Re: Large edu's doing NAT campus wide?

[John Ladwig <John.Ladwig () CSU MNSCU EDU>]

There may be some utility in uniformity, but I'd carefully weigh the impact of doing NAT only in certain network 
compartments/zones versus on a wide scale.  

We have a beefy syslog catcher that sees an *immense* amount of NAT binding log traffic which we need to support 
forensice network investigations for our campuses which deploy NAT.

Me, I'm not arguing to *expand* NAT in general.  IMNSHO, a network segment which falls under PCI requirements should be 
treated differently enough from other segments/zones/compartments that use of NAT there shouldn't be presumed to 
require it uniformaly.

    -jml

> > > Roger Safian <r-safian () NORTHWESTERN EDU> 2007-04-30 09:37:34 >>>
> Conserving scarce address resources is the only reason to adopt NAT, in
> my not-so-humble opinion.

While I agree with this in spirit, there are things like PCI that
require NAT.  If you're going to have to NAT portions of the network,
perhaps it's better to just NAT the whole thing.


-- 
Roger A. Safian 
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"