cgn scaleout - a10 networks
TRANSCRIPT
CGN SCALEOUT Advantages of CGN Scaleout Technology and Configuration Overview
CGN Scaleout
i
TABLE OF CONTENTS
THE CGN SCALEOUT SOLUTION ....................................................................... 1
On-Demand Traffic Scaling ................................................................................................................................... 1 Inherited Fault Tolerance ....................................................................................................................................... 1
CGN SCALEOUT IMPLEMENTATION ................................................................. 2
Prerequisites ............................................................................................................................................................ 2 CGN technologies ................................................................................................................................................... 2
CGN SCALEOUT ARCHITECTURE ...................................................................... 3
CGN Scaleout Traffic Distribution ....................................................................................................................... 3
CONFIGURING CGN SCALEOUT ......................................................................... 4
CGN Scaleout overview ......................................................................................................................................... 4 CGN Scaleout CLI example ................................................................................................................................... 5 CGN traffic profile ................................................................................................................................................... 6
CONFIGURATION AND OUTPUT COMMANDS ................................................. 7
Helpful links: .......................................................................................................................................................... 10 ABOUT A10 NETWORKS ..................................................................................................................................... 11
CGN Scaleout
1
THE CGN SCALEOUT SOLUTION Carrier Grade NAT (CGN) Scaleout is a powerful solution for high speed CGN network architecture. This is mainly due to CGN Scaleout’s on-demand traffic scaling and inherited fault tolerance.
ON-DEMAND TRAFFIC SCALING
The CGN Scaleout feature provides the ability to add capacity on-demand without service interruption as CGN
traffic increases. CGN Scaleout distributes traffic evenly across the cluster and makes provisioning
additional ACOS devices a seamless process. All devices in the Scaleout cluster can process CGN traffic and
maintain redundancy at the same time.
INHERITED FAULT TOLERANCE
CGN Scaleout reduces administrative overhead for capacity or high availability planning. It dynamically absorbs traffic surges by intelligently distributing traffic to other ACOS devices in the Scaleout cluster. In case of a node failure, the traffic load gets distributed among the remaining nodes without traffic interruption. This means that there is no need to re-architect the network due to traffic scaling requirements and events causing sudden traffic spikes.
This article focuses on how to implement CGN Scaleout to maximize its benefits. It also includes a CGN architecture and configuration examples.
CGN Scaleout
2
CGN SCALEOUT IMPLEMENTATION The key advantages of CGN Scaleout are scalability, efficiency, and redundancy. CGN Scaleout ensures all
devices in the scaleout cluster process CGN traffic without any devices remaining idle. In addition, the
implementation of CGN Scaleout follows a concise workflow process.
PREREQUISITES
Before implementing CGN Scaleout, check the following prerequisites.
o To run CGN Scaleout on ACOS devices, ensure the following minimum requirements:
- The minimum software requirement is 4.1.2-P1.
- The minimum number of devices for a CGN Scaleout cluster is 2 and the maximum number of ACOS
devices is 8.
- CGN Scaleout devices must be L2 adjacent on the client side of the network architecture.
- The minimum CGN pool IP address range must be 256 contiguous addresses or a full Class C subnet.
o To use hairpinning, enable Endpoint Independent Mapping (EIM) and Endpoint Independent Filtering (EIF).
CGN TECHNOLOGIES
o CGN Scaleout currently supports:
- LSN (NAT 44, NAT64).
- Fixed-NAT (NAT44, NAT64).
CGN Scaleout
3
CGN SCALEOUT ARCHITECTURE This section illustrates CGN Scaleout architecture.
CGN SCALEOUT TRAFFIC DISTRIBUTION
In the following diagram, the CGN Scaleout cluster represented below includes 8 nodes. It shows the traffic
distribution with relation to the CGN Cluster.
