Re: Manage an enterprise network? Please fill out my survey - for Science! :-)

[Jack Bates <jbates () brightok net>]

On 11/1/2011 12:19 AM, Dobbins, Roland wrote:
> On Nov 1, 2011, at 11:44 AM, Cameron Byrne wrote:
>
> > Unfotunately ISPs are deploying many middle boxen, frequently in series, for various reasons...cough cough cgn.
> This AusNOG presentation touches upon the topic:
>
> <http://www.ausnog.net/images/ausnog-05/presentations/7-2-stateofdanger.pdf>
heh, Until IPv6 is a mainstream, I don't think wireless companies (and 
soon wireline) have much choice on CGN. I believe there are plenty of 
CGN products that handle as much or more pps than my Juniper MX960 does. 
My last DDOS killed the egress pps on 2 of my NSP transits. Neither 
could send 2Mpps of traffic to me (ie, neither was line rate at 43bytes).

I'm confused as to the 6to4 gateway state. Last I checked, all my 6to4 
is stateless.

My load balancers are also stateless.

IPS can be deployed sidelined with hardware packet mirroring and remote 
updates to router ACLs.

I recognize that ISPs may not keep DDOS in mind and reduce state when 
possible, but there is current tech that can limit state and still 
deploy the same services. CGN is the exception to the rule, and I've yet 
to see a way around it in a depleted IPv4 Internet (but as stated, most 
CGN is designed to handle state to the same performance levels as 
current router tech).


Jack