[rbak-nsp] Nat subscribers on SE400 from context to Internet

Richard Clayton sledge121 at gmail.com
Sat Jan 22 08:25:03 EST 2011 

Thanks Jeff, we have 500 subs with public IP's but didnt want any access to
the IP's from the Internet, we also didn't have any spare firewall so I
suggested we nat the subs as they left the Redback which would make the
public sub IP's unreachable.  The powers that be were worried of a large CPU
hit, I was never in any doubt but it is nice to here of other peoples
experiences.  The spam tracing siuation would not affect us as the majority
of our connected hosts are pbx's.

Thanks
Rick

On 21 January 2011 20:51, Jeff Crowe <jeff at wtccommunications.ca> wrote:

>  Hi Rick,
>
>
>
> We had about 500 Subs NAT’d on our SE400 for a while and didn’t notice any
> significant impact.  We also terminated > 1000 PPPoE subs inside L2TP and
> another 400 or so subs on straight PPPoE all on the same box.
>
>
>
> We did away from the NAT as fast as possible though and converted the sub’s
> to PPPoE for ease of management.  If any particular sub spammed or caused
> issues it was very difficult to track them down to deal with the
> virus/violation of policy.  With PPPoE we can easily identify them as they
> use publically routable IP addresses.
>
>
>
> Cheers
>
>
>
> Jeff Crowe
>
>
>
> * *
>
> *From:* redback-nsp-bounces at puck.nether.net [mailto:
> redback-nsp-bounces at puck.nether.net] *On Behalf Of *Richard Clayton
> *Sent:* Friday, January 21, 2011 12:31 PM
> *To:* redback-nsp at puck.nether.net
> *Subject:* [rbak-nsp] Nat subscribers on SE400 from context to Internet
>
>
>
> I suggested a solution where all dsl users terminating in a context could
> be nat'd on the Redback SE400 as they exited the interface towards the
> Internet, concerns were raised as to whether using this feature could cause
> problems i.e. high cpu, the user base is around 500 but could scale up to
> 1000 over the next couple of years, is nat'ing subscribers in this way a
> valid solution or could it cause issues?
>
>
>
> Thanks
>
> Rick
>
> _______________________________________________
> redback-nsp mailing list
> redback-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/redback-nsp
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20110122/9e9fa979/attachment.html>

More information about the redback-nsp mailing list