[37937] in Resnet-Forum
Re: Anyone using NAT in Resnet?
daemon@ATHENA.MIT.EDU (Peter P Morrissey)
Thu Feb 7 11:15:11 2013
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_47FE4CC0B92ADA478ECC286A11E973012FCB73SUEX10mbx03adsyre_"
MIME-Version: 1.0
Message-ID: <47FE4CC0B92ADA478ECC286A11E973012FCB73@SUEX10-mbx-03.ad.syr.edu>
Date: Thu, 7 Feb 2013 16:14:13 +0000
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: Peter P Morrissey <ppmorris@syr.edu>
To: RESNET-L@LISTSERV.ND.EDU
In-Reply-To: <CANajV=OhdyZfbYg8Ppqc7xmKGJMTh7MLRK8rUi7a2ZnhUd7f6Q@mail.gmail.com>
--_000_47FE4CC0B92ADA478ECC286A11E973012FCB73SUEX10mbx03adsyre_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Assuming you are logging all the internal IP's and connections, but you are=
using a minimal amount of routable IP's, do you wind up with enough inform=
ation to reliably connect an external IP address provided by a DMCA notice =
to an internal IP address? We are considering moving to this model as well,=
but still trying to understand how this would work.
Pete M.
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Hall, Ran=
d
Sent: Thursday, February 07, 2013 8:18 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: Anyone using NAT in Resnet?
We've been doing NAT overload for ages with no problems. Not a single end u=
ser machine has an routable address or a 1-1 NAT.
As Jeff notes, you want the NAT to be done very close to the border. You'll=
want your Procera inside for sure.
Put some thought into logging. DMCA tracing can be fun if you don't :-)
Rand
Rand P. Hall
Director, Network Services askIT!
Merrimack College
978-837-3532
rand.hall@merrimack.edu<mailto:rand.hall@merrimack.edu>
If I had an hour to save the world, I would spend 59 minutes defining the p=
roblem and one minute finding solutions. - Einstein
On Wed, Feb 6, 2013 at 7:05 PM, Todd Chapman <tachapman@ucdavis.edu<mailto:=
tachapman@ucdavis.edu>> wrote:
Hello,
We are running into IP space limitations here and are considering using NAT=
for the student housing network. We have a Procera PL8820 handling the ban=
dwidth enforcement duties. My question is, has anyone out there done this w=
ith a similar setup, and if so are there any 'gotcha' issues to be aware of=
?
Thanks,
Todd Chapman
UC Davis
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_47FE4CC0B92ADA478ECC286A11E973012FCB73SUEX10mbx03adsyre_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri","sans-serif";color:#1F497D">Assuming you are logging =
all the internal IP’s and connections, but you are using a minimal am=
ount of routable IP’s, do you wind up with enough information
to reliably connect an external IP address provided by a DMCA notice to an=
internal IP address? We are considering moving to this model as well, but =
still trying to understand how this would work.
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri","sans-serif";color:#1F497D">Pete M.<o:p></o:p></span>=
</p>
<p class=3D"MsoNormal"><span style=3D"font-size:11.0pt;font-family:"Ca=
libri","sans-serif";color:#1F497D"><o:p> </o:p></span><=
/p>
<div style=3D"border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in =
0in 0in">
<p class=3D"MsoNormal"><b><span style=3D"font-size:10.0pt;font-family:"=
;Tahoma","sans-serif"">From:</span></b><span style=3D"font-s=
ize:10.0pt;font-family:"Tahoma","sans-serif""> Resnet F=
orum [mailto:RESNET-L@LISTSERV.ND.EDU]
<b>On Behalf Of </b>Hall, Rand<br>
<b>Sent:</b> Thursday, February 07, 2013 8:18 AM<br>
<b>To:</b> RESNET-L@LISTSERV.ND.EDU<br>
<b>Subject:</b> Re: Anyone using NAT in Resnet?<o:p></o:p></span></p>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
<div>
<p class=3D"MsoNormal">We've been doing NAT overload for ages with no probl=
ems. Not a single end user machine has an routable address or a 1-1 NAT.<o:=
p></o:p></p>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class=3D"MsoNormal">As Jeff notes, you want the NAT to be done very clos=
e to the border. You'll want your Procera inside for sure.<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Put some thought into logging. DMCA tracing can be f=
un if you don't :-)<o:p></o:p></p>
</div>
</div>
<div>
<p class=3D"MsoNormal"><br clear=3D"all">
<o:p></o:p></p>
<div>
<div>
<p class=3D"MsoNormal"> <o:p></o:p>=
</p>
</div>
<div>
<p class=3D"MsoNormal">Rand<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Rand P. Hall<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Director, Network Services &n=
bsp; askI=
T!<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">Merrimack College<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal">978-837-3532<o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><a href=3D"mailto:rand.hall@merrimack.edu" target=3D=
"_blank">rand.hall@merrimack.edu</a><o:p></o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class=3D"MsoNormal"><span style=3D"font-size:9.0pt;font-family:"Ver=
dana","sans-serif";color:#555555;background:white">If I had =
an hour to save the world, I would spend 59 minutes defining the problem an=
d one minute finding solutions. – Einstein</span>
<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal" style=3D"margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class=3D"MsoNormal">On Wed, Feb 6, 2013 at 7:05 PM, Todd Chapman <<a =
href=3D"mailto:tachapman@ucdavis.edu" target=3D"_blank">tachapman@ucdavis.e=
du</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto">Hello,<o:p></o:p></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"> <o:p></o:p></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto">We are running into IP space limitations here and are considering =
using NAT for the student housing network. We have a Procera PL8820 handlin=
g the bandwidth enforcement duties.
My question is, has anyone out there done this with a similar setup, and i=
f so are there any ‘gotcha’ issues to be aware of?<o:p></o:p></=
p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto"> <o:p></o:p></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto">Thanks,<o:p></o:p></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto">Todd Chapman<o:p></o:p></p>
<p class=3D"MsoNormal" style=3D"mso-margin-top-alt:auto;mso-margin-bottom-a=
lt:auto">UC Davis<o:p></o:p></p>
</div>
</div>
<p class=3D"MsoNormal">___________________________________________________ =
You are subscribed to the ResNet-L mailing list.
<o:p></o:p></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
<o:p></o:p></p>
</div>
<p class=3D"MsoNormal"><o:p> </o:p></p>
</div>
<p class=3D"MsoNormal">___________________________________________________ =
You are subscribed to the ResNet-L mailing list.
<o:p></o:p></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
<o:p></o:p></p>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_47FE4CC0B92ADA478ECC286A11E973012FCB73SUEX10mbx03adsyre_--
