[37943] in Resnet-Forum
Re: Anyone using NAT in Resnet?
daemon@ATHENA.MIT.EDU (Osborne, Bruce W)
Sat Feb 9 18:53:24 2013
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_7F8CAE21F9C1C94A90F11320EF3974CE55F26E89LUEMSMAIL01Univ_"
MIME-Version: 1.0
Message-ID: <7F8CAE21F9C1C94A90F11320EF3974CE55F26E89@LUEMSMAIL01.University.liberty.edu>
Date: Sat, 9 Feb 2013 23:50:24 +0000
Reply-To: Resnet Forum <RESNET-L@LISTSERV.ND.EDU>
From: "Osborne, Bruce W" <bosborne@liberty.edu>
To: RESNET-L@LISTSERV.ND.EDU
--_000_7F8CAE21F9C1C94A90F11320EF3974CE55F26E89LUEMSMAIL01Univ_
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
I do\id not want to say "every time" since I am not usually involved on the=
tracing, just some of the supporting systems.
Bruce Osborne
Wireless Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
40 Years of Training Champions for Christ: 1971-2011
________________________________
From: Peter P Morrissey [ppmorris@syr.edu]
Sent: Friday, February 08, 2013 8:27 AM
Subject: Re: Anyone using NAT in Resnet?
=93=85 we can, many times, trace this back to a particular user=85=94
Thanks Bruce. That confirmed my concern. We are used to being able to do th=
is every time, not many times.
Pete
From: Resnet Forum [mailto:RESNET-L@LISTSERV.ND.EDU] On Behalf Of Osborne, =
Bruce W
Sent: Friday, February 08, 2013 8:10 AM
To: RESNET-L@LISTSERV.ND.EDU
Subject: Re: Anyone using NAT in Resnet?
Here at Liberty University we can, many times, trace this back to a particu=
lar user.
We have Procera PacketLogic devices inside and outside our edge firewalls. =
The outside devices are for bandwidth shaping & QoS. The inside devices ar=
e used for bandwidth management. They receive data from our Aruba ClearPass=
RADIUS servers that map a user name to an IP address. For non-802.1x devic=
es like game consoles, the device has been registered, so the PacketLogic b=
oxes have that user name.
This system allows us to warn heavy users and restrict their Internet bandw=
idth speed if they use too much. The user name to inside IP address mapping=
allows us to trace this back to an individual user, in most cases.
In the future , we hope to allow heavy users to be able to purchase additio=
nal bandwidth to help fund our ever expanding Internet connections.
Bruce Osborne
Network Engineer
IT Network Services
(434) 592-4229
LIBERTY UNIVERSITY
Training Champions for Christ since 1971
From: Jeff Kell [mailto:jeff-kell@utc.edu]
Sent: Thursday, February 7, 2013 11:29 AM
Subject: Re: Anyone using NAT in Resnet?
On 2/7/2013 11:14 AM, Peter P Morrissey wrote:
Assuming you are logging all the internal IP=92s and connections, but you a=
re using a minimal amount of routable IP=92s, do you wind up with enough in=
formation to reliably connect an external IP address provided by a DMCA not=
ice to an internal IP address? We are considering moving to this model as w=
ell, but still trying to understand how this would work.
If you can maintain 1-to-1, and use Cisco gear, you just need to monitor th=
e translation builds and teardowns, e.g.,
Feb 7 00:20:47 kernigan %ASA-6-305009: Built dynamic translation from gene=
ral-campus:10.x.x.132 to outside:150.182.x.x
Feb 7 00:20:58 kernigan %ASA-6-305010: Teardown dynamic translation from g=
eneral-campus:10.x.x.53 to outside:150.182.x.x duration 4:05:44
Feb 7 00:21:01 kernigan %ASA-6-305010: Teardown dynamic translation from g=
eneral-campus:10.x.x.203 to outside:150.182.x.x duration 9:29:51
Feb 7 00:21:04 kernigan %ASA-6-305009: Built dynamic translation from gene=
ral-campus:10.x.x.196 to outside:150.182.x.x
This can be tied time-wise to correlate an external IP address to an intern=
al one.
