Best Practices for Enterprise networks
Fergie (Paul Ferguson)
fergdawg at netzero.net
Mon Aug 30 00:13:18 UTC 2004
Asymmetric paths are a fact of life in the Internet.
- ferg
-- Iljitsch van Beijnum <iljitsch at muada.com> wrote:
On 30-aug-04, at 0:50, Tracy Smith wrote:
> Hello. I am tyring to gauge what the Best Practices are for
> Enterprise network connections to the Internet. Specifically, to NAT
> or not to NAT? At what point should NAT-ting be performed ...
> exclusively at the Egress point or at decentralized points? What
> about firewalling - centralized/decentralized?
Fortunately, I've never been in the position to make such decisions,
but I can tell you one thing: if you have multiple connections to the
internet, you had better make sure that your NATs and firewalls are
equipped to handle the case where you send a packet out through
connection A and the reply comes back through connection B.
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg at netzero.net or
fergdawg at sbcglobal.net
More information about the NANOG
mailing list