HSRP and Stateful SNAT

johnny_jiang

                IOS Configuration
==================
R1:
               
               
               
interface FastEthernet1/0
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
standby delay reload 60
standby 1 ip 10.10.10.254
standby 1 priority 105
standby 1 preempt delay minimum 60 reload 60 sync 60
standby 1 name snathsrp
standby 1 track 11 decrement 6
!
interface FastEthernet2/0
ip address 172.16.10.1 255.255.255.0
ip nat outside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
ip http server
!
!
ip nat Stateful id 1
     redundancy snathsrp
         mapping-id 10
         interface  FastEthernet1/0
         protocol   udp
ip nat pool snat 172.16.10.10 172.16.10.11 prefix-length 24
ip nat inside source list 100 pool snat mapping-id 10 overload
Command Note:
standby 1 preempt delay minimum 60 reload 60 sync 60
We need to define these timers for stateful information transfer.
standby 1 name snathsrpRedundancy is based on HSRP name.
ip nat Stateful id 1
     redundancy snathsrp
         mapping-id 10
         interface  FastEthernet1/0
         protocol   udp
ip nat pool snat 172.16.10.10 172.16.10.11 prefix-length 24
ip nat inside source list 100 pool snat mapping-id 10 overload
Basically this is the essential why HSRP can keep stateful. id and mapping-id are not necessarily same on two routers, only redundancy name should be taken care. On the other hand, we also do not have to use mapping-id with NAT senmatic.
R2 is the same as R1.
Debugging Log:
*Mar  1 01:13:59.827: SNAT Redundancy(prempt): we are in middle of FOR_ALL snathsrp snathsrp
*Mar  1 01:13:59.835: %HSRP-5-STATECHANGE: FastEthernet1/0 Grp 1 state Standby -> Active
*Mar  1 01:13:59.839: %SNAT-5-PROCESS: Id 2, System start converging
*Mar  1 01:13:59.851: %SNAT-5-PROCESS: Id 2, System fully converged
*Mar  1 01:13:59.939: SNAT (Receive): CONVERGENCE Message for Router-Id: 1 from Peer Router-Id: 1
You can see that R2 has id 2 (stateful id) while R1 has id 1.
*Mar  1 01:24:59.703: HSRP: Fa1/0 Grp 1 Redundancy enquiry for snathsrp succeeded
*Mar  1 01:24:59.899: HSRP: Fa1/0 Grp 1 Hello  out 10.10.10.2 Active  pri 100 vIP 10.10.10.254
*Mar  1 01:25:00.991: HSRP: Fa1/0 Grp 1 Hello  in  10.10.10.1 Standby pri 99 vIP 10.10.10.254
*Mar  1 01:25:01.703: HSRP: Fa1/0 Grp 1 Redundancy enquiry for snathsrp succeeded
*Mar  1 01:25:02.911: HSRP: Fa1/0 Grp 1 Hello  out 10.10.10.2 Active  pri 100 vIP 10.10.10.254
*Mar  1 01:25:03.703: HSRP: Fa1/0 Grp 1 Redundancy enquiry for snathsrp succeeded


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u1/42903/showart_1012254.html