[159813] in North American Network Operators' Group
Re: CGN fixed/hashed nat question
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Tue Jan 22 21:57:58 2013
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: NANOG list <nanog@nanog.org>
Date: Wed, 23 Jan 2013 02:57:38 +0000
In-Reply-To: <078d01cdf8ea$d280bb20$77823160$@cisco.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Jan 23, 2013, at 4:52 AM, Dan Wing wrote:
> If using the CGN configuration, then no logging event needs to be generat=
ed.
Behavioral/statistical telemetry is very important for security, traffic en=
gineering/capacity planning, and troubleshooting purposes. The overwhelmin=
g need for it is orthogonal to any schemes for hashing NAT source/dest port=
s. =20
What's needed in this regard for CGNs (for any NATs/proxies, really) is som=
ething analogous to Cisco's NSEL for ASA, hopefully implemented as IPFIX EE=
s.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
