CGN fixed/hashed nat question

Dobbins, Roland rdobbins at
Wed Jan 23 02:57:38 UTC 2013

On Jan 23, 2013, at 4:52 AM, Dan Wing wrote:

> If using the CGN configuration, then no logging event needs to be generated.

Behavioral/statistical telemetry is very important for security, traffic engineering/capacity planning, and troubleshooting purposes.  The overwhelming need for it is orthogonal to any schemes for hashing NAT source/dest ports.  

What's needed in this regard for CGNs (for any NATs/proxies, really) is something analogous to Cisco's NSEL for ASA, hopefully implemented as IPFIX EEs.

Roland Dobbins <rdobbins at> // <>

	  Luck is the residue of opportunity and design.

		       -- John Milton

More information about the NANOG mailing list