NAT for an ISP
andy at xecu.net
Wed Jun 4 22:51:40 UTC 2003
On Wed, 4 Jun 2003, Dan Armstrong wrote:
> 90% of our customers all use private address space. We only give out
> real address space to customers that have servers that need to be
> visible. We run NAT on several customer facing routers.
> Cool stuff we can do is setup PPTP VPNs on the same router to give
> people "access from home" to their LAN. Same with L2TP/ILEC DSL.
> Problems include:
> We have a big nat pool on each router. If some twerp customer gets
> infected with some windoze crap, tracking it down can be a bit more
> Until recently, the IOS could not take huge volumes of NAT without
> tossing it's cookies from time to time.
> We have been toying around with VRFs & NAT which was recently introduced
> in the IOS, and it appears that in a NAT situation, the VRFs "leak"
> between each other, which scares the crap out of me. We are going to
> wait for a couple of revisions of the IOS before looking into that
Why on earth would you do anything other than push NAT responsibility to
the end-user CPE?
So you can do the aforementiond "cool stuff"?
More information about the NANOG