Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > NAT Solution

Reply
Thread Tools

NAT Solution

 
 
joespoolhall@gmail.com
Guest
Posts: n/a
 
      04-10-2009
We're needing to implement a solution whereby we can reroute traffic
based on source address to a different resource. Basically, the
default behavior would let the packet route to the normal destination,
but anyone configured in a list would be shunted off to an alternate
resource.

We could do this via layer 3 or layer 4 translation of some sort, or
even a set-next-hop sort of arrangement. I'm trying to stay away from
source-based routing, because we're talking about approximately
400Mbps worth of traffic here, so I want it to be as resource-friendly
as possible. We've got some fairly beefy hardware at our disposal
(Cat6500 w/SUP720,PFC3,MSFC3) so I'm wondering what can be leveraged.

The list of sources will likely be around 50,000-100,000 entries long
and updated by an external source. I looked at the Cisco ACE module,
but it can't do it via traditional NAT processes due to the logic flow
and it's route-map features would be limited to 16,000 entries.

At this point, I'd be willing to use something Cisco or non-Cisco to
accomplish this task. Are there any recommendations?
 
Reply With Quote
 
 
 
 
Thrill5
Guest
Posts: n/a
 
      04-11-2009
I think you need to come up with a new solution because I don't know of any
device that would be able to do this. What is it that you are trying to
accomplish? This is so wrong on so many levels... How would you even
manage a list of 50 to 100 thousand source addresses?

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> We're needing to implement a solution whereby we can reroute traffic
> based on source address to a different resource. Basically, the
> default behavior would let the packet route to the normal destination,
> but anyone configured in a list would be shunted off to an alternate
> resource.
>
> We could do this via layer 3 or layer 4 translation of some sort, or
> even a set-next-hop sort of arrangement. I'm trying to stay away from
> source-based routing, because we're talking about approximately
> 400Mbps worth of traffic here, so I want it to be as resource-friendly
> as possible. We've got some fairly beefy hardware at our disposal
> (Cat6500 w/SUP720,PFC3,MSFC3) so I'm wondering what can be leveraged.
>
> The list of sources will likely be around 50,000-100,000 entries long
> and updated by an external source. I looked at the Cisco ACE module,
> but it can't do it via traditional NAT processes due to the logic flow
> and it's route-map features would be limited to 16,000 entries.
>
> At this point, I'd be willing to use something Cisco or non-Cisco to
> accomplish this task. Are there any recommendations?



 
Reply With Quote
 
 
 
 
joespoolhall@gmail.com
Guest
Posts: n/a
 
      04-13-2009
The updates will be automatically generated, based on metrics
determined by a daemon. With the Cisco ACE module, you can feed it
configuration updates via XML. There's got to be a way...


On Apr 10, 7:09*pm, "Thrill5" <(E-Mail Removed)> wrote:
> I think you need to come up with a new solution because I don't know of any
> device that would be able to do this. *What is it that you are trying to
> accomplish? * *This is so wrong on so many levels... *How would you even
> manage a list of 50 to 100 thousand source addresses?
>
> <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed)...
>
>
>
> > We're needing to implement a solution whereby we can reroute traffic
> > based on source address to a different resource. Basically, the
> > default behavior would let the packet route to the normal destination,
> > but anyone configured in a list would be shunted off to an alternate
> > resource.

>
> > We could do this via layer 3 or layer 4 translation of some sort, or
> > even a set-next-hop sort of arrangement. I'm trying to stay away from
> > source-based routing, because we're talking about approximately
> > 400Mbps worth of traffic here, so I want it to be as resource-friendly
> > as possible. We've got some fairly beefy hardware at our disposal
> > (Cat6500 w/SUP720,PFC3,MSFC3) so I'm wondering what can be leveraged.

>
> > The list of sources will likely be around 50,000-100,000 entries long
> > and updated by an external source. I looked at the Cisco ACE module,
> > but it can't do it via traditional NAT processes due to the logic flow
> > and it's route-map features would be limited to 16,000 entries.