CGN Scaleout – Traffic Distribution
CGN Cluster
Inbound traffic arrives on a specific cluster node based on advertised NAT address route
Subscriber outbound traffic distributed by upstream node using ECMP hash
Subscriber networks/Users
1
2
3
4
5
6
7
8
All ACOS nodes process CGN traffic in Scaleout cluster
L2 Redirection Bus
ACOS nodes use BGP to announce NAT routes to upstream routers
BGP
NAT POOL: 10.100.0.0 /24
ACOS Internal Interfaces:192.168.10.0 /24
ACOS External Interfaces:10.100.10.0 /24
Figure 1: Example of CGN Scaleout Architecture
Below is a high-level walkthrough of CGN Scaleout traffic processing as illustrated in Figure 1:
o The subscriber networks initiate application traffic. They send the traffic to the CGN Scaleout cluster and
to the Internet.
o The aggregation router of the subscriber networks uses ECMP to distribute the traffic to the CGN Scaleout
cluster. CGN Scaleout cluster uses a hash calculation to distribute each new traffic flow across the CGN
Scaleout cluster.
o The return traffic from the Internet is sent on the path that it was received on based on the advertised NAT
address.
o CGN Scaleout cluster’s built-in fault tolerance determines when CGN traffic is sent to an alternate node.
Subscriber traffic initiating traffic to the Internet is sent to an alternate node in the following conditions:
- When a node failure is detected, Layer 2 redirection is performed and the subscriber traffic is forwarded
to an alternate node.
CGN Scaleout
4
- When subscriber traffic arrives on an erroneous node, Layer 2 redirection forwards traffic to the correct
node.
o If a node failure is detected when the CGN traffic is returning from the Internet, the Scaleout cluster does
the following:
- Layer 2 redirects the flow to an alternate node.
- It withdraws the route with the NAT pool advertised by the ACOS device on the upstream router.
- It installs the route with the same NAT pool on the upstream router.
- It chooses an alternate node in the Scaleout cluster to process the return traffic.
CONFIGURING CGN SCALEOUT CGN SCALEOUT OVERVIEW
o Remove all CGN or ADC configurations from the ACOS devices.
o Globally configure Scaleout with a cluster ID.
- Command: ACOS(config)# <scaleout <1-64>>
o Configure the local device settings.
- Command: ACOS(config-cluster:10)# <local-device>
o Set the priority of the local device.
- Command: ACOS(config-cluster:10-local-device)# <priority <1-255>>
o Set the node ID of the cluster.
- Command: ACOS(config-cluster:10-local-device)# <id <1-8>
o Add device to the CGN Scaleout cluster.
- Command: ACOS(config-cluster:10)# <cluster-devices>
o Configure a device-id for each node in the cluster and configure the management IP address for each node.
- Command: ACOS(config-cluster:10-cluster-devices-de...)# <device-id <1-8>>
- Command: ACOS(config-cluster:10-cluster-devices-de...)# <ip A.B.C.D>
o Enable CGN Scaleout.
- Command: ACOS1(config)# <scaleout-cgn>
o Globally configure Scaleout with a cluster ID.
CGN Scaleout
5
CGN SCALEOUT CLI EXAMPLE
The following CLI example uses three nodes for CGN Scaleout with the cluster ID equal to 10.
