[172024] in North American Network Operators' Group
Re: NAT IP and Google
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed May 21 14:29:40 2014
X-Original-To: nanog@nanog.org
From: Owen DeLong <owen@delong.com>
In-Reply-To: <CAMY_91uiAUnW_-PrPqxjZJ5jz_Fn=Qt-AE9RzV+puUmd05afng@mail.gmail.com>
Date: Wed, 21 May 2014 11:26:50 -0700
To: Kevin Kadow <kkadow@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
This works out especially well if you are using VOIP behind said NAT. ;-)
Owen
On May 20, 2014, at 10:27 AM, Kevin Kadow <kkadow@gmail.com> wrote:
> If at all possible, consider using a NAT pool instead of translating
> all outbound web traffic to a single IP address. When I ran
> Tribune's network (with about 15K internal client IPs), we were
> blacklisted by Google several times due to high query volumes. In the
> end I built a pair of /24 NAT pools, so for example all internal
> 10.x.y.124 addresses are translated to "kevin.nat.trb.com".
>
> In my experience, Google does temporary blacklisting based both on
> rate and also for certain types of queries; you can reduce your chance
> of a ban by using a smart proxy to rate-limit or deny certain types of
> query, or to choose the source address based on the URL requested,
> basically have a "low risk" and a "high risk" source address.