For DMCA verification, you may want to verify the actual connection between=
the outside IP and their reported "monitoring" IP address. You would need=
either netflow data from your routers to correlate, or also log connection=
s on the firewall. If you do the latter, the internal/external IPs are bot=
h logged on the build, e.g.,
Feb 7 00:00:32 ritchie %ASA-6-302013: Built outbound TCP connection 541518=
059 for outside:75.126.58.195/80 (75.126.58.195/80) to dorms-inside:10.x.x.=
201/55473 (150.182.x.x/55473)
Jeff
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
To subscribe, unsubscribe or search the archives, go to http://LISTSERV.ND.=
EDU/archives/resnet-l.html ________________________________________________=
___
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_7F8CAE21F9C1C94A90F11320EF3974CE55F26E89LUEMSMAIL01Univ_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
<html dir=3D"ltr">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DWindows-1=
252">
<style>@font-face {
font-family: Cambria;
}
@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@font-face {
font-family: Verdana;
}
@font-face {
font-family: Times-Roman;
}
@page WordSection1 {margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black;=
FONT-SIZE: 12pt
}
LI.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black;=
FONT-SIZE: 12pt
}
DIV.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black;=
FONT-SIZE: 12pt
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline
}
P.MsoAcetate {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Tahoma","sans-serif"; COLOR: black; FON=
T-SIZE: 8pt
}
LI.MsoAcetate {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Tahoma","sans-serif"; COLOR: black; FON=
T-SIZE: 8pt
}
DIV.MsoAcetate {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Tahoma","sans-serif"; COLOR: black; FON=
T-SIZE: 8pt
}
SPAN.EmailStyle18 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle19 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.EmailStyle20 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d
}
SPAN.BalloonTextChar {
FONT-FAMILY: "Tahoma","sans-serif"; COLOR: black
}
.MsoChpDefault {
FONT-SIZE: 10pt
}
</style><style id=3D"owaParaStyle">P {
MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px
}
</style>
</head>
<body lang=3D"EN-US" bgcolor=3D"white" vlink=3D"purple" link=3D"blue" fPSty=
le=3D"1" ocsi=3D"0">
<div style=3D"direction: ltr;font-family: Tahoma;color: #000000;font-size: =
10pt;">
<p>I do\id not want to say "every time" since I am not usually in=
volved on the tracing, just some of the supporting systems.</p>
<div>
<p> </p>
<div><font size=3D"2" face=3D"Tahoma"></font> </div>
<div><font size=3D"2" face=3D"Tahoma">Bruce Osborne <br>
Wireless Network Engineer<br>
IT Network Services<br>
<br>
(434) 592-4229<br>
<br>
LIBERTY UNIVERSITY<br>
40 Years of Training Champions for Christ: 1971-2011</font></div>
<div><font size=3D"2" face=3D"Tahoma"></font> </div>
</div>
<div style=3D"FONT-FAMILY: Times New Roman; COLOR: #000000; FONT-SIZE: 16px=
">
<hr tabindex=3D"-1">
<div style=3D"DIRECTION: ltr" id=3D"divRpF484188"><font color=3D"#000000" s=
ize=3D"2" face=3D"Tahoma"><b>From:</b> Peter P Morrissey [ppmorris@syr.edu]=
<br>
<b>Sent:</b> Friday, February 08, 2013 8:27 AM<br>
<b>Subject:</b> Re: Anyone using NAT in Resnet?<br>
</font><br>
</div>
<div></div>
<div>
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt">=93=85</span><span style=3D"FONT-FAMILY: '=
Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"> we can, many times=
, trace this back to a particular user=85=94</span></p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt"></span> </p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt">Thanks Bruce. That confirmed my concern. W=
e are used to being able to do this every time, not many times.</span></p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt"></span> </p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt">Pete</span><span style=3D"FONT-FAMILY: 'Ca=
libri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"></span></p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt"></span> </p>
<div>
<div style=3D"BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING=
-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1p=
t solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<p class=3D"MsoNormal"><b><span style=3D"FONT-FAMILY: 'Tahoma','sans-serif'=
; COLOR: windowtext; FONT-SIZE: 10pt">From:</span></b><span style=3D"FONT-F=
AMILY: 'Tahoma','sans-serif'; COLOR: windowtext; FONT-SIZE: 10pt"> Resnet F=
orum [mailto:RESNET-L@LISTSERV.ND.EDU]
<b>On Behalf Of </b>Osborne, Bruce W<br>
<b>Sent:</b> Friday, February 08, 2013 8:10 AM<br>
<b>To:</b> RESNET-L@LISTSERV.ND.EDU<br>
<b>Subject:</b> Re: Anyone using NAT in Resnet?</span></p>
</div>
</div>
<p class=3D"MsoNormal"> </p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt">Here at Liberty University we can, many ti=
mes, trace this back to a particular user.
