North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NAT for an ISP
On Wed, 4 Jun 2003, Dan Armstrong wrote: > > 90% of our customers all use private address space. We only give out > real address space to customers that have servers that need to be > visible. We run NAT on several customer facing routers. > > Cool stuff we can do is setup PPTP VPNs on the same router to give > people "access from home" to their LAN. Same with L2TP/ILEC DSL. > > Problems include: > > We have a big nat pool on each router. If some twerp customer gets > infected with some windoze crap, tracking it down can be a bit more > work. > > Until recently, the IOS could not take huge volumes of NAT without > tossing it's cookies from time to time. > > We have been toying around with VRFs & NAT which was recently introduced > in the IOS, and it appears that in a NAT situation, the VRFs "leak" > between each other, which scares the crap out of me. We are going to > wait for a couple of revisions of the IOS before looking into that > again. Why on earth would you do anything other than push NAT responsibility to the end-user CPE? So you can do the aforementiond "cool stuff"? Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
|