[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CGN fixed/hashed nat question
On Jan 23, 2013, at 4:52 AM, Dan Wing wrote:
> If using the CGN configuration, then no logging event needs to be generated.
Behavioral/statistical telemetry is very important for security, traffic engineering/capacity planning, and troubleshooting purposes. The overwhelming need for it is orthogonal to any schemes for hashing NAT source/dest ports.
What's needed in this regard for CGNs (for any NATs/proxies, really) is something analogous to Cisco's NSEL for ASA, hopefully implemented as IPFIX EEs.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton