CGN fixed/hashed nat question

Dobbins, Roland rdobbins at arbor.net
Wed Jan 23 02:57:38 UTC 2013


On Jan 23, 2013, at 4:52 AM, Dan Wing wrote:

> If using the CGN configuration, then no logging event needs to be generated.

Behavioral/statistical telemetry is very important for security, traffic engineering/capacity planning, and troubleshooting purposes.  The overwhelming need for it is orthogonal to any schemes for hashing NAT source/dest ports.  

What's needed in this regard for CGNs (for any NATs/proxies, really) is something analogous to Cisco's NSEL for ASA, hopefully implemented as IPFIX EEs.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

	  Luck is the residue of opportunity and design.

		       -- John Milton




More information about the NANOG mailing list