Re: Cheap LSN/CGN/NAT444 Solution

I use the Thunder for CGNAT but I've never tried to do NAT444 with it. The thing I like about A10 is their TAC is awesome. If they say the box supports something, then their TAC people will break their backs to try and get it working for you. -Daniel Skeeve Stevens writes: > Hi all, > >

Re: Cheap LSN/CGN/NAT444 Solution

Hi all, I have had the A10 Thunder platform recommended off-list by a couple of people and by all reading it looks good, but anyone can do good marketing material. Anyone else here used the Thunder (looking at the 930 or 1030S, maybe even the vThunder) as a NAT444/LSN solution? ...Skeeve *Skee

Re: Cheap LSN/CGN/NAT444 Solution

On Jul 1, 2014, at 7:03 AM, Skeeve Stevens wrote: > Roland, what methods are the easiest/cheapest way to deal with this? Ensure you have visibility into your traffic southbound of the NAT - flow telemetry generally works best for this, and there are plenty of open-source solutions around w

Re: Cheap LSN/CGN/NAT444 Solution

Greenfield or not, unless you can expect that 100% of the users have never had internet access anywhere else before, you may be up against expectations you are not meeting with NAT444. Owen On Jun 30, 2014, at 17:28 , Skeeve Stevens wrote: > Great advice Stepan. > > Re user support. It is a

Re: Cheap LSN/CGN/NAT444 Solution

With enough horsepower, iptables+Linux is adequate for this, depending on your requirements. I would want to put as little money as possible behind CGN in favor of moving as much as possible towards IPv6 instead. Owen On Jun 29, 2014, at 22:59 , Skeeve Stevens wrote: > Hi all, > > I am sure

Re: Cheap LSN/CGN/NAT444 Solution

Great advice Stepan. Re user support. It is a greenfield environment so we're in the position to say 'this is how it is and what you get'. Re usage profile. No idea what to expect from users as there is nothing to measure. I've actually not designed a NAT444 solution for residential profiles be

Re: Cheap LSN/CGN/NAT444 Solution

Hi Valdis, Re 1.. completely understand. The environment is such that we will openly state what does and doesn't work. It is a captive environment and the users don't have a choice who they use. Think large university dorm (about 600) for part of the customer base. Re 2.. The larger design is

Re: Cheap LSN/CGN/NAT444 Solution

Roland, what methods are the easiest/cheapest way to deal with this? ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd ske...@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ;

Re: Cheap LSN/CGN/NAT444 Solution

Roland, as always you remind me of the important things to remember. ...Skeeve *Skeeve Stevens - *eintellego Networks Pty Ltd ske...@eintellegonetworks.com ; www.eintellegonetworks.com Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellegonetworks ;

Re: Cheap LSN/CGN/NAT444 Solution

Hi Rob, Interesting insights. I hadn't thought of an older 6500/7600... certainly might be worth considering if I want to stay Cisco. Yes, PPS is the key, but I thought someone might have some comments on the metrics/pps I'd expect with that kind of user profile and speeds. It doesn't need to n

Re: Cheap LSN/CGN/NAT444 Solution

In message <96782.1404135...@turing-police.cc.vt.edu>, valdis.kletni...@vt.edu writes: > --==_Exmh_1404135618_1958P > Content-Type: text/plain; charset=us-ascii > > On Mon, 30 Jun 2014 15:59:47 +1000, Skeeve Stevens said: > > > I am after a LSN/CGN/NAT444 solution to put about 1000 Residential

RE: Cheap LSN/CGN/NAT444 Solution

y, 30 June 2014 10:12 p.m. To: nanog@nanog.org list Subject: Re: Cheap LSN/CGN/NAT444 Solution On Jun 30, 2014, at 4:53 PM, Tony Wicks wrote: > From experience (we ran out of IPv4 a long time ago in the APNIC region) this is not needed, I've seen huge problems from compromised machin

Re: Cheap LSN/CGN/NAT444 Solution

On 30.06.2014 14:12, Roland Dobbins wrote: > I've seen huge problems from compromised machines completely killing > NATs from the southbound side. It depends on CGN solution used. Some of them will just block new translations for that user after reaching the limit, and that's it. On 30.06.2014 0

Re: Cheap LSN/CGN/NAT444 Solution

On Mon, 30 Jun 2014 15:59:47 +1000, Skeeve Stevens said: > I am after a LSN/CGN/NAT444 solution to put about 1000 Residential profile > NBN speeds (fastest 100/40) services behind. > This solution is for v4 only, and needs to consider the profile of the > typical residential users. Any pitfalls

Re: Cheap LSN/CGN/NAT444 Solution

On Jun 30, 2014, at 8:19 PM, Simon Perreault wrote: > Oh, actually I think I get it. You're trying to sell something. Yes, you've found me out - I'm 'selling' S/RTBH, which is built-in functionality of routers and layer-3 switches made by companies which don't employ me.

Re: Cheap LSN/CGN/NAT444 Solution

Le 2014-06-30 09:05, Roland Dobbins a écrit : On Jun 30, 2014, at 7:42 PM, Simon Perreault wrote: Why? Cause that (per-subscriber limits on ports and memory) is exactly what we recommend in RFC 6888... I can't tell you how many times I've recei

Re: Cheap LSN/CGN/NAT444 Solution

On Jun 30, 2014, at 7:42 PM, Simon Perreault wrote: > Why? Cause that (per-subscriber limits on ports and memory) is exactly what > we recommend in RFC 6888... I can't tell you how many times I've received frantic 4AM calls about NATted wireless n

Re: Cheap LSN/CGN/NAT444 Solution

Le 2014-06-30 06:12, Roland Dobbins a écrit : what is needed however is session timeouts. This can help, but it isn't a solution to the botted/abusive machine problem. They'll just keep right on pumping out packets and establishing new sessions, 'crowding out' legitimate users and filling up

Re: Cheap LSN/CGN/NAT444 Solution

On Jun 30, 2014, at 4:53 PM, Tony Wicks wrote: > From experience (we ran out of IPv4 a long time ago in the APNIC region) this > is not needed, I've seen huge problems from compromised machines completely killing NATs from the southbound side. > what is needed however is session timeouts.

RE: Cheap LSN/CGN/NAT444 Solution

and Dobbins Sent: Monday, 30 June 2014 7:48 p.m. To: nanog@nanog.org list Subject: Re: Cheap LSN/CGN/NAT444 Solution On Jun 30, 2014, at 1:37 PM, Robert Drake wrote: > Total PPS or bandwidth is the number you need rather than number of customers. Also, be sure you have S/RTBH or some other mec

Re: Cheap LSN/CGN/NAT444 Solution

On Jun 30, 2014, at 1:37 PM, Robert Drake wrote: > Total PPS or bandwidth is the number you need rather than number of customers. Also, be sure you have S/RTBH or some other mechanism southbound of the NAT for dealing with compromised/abusive hosts which can chew up the state-table with SYN-f

Re: Cheap LSN/CGN/NAT444 Solution

On 6/30/2014 1:59 AM, Skeeve Stevens wrote: Hi all, I am sure this is something that a reasonable number of people would have done on this list. I am after a LSN/CGN/NAT444 solution to put about 1000 Residential profile NBN speeds (fastest 100/40) services behind. I am looking at a Cisco ASR1

Cheap LSN/CGN/NAT444 Solution

Hi all, I am sure this is something that a reasonable number of people would have done on this list. I am after a LSN/CGN/NAT444 solution to put about 1000 Residential profile NBN speeds (fastest 100/40) services behind. I am looking at a Cisco ASR1001/2, pfSense and am willing to consider other