8>

o Add device to the CGN Scaleout cluster.

- Command: ACOS(config-cluster:10)# <cluster-devices>

o Configure a device-id for each node in the cluster and configure the management IP address for each node.

- Command: ACOS(config-cluster:10-cluster-devices-de...)# <device-id <1-8>>

- Command: ACOS(config-cluster:10-cluster-devices-de...)# <ip A.B.C.D>

o Enable CGN Scaleout.

- Command: ACOS1(config)# <scaleout-cgn>

o Globally configure Scaleout with a cluster ID.

CGN Scaleout

5

CGN SCALEOUT CLI EXAMPLE

The following CLI example uses three nodes for CGN Scaleout with the cluster ID equal to 10.

ACOS device 1:

ACOS1# config terminal

ACOS1(config)# scaleout 10

ACOS1(config-cluster:10)# local-device

ACOS1(config-cluster:10-local-device)# priority 10

ACOS1(config-cluster:10-local-device)# id 1

ACOS1(config-cluster:10-local-device)# exit

ACOS1(config-cluster:10)# cluster-devices

ACOS1(config-cluster:10-cluster-devices-de...)# device-id 1

ACOS1(config-cluster:10-cluster-devices-de...)# ip 192.168.10.1





ACOS1(config-cluster:10-cluster-devices-de...)# exit

ACOS1(config-cluster:10-cluster-devices)# exit

ACOS1(config-cluster:10)# exit

ACOS1(config)# scaleout-cgn

ACOS device 2:















CGN Scaleout

6




ACOS device 3:


















The following output shows the status of the CGN Scaleout cluster:

ACOS# show scaleout

Role - Cluster Master

Device 1 - Active (Local) (Master)

Device 2 - Active

Device 3 - Active

CGN TRAFFIC PROFILE

The steps to CGN along with Scaleout referencing Figure 1: Example of CGN Scaleout Architecture.

o Configure an IP class list with the network subnet(s) that will be processed for CGN traffic.

CGN Scaleout

7

o Configure the interfaces and relative CGN segments.

o Bind the IP class list for use with CGN.

o Create a NAT pool range.

o Create LSN LID (Large Scale NAT Identifier).

o Bind the NAT pool to the lsn-lid identifier used in the class-list.

o Configure BGP and redistribute the NAT pool.

Configure the CGN traffic profile on each CGN Scaleout node. The following CLI example configures a CGN

traffic profile on a node in the CGN Scaleout cluster:

ACOS1(config)# config terminal

ACOS1(config)# class-list CL10

ACOS1(config-class list)# 10.10.0.0/16 lsn-lid 1

ACOS1(config-class list)# interface ethernet 1

ACOS1(config-if:ethernet:1)# ip nat inside

ACOS1(config-if:ethernet:1)# interface ethernet 2

ACOS1(config-if:ethernet:2)# ip nat outside

ACOS1(config-if:ethernet:2)# exit

ACOS1(config)# cgnv6 lsn inside source class-list CL10

ACOS1(config)# cgnv6 nat pool POOL1 10.100.0.0 netmask /24

ACOS1(config)# cgnv6 lsn-lid 1

ACOS1(config-lsn-lid)# source-nat-pool POOL1

ACOS1(config-lsn-lid)# exit

ACOS1(config)# router bgp 65010

ACOS1(config-bgp:65010)# neighbor 10.100.100.99 remote-as 65010

ACOS1(config-bgp:65010)# redistribute ip-nat

CONFIGURATION AND OUTPUT COMMANDS Following is the entire configuration and output commands including a CGN traffic profile and CGN Scaleout

referencing Figure 1: Example of CGN Scaleout Architecture.

CGN Scaleout

8

Refer to Configuring Scaleout and the IPv6 Configuration reference manuals for detailed overviews. The output

commands will validate route advertising and traffic distribution across the CGN Scaleout cluster.

