[73583] in North American Network Operators' Group
Re: Best Practices for Enterprise networks
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Sun Aug 29 20:34:07 2004
Date: Mon, 30 Aug 2004 00:31:33 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@mci.com>
In-reply-to: <20040829.171330.12969.576091@webmail05.lax.untd.com>
To: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Cc: iljitsch@muada.com, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 30 Aug 2004, Fergie (Paul Ferguson) wrote:
>
>
> Asymmetric paths are a fact of life in the Internet.
>
engineer your network to deal with that (from the enterprise perspective,
not the ISP side) and it's not a problem... we have several customers in
this scenario today, all work well.
> - ferg
>
> -- Iljitsch van Beijnum <iljitsch@muada.com> wrote:
>
> On 30-aug-04, at 0:50, Tracy Smith wrote:
>
> > Hello. I am tyring to gauge what the Best Practices are for
> > Enterprise network connections to the Internet. Specifically, to NAT
> > or not to NAT? At what point should NAT-ting be performed ...
> > exclusively at the Egress point or at decentralized points? What
> > about firewalling - centralized/decentralized?
>
> Fortunately, I've never been in the position to make such decisions,
> but I can tell you one thing: if you have multiple connections to the
> internet, you had better make sure that your NATs and firewalls are
(aimed at original poster)
NAT is normally a decision local to the site... "have enough ips? don't
nat" "Don't have enough ips, NAT" or the ever popular: "Want to hide your
internal network details, nat"
I'm not sure there is a 'best practice' that really covers nat. Perhaps
paying for some consulting from some of the larger consulting firms would
help you address your particular issues directly?
