[171481] in North American Network Operators' Group
Re: We hit half-million: The Cidr Report
daemon@ATHENA.MIT.EDU (Owen DeLong)
Fri May 2 00:02:54 2014
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <3F9B9ED2-C78D-4073-9DC1-F494CE1B92B6@cisco.com>
Date: Thu, 1 May 2014 21:01:52 -0700
To: "Fred Baker (fred)" <fred@cisco.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On May 1, 2014, at 4:57 PM, Fred Baker (fred) <fred@cisco.com> wrote:
>=20
> On May 1, 2014, at 4:10 PM, Jean-Francois Mezei =
<jfmezei_nanog@vaxination.ca> wrote:
>=20
>> Pardon my ignorance here. But in a carrier-grade NAT implementation =
that
>> serves say 5000 users, when happens when someone from the outside =
tries
>> to connect to port 80 of the shared routable IP ?=20
>=20
> More to the point, your trust boundary includes 5000 people. Do you =
know them all? Who maintains their systems and software? Do you trust =
them?
>=20
> What happens if they approach you from behind the NAT?
It=92s unlikely that CGN changes this at all=85 Most CGN deployments =
will be a second layer of horror on top of the existing horrors already =
present.
Owen
