Best Practices for Enterprise networks

Fergie (Paul Ferguson) fergdawg at netzero.net
Mon Aug 30 00:13:18 UTC 2004



Asymmetric paths are a fact of life in the Internet.

- ferg

-- Iljitsch van Beijnum <iljitsch at muada.com> wrote:

On 30-aug-04, at 0:50, Tracy Smith wrote:

> Hello.  I am tyring to gauge what the Best Practices are for 
> Enterprise network connections to the Internet.  Specifically, to NAT 
> or not to NAT?  At what point should NAT-ting be performed ... 
> exclusively at the Egress point or at decentralized points?  What 
> about firewalling - centralized/decentralized?

Fortunately, I've never been in the position to make such decisions, 
but I can tell you one thing: if you have multiple connections to the 
internet, you had better make sure that your NATs and firewalls are 
equipped to handle the case where you send a packet out through 
connection A and the reply comes back through connection B.

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or
 fergdawg at sbcglobal.net



More information about the NANOG mailing list