[128102] in North American Network Operators' Group
Re: IPv4 Exhaustion...
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sat Jul 24 16:29:58 2010
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: Your message of "Sat, 24 Jul 2010 15:40:58 EDT."
<AANLkTilw2zKtYajFt2Mzi3d1MXlLBop78agAVYXfOk7l@mail.gmail.com>
From: Valdis.Kletnieks@vt.edu
Date: Sat, 24 Jul 2010 16:28:32 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1280003312_3953P
Content-Type: text/plain; charset=us-ascii
On Sat, 24 Jul 2010 15:40:58 EDT, Christopher Morrow said:
> why wouldn't you just do the intercept before the LSN?
That gets interesting too, when several tens of thousands of users may all be
behind the same LSN. Making sure you intercept only the right user's traffic
gets a lot more interesting in front of the LSN. Doing it behind the LSN means
you can snarf up just the traffic heading to/from one NAT'ed IP, which is
hopefully changing not all that often. Doing it in front of the LSN means you
need to decide whether to capture the data in real time on a per-flow basis
(consider the fun involved in catching a SYN packet outbound - what's your time
budget between when the miscreant's packet leaves his host and when you have to
catch it on the outbound side of the LSN)...
--==_Exmh_1280003312_3953P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMS0zwcC3lWbTT17ARAhO3AJ91i63zT4Xkdm9ZlB9Ze6xa9d8j0QCg1gU2
tUhUCoNv+oGYkgURz7/FmMs=
=R5Ax
-----END PGP SIGNATURE-----
--==_Exmh_1280003312_3953P--
