On May 1, 2014, at 4:57 PM, Fred Baker (fred) <f...@cisco.com> wrote:
> > On May 1, 2014, at 4:10 PM, Jean-Francois Mezei <jfmezei_na...@vaxination.ca> > wrote: > >> Pardon my ignorance here. But in a carrier-grade NAT implementation that >> serves say 5000 users, when happens when someone from the outside tries >> to connect to port 80 of the shared routable IP ? > > More to the point, your trust boundary includes 5000 people. Do you know them > all? Who maintains their systems and software? Do you trust them? > > What happens if they approach you from behind the NAT? It’s unlikely that CGN changes this at all… Most CGN deployments will be a second layer of horror on top of the existing horrors already present. Owen