[159817] in North American Network Operators' Group
Re: CGN fixed/hashed nat question
daemon@ATHENA.MIT.EDU (Nick Hilliard)
Wed Jan 23 07:38:42 2013
X-Envelope-To: nanog@nanog.org
Date: Wed, 23 Jan 2013 12:38:22 +0000
From: Nick Hilliard <nick@foobar.org>
To: "Dobbins, Roland" <rdobbins@arbor.net>
In-Reply-To: <8B2BD12C-D86E-4CAC-943C-B720B054A4C0@arbor.net>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 23/01/2013 02:57, Dobbins, Roland wrote:
> The overwhelming need for it is orthogonal to any schemes for hashing NAT source/dest ports.
There are several conflicting requirements, including:
- requirement to run a business which makes money
- constraints on IPv4 addresses which mandate NAT
- law enforcement requirements, mandating either logging / port tracking
- network telemetry
law enforcement requirements aren't generally an issue until you get hit up
by a LEA / court order, at which point they become critical to ensuring
that your management doesn't end up displaying contempt of court. For some
reason, management can get quite excited about this - more so than any
enthusiasm they might ever show for good quality network telemetry.
Nick
