North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: NAT for an ISP
- From: Andy Dills
- Date: Wed Jun 04 18:53:44 2003
On Wed, 4 Jun 2003, Dan Armstrong wrote:
> 90% of our customers all use private address space. We only give out
> real address space to customers that have servers that need to be
> visible. We run NAT on several customer facing routers.
> Cool stuff we can do is setup PPTP VPNs on the same router to give
> people "access from home" to their LAN. Same with L2TP/ILEC DSL.
> Problems include:
> We have a big nat pool on each router. If some twerp customer gets
> infected with some windoze crap, tracking it down can be a bit more
> Until recently, the IOS could not take huge volumes of NAT without
> tossing it's cookies from time to time.
> We have been toying around with VRFs & NAT which was recently introduced
> in the IOS, and it appears that in a NAT situation, the VRFs "leak"
> between each other, which scares the crap out of me. We are going to
> wait for a couple of revisions of the IOS before looking into that
Why on earth would you do anything other than push NAT responsibility to
the end-user CPE?
So you can do the aforementiond "cool stuff"?