[c-nsp] large scale NAT/PAT solution
Gert Doering
gert at greenie.muc.de
Tue Jun 7 17:56:00 EDT 2005
Hi,
On Tue, Jun 07, 2005 at 11:19:38PM +0200, Goran Gajic wrote:
> I currently have something like 7000 users that are NAT-ed/PAT-ed (depending on
> their service) through 7206vxr (NPE-G1) box running IOS 12.4.It has something
> like 40k NAT enteries and CPU usage of 75%. However I'm looking for long term
> solution that would be able to NAT/PAT something like 40-50k users (20-30
> ubr7246 aggregated into one point where NAT box (or nat boxes) would be). What
> would be recommended solution for this scenario? I was thinking about 7609
> box. Note however that I can't run only NAT or PAT because of service policy.
Is giving these users *real* Internet no option?
I'm guessing from your e-mail address that you're in RIPE land (Yugoslavia),
and getting real IP addresses for your users (one IP per head) over here
is a perfectly sane request, and the RIPE NCC *will* give you the addresses.
NAT/PAT will always be a pain, your users will be unhappy, and your
routers will have to do more work than necessary...
(Yes, I know that this is not the answer you are looking for - sorry for
that. But maybe thinking along other lines will be more future-proof...)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list