[172000] in North American Network Operators' Group
Re: NAT IP and Google
daemon@ATHENA.MIT.EDU (Kevin Kadow)
Tue May 20 15:55:31 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <BLU436-SMTP42EBC3982ECAE359BA45A1BC3D0@phx.gbl>
Date: Tue, 20 May 2014 13:27:44 -0400
From: Kevin Kadow <kkadow@gmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
If at all possible, consider using a NAT pool instead of translating
all outbound web traffic to a single IP address. When I ran
Tribune's network (with about 15K internal client IPs), we were
blacklisted by Google several times due to high query volumes. In the
end I built a pair of /24 NAT pools, so for example all internal
10.x.y.124 addresses are translated to "kevin.nat.trb.com".
In my experience, Google does temporary blacklisting based both on
rate and also for certain types of queries; you can reduce your chance
of a ban by using a smart proxy to rate-limit or deny certain types of
query, or to choose the source address based on the URL requested,
basically have a "low risk" and a "high risk" source address.
