NAT for an ISP
Andy Dills
andy at xecu.net
Wed Jun 4 22:51:40 UTC 2003
On Wed, 4 Jun 2003, Dan Armstrong wrote:
>
> 90% of our customers all use private address space. We only give out
> real address space to customers that have servers that need to be
> visible. We run NAT on several customer facing routers.
>
> Cool stuff we can do is setup PPTP VPNs on the same router to give
> people "access from home" to their LAN. Same with L2TP/ILEC DSL.
>
> Problems include:
>
> We have a big nat pool on each router. If some twerp customer gets
> infected with some windoze crap, tracking it down can be a bit more
> work.
>
> Until recently, the IOS could not take huge volumes of NAT without
> tossing it's cookies from time to time.
>
> We have been toying around with VRFs & NAT which was recently introduced
> in the IOS, and it appears that in a NAT situation, the VRFs "leak"
> between each other, which scares the crap out of me. We are going to
> wait for a couple of revisions of the IOS before looking into that
> again.
Why on earth would you do anything other than push NAT responsibility to
the end-user CPE?
So you can do the aforementiond "cool stuff"?
Andy
---
Andy Dills
Xecunet, Inc.
www.xecu.net
301-682-9972
---
More information about the NANOG
mailing list