COMMAND: <SHOW RUNNING-CONFIG>

ACOS1# show running-config

!Current configuration: 961 bytes

!Configuration last updated at 16:46:41 GMT Thu Mar 8 2018

!Configuration last saved at 08:31:06 GMT Thu Mar 8 2018

!64-bit Advanced Core OS (ACOS) version 4.1.4, build 307 (Feb-12-2018,06:47)

!

!

class-list CL10

10.10.0.0/16 lsn-lid 1

!

interface ethernet 1

name INSIDE

enable

ip address 192.168.10.1 255.255.255.0

ip nat inside

!

interface ethernet 2

name OUTSIDE

enable

ip address 10.100.10.1 255.255.255.0

ip nat outside

!

!

scaleout 10

local-device

priority 10

id 1

cluster-devices

device-id 1

ip 192.168.10.1

device-id 2

ip 192.168.10.2

device-id 2

ip 192.168.10.3

!

scaleout-cgn enable

CGN Scaleout

9

!

cgnv6 lsn inside source class-list CL10

!

cgnv6 nat pool POOL1 10.100.0.0 netmask /24

!

cgnv6 lsn-lid 1

source-nat-pool pool1

!

router bgp 65010

neighbor 10.100.100.99 remote-as 65010

redistribute ip-nat

!

end

All three CGN Scaleout nodes announce the 10.100.0.0/24 network NAT pool as /32 routes to the upstream

router via BGP. The CGN configuration is the same on all nodes. Each node advertises only its own set of

public NAT addresses:

COMMAND: <SHOW IP BGP>

ACOS1# show ip bgp

BGP table version is 1, local router ID is 192.168.10.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled

S Stale, m multipath

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Type Path

*>i10.100.0.203/32 10.100.100.92 0 100 32768 ?

*>i10.100.0.206/32 10.100.100.92 0 100 32768 ?

*>i10.100.0.208/32 10.100.100.92 0 100 32768 ?

*>i10.100.0.211/32 10.100.100.92 0 100 32768 ?

*>i10.100.0.212/32 10.100.100.92 0 100 32768 ?

CGN Scaleout classifies subscriber traffic and the NAT IP pool into user groups and assigns each CGN

Scaleout cluster node to a hash bucket. The hash value calculation determines how each new subsciber

traffic flow is distributed across the CGN Scaleout cluster. Use the following command to see how the CGN

Scaleout IP NAT pool is distributed across the CGN SCaleout cluster:

CGN Scaleout

10

COMMAND: <SHOW SCALEOUT NAT-POOL <NAME>>

ACOS1#show scaleout nat-pool POOL1

Pool Name: POOL1

Address User-Group Active Device

----------------------------------------------

10.100.0.201 201 1

10.100.0.202 202 1

10.100.0.203 203 2

10.100.0.204 204 3

10.100.0.205 205 3

10.100.0.206 206 2

HELPFUL LINKS:

For the complete guide to configuring CGN Scaleout, see the following link:

https://documentation.a10networks.com/scaleout

For the complete guide to configuring CGN also known as Large Scale NAT (LSN), see the following link:

https://documentation.a10networks.com/CGN

https://documentation.a10networks.com/ACOS/412x/412-P4/ACOS_4_1_2-P4/html/scaleout-Responsive%20HTML5/table_of_contents.htm

https://documentation.a10networks.com/ACOS/412x/412-P4/ACOS_4_1_2-P4/html/v6_guide-Responsive%20HTML5/table_of_contents.htm

11

LEARN MORE ABOUT A10 NETWORKS

CONTACT US

a10networks.com/contact

©2018 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, A10 Thunder, A10 Lightning, A10 Harmony and SSL Insight are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. For the full list of trademarks, visit: www.a10networks.com/a10-trademarks.

ABOUT A10 NETWORKS

A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application

networking solutions that help organizations ensure that their data center applications and networks remain highly

available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers

globally with offices worldwide.

For more information, visit: a10networks.com or tweet @a10Networks

https://www.a10networks.com/company/contact-us

https://www.a10networks.com/company/legal-notices/a10-trademarks

https://www.a10networks.com/

https://twitter.com/a10networks

cgn scaleout - a10 networks

Documents