[c-nsp] Re: Interfacing between VRF and global across interface in
one router
Joe Maimon
jmaimon at ttec.com
Tue Jan 18 11:30:09 EST 2005
David Barak wrote:
>--- Joe Maimon <jmaimon at ttec.com> wrote:
>
>
>
>>Hello Rodney,
>>
>>At first cut, I am trying to effect a seperation
>>between the interfaces
>>which need (overload)natting done and the ones that
>>dont. Exactly what
>>that will buy me in terms of nat problems,
>>performance or logical
>>correctness I am not quite certain yet.
>>
>>As is currently, If it turn nat on for some
>>interfaces on the router, I
>>have to turn it on for all so that others dont see
>>rfc1918 that they
>>would not be expecting. Such is only proper.
>>
>>Why nat? Well some customers like to link up a few
>>of their sites with
>>the cheapest CPE possible which supports the
>>simplest network possible.
>>
>>
>>
>
>A Linksys router is $40, and it runs NAT. I can't
>really imagine that that's a serious cost barrier for
>CPE.
>
>
>
In these case the customers do not want to run nat because they want to
have multiple sites communicate with eachother with no fuss or muss, on
their private IP space, be firewalled from everyone else and have
internet access as well.
You will say, have the customer do ipsec......maybe for new ones.
Marketing likes to sell this as a product. IOW managed wan/internet
services.
Something to think about, that a nice expensive piece of cisco
equipment is equivalent to a few dozen $40 linksys routers. Nice that.
>
>
>
>
More information about the cisco-nsp
mailing list