Jason, Bruce,
It sounds intriguing but I do have one question. This method assumes
that you will get the source ip and source port in the
request/complaint. How often is that the case as I would assume most
request are in the flavor of "this ip was attacking this ip at this
time"? Do you ever have the need to track down a user without knowing
the source port, as you would have no way to do it (unless you do
netflow also).
On 01/15/2015 12:29 PM, Jason Wang wrote:
We do the same on a pair of the A10 AX3530's, and it's been working
very well for us. We are currently NAT'ing a /12 of internal addresses
into a /16 of external addresses (~4000 ports per internal IP). When
doing lookups, we just pre-generate a lookup table of the outside IP &
port to the inside IP, although you could also just calculate it on
the fly.
Jason
On 01/14/2015 02:06 PM, Bruce Boardman wrote:
We do this with A10 Networks CGN boxes. They have a feature they call
fixed NAT, which predetermines some number of inside addresses to a
pool of outside addresses. These mapping are static, so when you get
a particular inside address you'll always get a particular outside
address within a defined static port range. If you know one you'll
know the other. We log the traffic, so we can pretty much look back
and time correlate use via DHCP and 802.1x.
Bruce Boardman Networking Syracuse University 315 412-4156
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
