You didn't mention, but are you introducing a second border router? Is the new upstream circuit from a new provider, or is it a second, redundant circuit to the same provider in a different POP? Does your customer have their own portable address space, or are they using provider address space?
I'll make some presumptions: yes, it is a different provider, and no, they don't have their own address space. Based on those guesses/presumptions, I'd push to acquire portable address space. Advertise it to both providers, carve a chunk of that address space off and route it to a firewall(s) to perform border NAT. Migrate old, provider dependent external NAT space to new, portable address space. -M On Wed, Jan 5, 2011 at 6:38 PM, ML <m...@kenweb.org> wrote: > I've got a customer that is looking to multihome with upstreams in two POPs. > Currently they multihome in one POP and utilize a single edge router for > some one to one NAT and some PAT for their users. > > Before they turn up the BGP peer in the new POP I've advised them to abolish > NAT once and for all in order to avoid issues with non-stateful NAT between > network edges and possible asymmetric routing of their Internet traffic. > > The PAT can be removed easily enough. The tricky part is the one-one NAT. > They have quite a few systems which have 1918 IPs which they claim "cannot > be changed". At least not without some painful rebuilds of criticals systems > which have these IPs deeply embedded in their configs. > > Has anyone here had to fix this kind of problem before? Is there a solution > that would allow NAT to offloaded to a smaller device hanging off each edge > router that can communicate state between each other in case traffic is > asymmetrically routed? > >
