IPv4 Exhaustion...

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Sat Jul 24 15:28:32 CDT 2010


On Sat, 24 Jul 2010 15:40:58 EDT, Christopher Morrow said:
> why wouldn't you just do the intercept before the LSN?

That gets interesting too, when several tens of thousands of users may all be
behind the same LSN.  Making sure you intercept only the right user's traffic
gets a lot more interesting in front of the LSN.  Doing it behind the LSN means
you can snarf up just the traffic heading to/from one NAT'ed IP, which is
hopefully changing not all that often.  Doing it in front of the LSN means you
need to decide whether to capture the data in real time on a per-flow basis
(consider the fun involved in catching a SYN packet outbound - what's your time
budget between when the miscreant's packet leaves his host and when you have to
catch it on the outbound side of the LSN)...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20100724/2dbe9b68/attachment.bin>


More information about the NANOG mailing list