ACOS device 1:
ACOS1# config terminal
ACOS1(config)# scaleout 10
ACOS1(config-cluster:10)# local-device
ACOS1(config-cluster:10-local-device)# priority 10
ACOS1(config-cluster:10-local-device)# id 1
ACOS1(config-cluster:10-local-device)# exit
ACOS1(config-cluster:10)# cluster-devices
ACOS1(config-cluster:10-cluster-devices-de...)# device-id 1
ACOS1(config-cluster:10-cluster-devices-de...)# ip 192.168.10.1
ACOS1(config-cluster:10-cluster-devices-de...)# device-id 2
ACOS1(config-cluster:10-cluster-devices-de...)# ip 192.168.10.2
ACOS1(config-cluster:10-cluster-devices-de...)# device-id 3
ACOS1(config-cluster:10-cluster-devices-de...)# ip 192.168.10.3
ACOS1(config-cluster:10-cluster-devices-de...)# exit
ACOS1(config-cluster:10-cluster-devices)# exit
ACOS1(config-cluster:10)# exit
ACOS1(config)# scaleout-cgn
ACOS device 2:
ACOS2# config terminal
ACOS2(config)# scaleout 10
ACOS2(config-cluster:10)# local-device
ACOS2(config-cluster:10-local-device)# priority 9
ACOS2(config-cluster:10-local-device)# id 2
ACOS2(config-cluster:10-local-device)# exit
ACOS2(config-cluster:10)# cluster-devices
ACOS2(config-cluster:10-cluster-devices-de...)# device-id 1
ACOS2(config-cluster:10-cluster-devices-de...)# ip 192.168.10.1
ACOS2(config-cluster:10-cluster-devices-de...)# device-id 2
ACOS2(config-cluster:10-cluster-devices-de...)# ip 192.168.10.2
ACOS2(config-cluster:10-cluster-devices-de...)# device-id 3
ACOS2(config-cluster:10-cluster-devices-de...)# ip 192.168.10.3
ACOS2(config-cluster:10-cluster-devices-de...)# exit
CGN Scaleout
6
ACOS2(config-cluster:10-cluster-devices)# exit
ACOS2(config-cluster:10)# exit
ACOS2(config)# scaleout-cgn
ACOS device 3:
ACOS3# config terminal
ACOS3(config)# scaleout 10
ACOS3(config-cluster:10)# local-device
ACOS3(config-cluster:10-local-device)# priority 8
ACOS3(config-cluster:10-local-device)# id 3
ACOS3(config-cluster:10-local-device)# exit
ACOS3(config-cluster:10)# cluster-devices
ACOS3(config-cluster:10-cluster-devices-de...)# device-id 1
ACOS3(config-cluster:10-cluster-devices-de...)# ip 192.168.10.1
ACOS3(config-cluster:10-cluster-devices-de...)# device-id 2
ACOS3(config-cluster:10-cluster-devices-de...)# ip 192.168.10.2
ACOS3(config-cluster:10-cluster-devices-de...)# device-id 3
ACOS3(config-cluster:10-cluster-devices-de...)# ip 192.168.10.3
ACOS3(config-cluster:10-cluster-devices-de...)# exit
ACOS3(config-cluster:10-cluster-devices)# exit
ACOS3(config-cluster:10)# exit
ACOS3(config)# scaleout-cgn
The following output shows the status of the CGN Scaleout cluster:
ACOS# show scaleout
Role - Cluster Master
Device 1 - Active (Local) (Master)
Device 2 - Active
Device 3 - Active
CGN TRAFFIC PROFILE
The steps to CGN along with Scaleout referencing Figure 1: Example of CGN Scaleout Architecture.
o Configure an IP class list with the network subnet(s) that will be processed for CGN traffic.
CGN Scaleout
7
o Configure the interfaces and relative CGN segments.
o Bind the IP class list for use with CGN.
o Create a NAT pool range.
o Create LSN LID (Large Scale NAT Identifier).
o Bind the NAT pool to the lsn-lid identifier used in the class-list.
o Configure BGP and redistribute the NAT pool.
Configure the CGN traffic profile on each CGN Scaleout node. The following CLI example configures a CGN
traffic profile on a node in the CGN Scaleout cluster:
ACOS1(config)# config terminal
ACOS1(config)# class-list CL10
ACOS1(config-class list)# 10.10.0.0/16 lsn-lid 1
ACOS1(config-class list)# interface ethernet 1
ACOS1(config-if:ethernet:1)# ip nat inside
ACOS1(config-if:ethernet:1)# interface ethernet 2
ACOS1(config-if:ethernet:2)# ip nat outside
ACOS1(config-if:ethernet:2)# exit
ACOS1(config)# cgnv6 lsn inside source class-list CL10
ACOS1(config)# cgnv6 nat pool POOL1 10.100.0.0 netmask /24
ACOS1(config)# cgnv6 lsn-lid 1
ACOS1(config-lsn-lid)# source-nat-pool POOL1
ACOS1(config-lsn-lid)# exit
ACOS1(config)# router bgp 65010
ACOS1(config-bgp:65010)# neighbor 10.100.100.99 remote-as 65010
ACOS1(config-bgp:65010)# redistribute ip-nat
CONFIGURATION AND OUTPUT COMMANDS Following is the entire configuration and output commands including a CGN traffic profile and CGN Scaleout
referencing Figure 1: Example of CGN Scaleout Architecture.