</span></p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt"></span> </p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt">We have Procera PacketLogic devices inside=
and outside our edge firewalls. The outside devices are for bandwidth shap=
ing & QoS. The inside devices are used
for bandwidth management. They receive data from our Aruba ClearPass RADIU=
S servers that map a user name to an IP address. For non-802.1x devices lik=
e game consoles, the device has been registered, so the PacketLogic boxes h=
ave that user name.</span></p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt"></span> </p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt">This system allows us to warn heavy users =
and restrict their Internet bandwidth speed if they use too much. The user =
name to inside IP address mapping allows
us to trace this back to an individual user, in most cases.</span></p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt"></span> </p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt">In the future , we hope to allow heavy use=
rs to be able to purchase additional bandwidth to help fund our ever expand=
ing Internet connections.</span></p>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt"></span> </p>
<div>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><b><=
span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #001b3e; FONT-SIZ=
E: 11pt"></span></b> </p>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><b><=
span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #001b3e; FONT-SIZ=
E: 11pt">Bruce Osborne</span></b><span style=3D"FONT-FAMILY: 'Verdana','san=
s-serif'; COLOR: #001b3e; FONT-SIZE: 10pt"></span></p>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><i><=
span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #001b3e; FONT-SIZ=
E: 11pt">Network Engineer</span></i><span style=3D"FONT-FAMILY: 'Cambria','=
serif'; COLOR: #1f497d; FONT-SIZE: 11pt"></span></p>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><b><=
span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #001b3e; FONT-SIZ=
E: 11pt">IT Network Services</span></b><span style=3D"FONT-FAMILY: 'Cambria=
','serif'; COLOR: #1f497d; FONT-SIZE: 11pt"></span></p>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><spa=
n style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #001b3e; FONT-SIZE: =
11pt"></span><span style=3D"FONT-FAMILY: 'Cambria','serif'; COLOR: #1f497d;=
FONT-SIZE: 11pt"></span> </p>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><b><=
span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #001b3e; FONT-SIZ=
E: 11pt">(434) 592-4229</span></b><span style=3D"FONT-FAMILY: 'Cambria','se=
rif'; COLOR: #1f497d; FONT-SIZE: 11pt"></span></p>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><spa=
n style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #001b3e; FONT-SIZE: =
11pt"></span><span style=3D"FONT-FAMILY: 'Cambria','serif'; COLOR: #1f497d;=
FONT-SIZE: 11pt"></span> </p>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><b><=
span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #aa0000; FONT-SIZ=
E: 11pt">LIBERTY UNIVERSITY</span></b><b><span style=3D"FONT-FAMILY: 'Verda=
na','sans-serif'; COLOR: #aa0000; FONT-SIZE: 11pt"></span></b></p>
<p style=3D"TEXT-AUTOSPACE: ; MARGIN-RIGHT: 0.5in" class=3D"MsoNormal"><i><=
span style=3D"FONT-FAMILY: Times-Roman; COLOR: #aa0000; FONT-SIZE: 11pt">Tr=
aining Champions for Christ since 1971</span></i></p>
</div>
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt"></span> </p>
<div>
<div style=3D"BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING=
-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #e1e1e1 1p=
t solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<p class=3D"MsoNormal"><b><span style=3D"FONT-FAMILY: 'Calibri','sans-serif=
