[c-nsp] Carrier grade NAT44 & newest Cisco boxes

Thu Mar 15 01:57:47 EDT 2012

In Russia the situation with law enforsement is simpler at least with 
real IP addresses.
Now we insert prism into ligthpath between neighbor's SFP/XFP in point 
where regulator wont and send to their equipment all traffic without 
saving flows information in database.
I hope with NAT situation will be the same.
For real time correlation between internal (private IP) and external IP 
(real IP) I hope regulator be able to get from us Netflow v9 )

Christian Kratzer пишет:
> Hi,
>
> On Wed, 14 Mar 2012, Xu Hu wrote:
>
>> Actually in our 3G network, we use the 7609 (two ACE modules) for the 
>> NAT,
>> in the live situation, we had 4M users.
>> It is quite stable for now.
>> Also we bought the ASR9K to expand the 3G network, maybe will migrate 
>> the
>> NAT to ASR9K.
>
> I am curios if and if how you are doing logging for law enforment 
> purposes on that scale ?
>
> We in europe have some pressure to have the ability to map the 
> ip/port/timestamp touple back to user. Of course nobody will be able 
> to deliver the port together with the ip and an accurate enough 
> timestamp for this to be meaningfull.
>
> I can see this becoming a larger problem when more nats appear on 
> conventional DSL / FTTx / Cable access products as opposed to just low 
> bandwidth mobile networks.
>
> Greetings
> Christian
>
>> Xu Hu
>> 2012/3/14 Ruslan Pustovoitov <rus-p at mostelekom.net>
>>
>>> The question was what strategy of NAT deployment can be accepted by 
>>> large
>>> ISP if one of the internal condition to use only cisco boxes for NAT ?
>>> Hidden cost was always visible to engeneers )
>>> Now It is time to pay )
>>>
>>> Has cisco plan to announce in next two year sucsessor of ISM-100 with
>>> better performance ?
>>> For example, if ISP already has asr9k chassis placed everywere in it's
>>> network, it will be happy to know that in 2013 cisco planning to do 
>>> another
>>> card which will seat instead of ISM-100 into the same chassis.
>>>
>>>
>>>
>>> Gert Doering ?????:
>>>
>>> Hi,
>>>>
>>>> On Tue, Mar 13, 2012 at 07:01:10PM +0400, Ruslan Pustovoitov wrote:
>>>>
>>>>
>>>>> Does this question not worry community ?
>>>>>
>>>>>
>>>>
>>>> I think it's great that the hidden costs that come with running IPv4
>>>> now start being openly visible...
>>>>
>>>> Sorry, what was the question?
>>>>
>>>> gert
>>>>
>>>>
>>> ______________________________**_________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp> 
>>>
>>> archive at 
>>> http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/> 
>>>
>>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>