CGN Scaleout
8
Refer to Configuring Scaleout and the IPv6 Configuration reference manuals for detailed overviews. The output
commands will validate route advertising and traffic distribution across the CGN Scaleout cluster.
COMMAND: <SHOW RUNNING-CONFIG>
ACOS1# show running-config
!Current configuration: 961 bytes
!Configuration last updated at 16:46:41 GMT Thu Mar 8 2018
!Configuration last saved at 08:31:06 GMT Thu Mar 8 2018
!64-bit Advanced Core OS (ACOS) version 4.1.4, build 307 (Feb-12-2018,06:47)
!
!
class-list CL10
10.10.0.0/16 lsn-lid 1
!
interface ethernet 1
name INSIDE
enable
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface ethernet 2
name OUTSIDE
enable
ip address 10.100.10.1 255.255.255.0
ip nat outside
!
!
scaleout 10
local-device
priority 10
id 1
cluster-devices
device-id 1
ip 192.168.10.1
device-id 2
ip 192.168.10.2
device-id 2
ip 192.168.10.3
!
scaleout-cgn enable
CGN Scaleout
9
!
cgnv6 lsn inside source class-list CL10
!
cgnv6 nat pool POOL1 10.100.0.0 netmask /24
!
cgnv6 lsn-lid 1
source-nat-pool pool1
!
router bgp 65010
neighbor 10.100.100.99 remote-as 65010
redistribute ip-nat
!
end
All three CGN Scaleout nodes announce the 10.100.0.0/24 network NAT pool as /32 routes to the upstream
router via BGP. The CGN configuration is the same on all nodes. Each node advertises only its own set of
public NAT addresses:
COMMAND: <SHOW IP BGP>
ACOS1# show ip bgp
BGP table version is 1, local router ID is 192.168.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale, m multipath
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Type Path
*>i10.100.0.203/32 10.100.100.92 0 100 32768 ?
*>i10.100.0.206/32 10.100.100.92 0 100 32768 ?
*>i10.100.0.208/32 10.100.100.92 0 100 32768 ?
*>i10.100.0.211/32 10.100.100.92 0 100 32768 ?
*>i10.100.0.212/32 10.100.100.92 0 100 32768 ?
CGN Scaleout classifies subscriber traffic and the NAT IP pool into user groups and assigns each CGN
Scaleout cluster node to a hash bucket. The hash value calculation determines how each new subsciber
traffic flow is distributed across the CGN Scaleout cluster. Use the following command to see how the CGN
Scaleout IP NAT pool is distributed across the CGN SCaleout cluster:
CGN Scaleout
10
COMMAND: <SHOW SCALEOUT NAT-POOL <NAME>>
ACOS1#show scaleout nat-pool POOL1
Pool Name: POOL1
Address User-Group Active Device
----------------------------------------------
10.100.0.201 201 1
10.100.0.202 202 1
10.100.0.203 203 2
10.100.0.204 204 3
10.100.0.205 205 3
10.100.0.206 206 2
HELPFUL LINKS:
For the complete guide to configuring CGN Scaleout, see the following link:
https://documentation.a10networks.com/scaleout
For the complete guide to configuring CGN also known as Large Scale NAT (LSN), see the following link:
https://documentation.a10networks.com/CGN
11
LEARN MORE ABOUT A10 NETWORKS
CONTACT US
a10networks.com/contact
©2018 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, ACOS, A10 Thunder, A10 Lightning, A10 Harmony and SSL Insight are trademarks or registered trademarks of A10 Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. For the full list of trademarks, visit: www.a10networks.com/a10-trademarks.
ABOUT A10 NETWORKS
A10 Networks (NYSE: ATEN) is a Secure Application Services™ company, providing a range of high-performance application
networking solutions that help organizations ensure that their data center applications and networks remain highly
available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, Calif., and serves customers
globally with offices worldwide.
For more information, visit: a10networks.com or tweet @a10Networks