'; COLOR: windowtext; FONT-SIZE: 11pt">From:</span></b><span style=3D"FONT-=
FAMILY: 'Calibri','sans-serif'; COLOR: windowtext; FONT-SIZE: 11pt"> Jeff K=
ell [<a href=3D"mailto:jeff-kell@utc.edu" target=3D"_blank">mailto:jeff-kel=
l@utc.edu</a>]
<br>
<b>Sent:</b> Thursday, February 7, 2013 11:29 AM<br>
<b>Subject:</b> Re: Anyone using NAT in Resnet?</span></p>
</div>
</div>
<p class=3D"MsoNormal"> </p>
<div>
<p class=3D"MsoNormal">On 2/7/2013 11:14 AM, Peter P Morrissey wrote:</p>
</div>
<blockquote style=3D"MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt">
<p class=3D"MsoNormal"><span style=3D"FONT-FAMILY: 'Calibri','sans-serif'; =
COLOR: #1f497d; FONT-SIZE: 11pt">Assuming you are logging all the internal =
IP=92s and connections, but you are using a minimal amount of routable IP=
=92s, do you wind up with enough information
to reliably connect an external IP address provided by a DMCA notice to an=
internal IP address? We are considering moving to this model as well, but =
still trying to understand how this would work.</span></p>
</blockquote>
<p class=3D"MsoNormal"><br>
If you can maintain 1-to-1, and use Cisco gear, you just need to monitor th=
e translation builds and teardowns, e.g.,
<br>
<br>
Feb 7 00:20:47 kernigan %ASA-6-305009: Built dynamic translation from=
general-campus:10.x.x.132 to outside:150.182.x.x<br>
Feb 7 00:20:58 kernigan %ASA-6-305010: Teardown dynamic translation f=
rom general-campus:10.x.x.53 to outside:150.182.x.x duration 4:05:44<br>
Feb 7 00:21:01 kernigan %ASA-6-305010: Teardown dynamic translation f=
rom general-campus:10.x.x.203 to outside:150.182.x.x duration 9:29:51<br>
Feb 7 00:21:04 kernigan %ASA-6-305009: Built dynamic translation from=
general-campus:10.x.x.196 to outside:150.182.x.x<br>
<br>
This can be tied time-wise to correlate an external IP address to an intern=
al one.<br>
<br>
For DMCA verification, you may want to verify the actual connection between=
the outside IP and their reported "monitoring" IP address. =
You would need either netflow data from your routers to correlate, or also=
log connections on the firewall. If you do the
latter, the internal/external IPs are both logged on the build, e.g.,<br>
<br>
Feb 7 00:00:32 ritchie %ASA-6-302013: Built outbound TCP connection 5=
41518059 for outside:75.126.58.195/80 (75.126.58.195/80) to dorms-inside:10=
.x.x.201/55473 (150.182.x.x/55473)<br>
<br>
Jeff</p>
<p class=3D"MsoNormal"><span style=3D"COLOR: windowtext">__________________=
_________________________________ You are subscribed to the ResNet-L mailin=
g list.
</span></p>
<p><span style=3D"COLOR: windowtext">To subscribe, unsubscribe or search th=
e archives, go to
<a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank"=
>http://LISTSERV.ND.EDU/archives/resnet-l.html</a> ________________________=
___________________________
</span></p>
<p class=3D"MsoNormal"><span style=3D"COLOR: windowtext">__________________=
_________________________________ You are subscribed to the ResNet-L mailin=
g list.
</span></p>
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
</p>
</div>
___________________________________________________ You are subscribed to t=
he ResNet-L mailing list.
<p>To subscribe, unsubscribe or search the archives, go to <a href=3D"http:=
//LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">
http://LISTSERV.ND.EDU/archives/resnet-l.html</a> _________________________=
__________________________
</p>
</div>
</div>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to <a href=3D"http://LISTSERV.ND.EDU/archives/resnet-l.html" target=3D"_blank">http://LISTSERV.ND.EDU/archives/resnet-l.html</a>
___________________________________________________
--_000_7F8CAE21F9C1C94A90F11320EF3974CE55F26E89LUEMSMAIL01Univ_--
