[c-nsp] large scale NAT/PAT solution

Goran Gajic ggajic at sbb.co.yu
Tue Jun 7 21:17:45 EDT 2005



Problem is that users are charged differenty if they are using real ip 
addresses or if private ip addresses are NATed or PATed.

Regards,
gg.


On Tue, 7 Jun 2005, Gert Doering wrote:

> Hi,
>
> On Tue, Jun 07, 2005 at 11:19:38PM +0200, Goran Gajic wrote:
>> I currently have something like 7000 users that are NAT-ed/PAT-ed (depending on
>> their service) through 7206vxr (NPE-G1) box running IOS 12.4.It has something
>> like 40k NAT enteries and CPU usage of 75%. However I'm looking for long term
>> solution that would be able to NAT/PAT something like 40-50k users (20-30
>> ubr7246 aggregated into one point where NAT box (or nat boxes) would be). What
>> would be  recommended solution for this scenario? I was thinking about 7609
>> box.  Note however that I can't run only NAT or PAT because of service policy.
> Is giving these users *real* Internet no option?
>
> I'm guessing from your e-mail address that you're in RIPE land (Yugoslavia),
> and getting real IP addresses for your users (one IP per head) over here
> is a perfectly sane request, and the RIPE NCC *will* give you the addresses.
>
> NAT/PAT will always be a pain, your users will be unhappy, and your
> routers will have to do more work than necessary...
>
> (Yes, I know that this is not the answer you are looking for - sorry for
> that.  But maybe thinking along other lines will be more future-proof...)
>
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                           //www.muc.de/~gert/
> Gert Doering - Munich, Germany                             gert at greenie.muc.de
> fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de
>


More information about the cisco-nsp mailing list