CGN fixed/hashed nat question

Nick Hilliard nick at foobar.org
Wed Jan 23 12:38:22 UTC 2013


On 23/01/2013 02:57, Dobbins, Roland wrote:
> The overwhelming need for it is orthogonal to any schemes for hashing NAT source/dest ports.  

There are several conflicting requirements, including:

- requirement to run a business which makes money
- constraints on IPv4 addresses which mandate NAT
- law enforcement requirements, mandating either logging / port tracking
- network telemetry

law enforcement requirements aren't generally an issue until you get hit up
by a LEA / court order, at which point they become critical to ensuring
that your management doesn't end up displaying contempt of court.  For some
reason, management can get quite excited about this - more so than any
enthusiasm they might ever show for good quality network telemetry.

Nick




More information about the NANOG mailing list