[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CGN fixed/hashed nat question

Subject: CGN fixed/hashed nat question
From: rdobbins at arbor.net (Dobbins, Roland)
Date: Wed, 23 Jan 2013 02:57:38 +0000
In-reply-to: <[email protected]>
References: <CAHd7N8MV+Lwp_t41wx_f4UzZdx4zPfgn35Hy+BZkrEZ-72E4Ew@mail.gmail.com> <[email protected]>

On Jan 23, 2013, at 4:52 AM, Dan Wing wrote:

> If using the CGN configuration, then no logging event needs to be generated.

Behavioral/statistical telemetry is very important for security, traffic engineering/capacity planning, and troubleshooting purposes.  The overwhelming need for it is orthogonal to any schemes for hashing NAT source/dest ports.  

What's needed in this regard for CGNs (for any NATs/proxies, really) is something analogous to Cisco's NSEL for ASA, hopefully implemented as IPFIX EEs.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton

Follow-Ups:
- CGN fixed/hashed nat question
  - From: nick at foobar.org (Nick Hilliard)

References:
- CGN fixed/hashed nat question
  - From: eric.oosting at gmail.com (Eric Oosting)
- CGN fixed/hashed nat question
  - From: dwing at cisco.com (Dan Wing)

Prev by Date: CGN fixed/hashed nat question
Next by Date: Security reporting response handling [was: Suggestions for the future on your web site]
Previous by thread: CGN fixed/hashed nat question
Next by thread: CGN fixed/hashed nat question
Index(es):
- Date
- Thread