We hit half-million: The Cidr Report

Owen DeLong owen at delong.com
Fri May 2 04:01:52 UTC 2014


On May 1, 2014, at 4:57 PM, Fred Baker (fred) <fred at cisco.com> wrote:

> 
> On May 1, 2014, at 4:10 PM, Jean-Francois Mezei <jfmezei_nanog at vaxination.ca> wrote:
> 
>> Pardon my ignorance here. But in a carrier-grade NAT implementation that
>> serves say 5000 users, when happens when someone from the outside tries
>> to connect to port 80 of the shared routable IP ? 
> 
> More to the point, your trust boundary includes 5000 people. Do you know them all? Who maintains their systems and software? Do you trust them?
> 
> What happens if they approach you from behind the NAT?

It’s unlikely that CGN changes this at all… Most CGN deployments will be a second layer of horror on top of the existing horrors already present.

Owen



More information about the NANOG mailing list