1. BNG and CG-NAT

1.1. PPPoE and CG-NAT

The following is an example of CG-NAT configuration done above a PPPoE configuration. In this example, the PPP server peer pool is 192.168.0.2-192.168.0.255. If the source address matches this IP range, the source address will be translated using a public IP in the pool 10.205.3.4-10.205.3.5.

Note

To use the 6WIND CG-NAT capabilities, an additional license is required.

1. First, configure PPPoE as described in PPPoE Dual Stack Configuration. In this example, 3 PPPoE sessions are established.

   vbng> show ppp-server session instance pppoe-server
   interface username mac address       ip address  status uptime   l3vrf vlans
   ========= ======== ===========       ==========  ====== ======   ===== =====
   ppp0      user1    00:09:c0:12:34:45 192.168.0.2 active 00:02:32
   ppp1      user2    00:09:c0:12:34:46 192.168.0.3 active 00:01:58
   ppp2      user3    00:09:c0:12:34:47 192.168.0.4 active 00:01:49
   

2. Configure dynamic source CG-NAT

   vbng> edit running
   vbng running config# vrf main cg-nat pool p1
   vbng running pool p1#! address 10.205.3.4-10.205.3.5
   vbng running pool p1#! allocation-mode dynamic-block block-size 8
   vbng running pool p1#! ..
   vbng running cg-nat#! rule 1
   vbng running rule 1# dynamic-snat44 match source ipv4-address 192.168.0.0/24
   vbng running rule 1#! dynamic-snat44 match outbound-interface eth0
   vbng running rule 1#! dynamic-snat44 translate-to pool-name p1
   vbng running rule 1# commit
   

3. From PPPoE client side, established several HTTP sessions and check CG-NAT statistics.

   vnbg> show cg-nat user-count
   rule 1:
   3
   
   vnbg> show cg-nat user
   rule 1:
   192.168.0.2
           8 conntracks
           1/1 tcp blocks, 0/1 udp blocks, 0/1 icmp blocks, 0/1 gre blocks
           1 no port errors, 0 no block errors, 0 no public ip errors, 0 full public ip errors
   192.168.0.3
           8 conntracks
           1/1 tcp blocks, 0/1 udp blocks, 0/1 icmp blocks, 0/1 gre blocks
           1 no port errors, 0 no block errors, 0 no public ip errors, 0 full public ip errors
   192.168.0.4
           8 conntracks
           1/1 tcp blocks, 0/1 udp blocks, 0/1 icmp blocks, 0/1 gre blocks
           1 no port errors, 0 no block errors, 0 no public ip errors, 0 full public ip errors
   
   vnbg> show cg-nat pool-address pool-name p1
   10.205.3.4
           1/8064 tcp blocks, 1/8064 udp blocks, 1/8064 icmp blocks, 1/8064 gre blocks
   10.205.3.5
           2/8064 tcp blocks, 2/8064 udp blocks, 2/8064 icmp blocks, 2/8064 gre blocks
   
   vnbg> show cg-nat pool-usage pool-name p1
   tcp block usage: 3/16128 (0.02%)
   udp block usage: 3/16128 (0.02%)
   icmp block usage: 3/16128 (0.02%)
   gre block usage: 3/16128 (0.02%)
   
   vbng> show cg-nat conntracks user-address 192.168.0.2
   rule 1:
   CONN:
           state: time_wait alg:none inactive_since:53s timeout:120s
           origin: tcp 192.168.0.2:42389 -> 10.100.0.1:8000
           reply : tcp 10.100.0.1:8000 -> 10.205.3.4:1030
           NAT source: 192.168.0.2:42389 -> 10.205.3.4:1030
           di:egress iface:eth0
   CONN:
           state: time_wait alg:none inactive_since:53s timeout:120s
           origin: tcp 192.168.0.2:48733 -> 10.100.0.1:8000
           reply : tcp 10.100.0.1:8000 -> 10.205.3.4:1028
           NAT source: 192.168.0.2:48733 -> 10.205.3.4:1028
           di:egress iface:eth0
   CONN:
           state: time_wait alg:none inactive_since:53s timeout:120s
           origin: tcp 192.168.0.2:36269 -> 10.100.0.1:8000
           reply : tcp 10.100.0.1:8000 -> 10.205.3.4:1026
           NAT source: 192.168.0.2:36269 -> 10.205.3.4:1026
           di:egress iface:eth0
   CONN:
           state: time_wait alg:none inactive_since:53s timeout:120s
           origin: tcp 192.168.0.2:42957 -> 10.100.0.1:8000
           reply : tcp 10.100.0.1:8000 -> 10.205.3.4:1024
           NAT source: 192.168.0.2:42957 -> 10.205.3.4:1024
           di:egress iface:eth0
   

See also

See the User’s Guide for more information regarding:

• CG-NAT basics