NAT usage at large companies (was: Re: [e2e] Number of persis tent connections per HTTP server?)

Johnson, Edward edward.johnson at capitalone.com
Thu Oct 17 06:53:23 PDT 2002 

I work for a company with approximately 20000 users.  Our enterprise network
is addressed in compliance with RFC1918 private addressing therefore all
traffic exiting the enterprise network to the Internet must be NATed and
uses one address.  In our case NATing is performed both for security and
address conservation.  I believe that this solution is in wide use among
corporations.

Regards,

Edward Johnson
WAN Engineer
Capital One
phone	804-934-7237
page	888-825-2751
cell	804-307-7118
text page http://www.arch.com/message/  (8252751)


-----Original Message-----
From: Bengt Gördén [mailto:bengan at sunet.se]
Sent: Wednesday, October 16, 2002 4:55 PM
To: end2end-interest at postel.org
Subject: Re: NAT usage at large companies (was: Re: [e2e] Number of
persistent connections per HTTP server?)


On Wed, Oct 16, 2002 at 11:12:56AM -0700, John Heidemann wrote:
> On Mon, 14 Oct 2002 22:42:33 PDT, Vadim Antonov wrote: 
> >On Mon, 14 Oct 2002, Joe Touch wrote:
> >> Since the NAT likely shares the majority of the path that determines
RTT 
> >> and bandwidth, it won't hurt sharing.
> >
> >Very often, this is not the case.  What you have in a typical
organization
> >is single NAT/firewall, and a VPN behind it.  Quite often parts of that
> >VPN are on different continents :)
> 
> Can folks offer some more details about how prevalent this kind of
> NAT deployment is?

I can only speak for the network that I'm part of the NOC for, and that
is SUNET (AS1653). We have about 30 Universities connected to
SUNET. University's are connected with 2.4Gbit/s access. Of them I know
2 that actually have off-the-shelf-firewall with NAT involved. I think
actually they're 3 but I don't have that confirmed. Several of the
others put the students appartments behind NAT.

The problem we see is that we try to motivate them to apply
for IP-addresses (we do have a few ipv4 left over :-) but they still
want to NAT because of the security that it brings.


> My assumption was that NAT is primarily used by homes/small
> organizations that are geographically co-located.

In our case the University's are spread out over the country and maybe
they are small (it depends with what we compare) but they have about
5000-20000 users (students and staff) each.


> etc.  (Insert your own more inflamatory statements about NAT here.)

It breaks end-to-end. :-)



- Bengan -----------------------------------------------------------
- KTHNOC/SUNET/NORDUnet --------------------------------------------
 
**************************************************************************
The information transmitted herewith is sensitive information intended only
for use by the individual or entity to which it is addressed. If the reader
of this message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.

More information about the end2end-interest mailing list