nanog mailing list archives

Re: CGN fixed/hashed nat question

From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Wed, 23 Jan 2013 02:57:38 +0000


On Jan 23, 2013, at 4:52 AM, Dan Wing wrote:

If using the CGN configuration, then no logging event needs to be generated.


Behavioral/statistical telemetry is very important for security, traffic engineering/capacity planning, and 
troubleshooting purposes.  The overwhelming need for it is orthogonal to any schemes for hashing NAT source/dest ports. 
 

What's needed in this regard for CGNs (for any NATs/proxies, really) is something analogous to Cisco's NSEL for ASA, 
hopefully implemented as IPFIX EEs.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com>

          Luck is the residue of opportunity and design.

                       -- John Milton

Current thread:

CGN fixed/hashed nat question Eric Oosting (Jan 21)
- Re: CGN fixed/hashed nat question Nick Hilliard (Jan 21)
  - Re: CGN fixed/hashed nat question Eric Oosting (Jan 21)
- RE: CGN fixed/hashed nat question Dan Wing (Jan 22)
  - Re: CGN fixed/hashed nat question Dobbins, Roland (Jan 22)
    - Re: CGN fixed/hashed nat question Nick Hilliard (Jan 23)
    - Re: CGN fixed/hashed nat question Sander Steffann (Jan 23)
    - Re: CGN fixed/hashed nat question Randy Bush (Jan 23)
    - Re: CGN fixed/hashed nat question Nick Hilliard (Jan 23)
    - Re: CGN fixed/hashed nat question Jean-Francois Mezei (Jan 23)
    - Re: CGN fixed/hashed nat question William Herrin (Jan 23)
    - Re: CGN fixed/hashed nat question Christian Kratzer (Jan 23)
    - Re: CGN fixed/hashed nat question William Herrin (Jan 23)
  - Re: CGN fixed/hashed nat question William Herrin (Jan 23)
    - Re: CGN fixed/hashed nat question Simon Perreault (Jan 23)

(Thread continues...)