>
> > At this point, I'd be willing to use something Cisco or non-Cisco to
> > accomplish this task. Are there any recommendations?- Hide quoted text -

>
> - Show quoted text -


 
Reply With Quote
 
Thrill5
Guest
Posts: n/a
 
      04-14-2009
But what is you are trying to do? Why do you need to route traffic based on
source address? There is more than one way to do anything and the method
you have suggested is not workable. If you provide more information someone
can come up with a better solution. For example, why not send the traffic
directly to the correct destination using GSLB or if this is an HTTP
application you can write a CGI to issue a redirect to the correct
destination.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
The updates will be automatically generated, based on metrics
determined by a daemon. With the Cisco ACE module, you can feed it
configuration updates via XML. There's got to be a way...


On Apr 10, 7:09 pm, "Thrill5" <(E-Mail Removed)> wrote:
> I think you need to come up with a new solution because I don't know of
> any
> device that would be able to do this. What is it that you are trying to
> accomplish? This is so wrong on so many levels... How would you even
> manage a list of 50 to 100 thousand source addresses?
>
> <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed)...
>
>
>
> > We're needing to implement a solution whereby we can reroute traffic
> > based on source address to a different resource. Basically, the
> > default behavior would let the packet route to the normal destination,
> > but anyone configured in a list would be shunted off to an alternate
> > resource.

>
> > We could do this via layer 3 or layer 4 translation of some sort, or
> > even a set-next-hop sort of arrangement. I'm trying to stay away from
> > source-based routing, because we're talking about approximately
> > 400Mbps worth of traffic here, so I want it to be as resource-friendly
> > as possible. We've got some fairly beefy hardware at our disposal
> > (Cat6500 w/SUP720,PFC3,MSFC3) so I'm wondering what can be leveraged.

>
> > The list of sources will likely be around 50,000-100,000 entries long
> > and updated by an external source. I looked at the Cisco ACE module,
> > but it can't do it via traditional NAT processes due to the logic flow
> > and it's route-map features would be limited to 16,000 entries.

>
> > At this point, I'd be willing to use something Cisco or non-Cisco to
> > accomplish this task. Are there any recommendations?- Hide quoted text -

>
> - Show quoted text -



 
Reply With Quote
 
tweety
Guest
Posts: n/a
 
      04-18-2009
On Apr 14, 2:32*am, "Thrill5" <(E-Mail Removed)> wrote:
> But what is you are trying to do? *Why do you need to route traffic based on
> source address? *There is more than one way to do anything and the method
> you have suggested is not workable. *If you provide more information someone
> can come up with a better solution. For example, why not send the traffic
> directly to the correct destination using GSLB or if this is an HTTP
> application you can write a CGI to issue a redirect to the correct
> destination.
>
> <(E-Mail Removed)> wrote in message
>
> news:(E-Mail Removed)...
> The updates will be automatically generated, based on metrics
> determined by a daemon. With the Cisco ACE module, you can feed it
> configuration updates via XML. There's got to be a way...
>
> On Apr 10, 7:09 pm, "Thrill5" <(E-Mail Removed)> wrote:
>
>
>
> > I think you need to come up with a new solution because I don't know of
> > any
> > device that would be able to do this. What is it that you are trying to
> > accomplish? This is so wrong on so many levels... How would you even
> > manage a list of 50 to 100 thousand source addresses?

>
> > <(E-Mail Removed)> wrote in message

>
> >news:(E-Mail Removed)...

>
> > > We're needing to implement a solution whereby we can reroute traffic
> > > based on source address to a different resource. Basically, the
> > > default behavior would let the packet route to the normal destination,
> > > but anyone configured in a list would be shunted off to an alternate
> > > resource.

>
> > > We could do this via layer 3 or layer 4 translation of some sort, or
> > > even a set-next-hop sort of arrangement. I'm trying to stay away from
> > > source-based routing, because we're talking about approximately
> > > 400Mbps worth of traffic here, so I want it to be as resource-friendly
> > > as possible. We've got some fairly beefy hardware at our disposal
> > > (Cat6500 w/SUP720,PFC3,MSFC3) so I'm wondering what can be leveraged.

>
> > > The list of sources will likely be around 50,000-100,000 entries long
> > > and updated by an external source. I looked at the Cisco ACE module,
> > > but it can't do it via traditional NAT processes due to the logic flow
> > > and it's route-map features would be limited to 16,000 entries.

>
> > > At this point, I'd be willing to use something Cisco or non-Cisco to
> > > accomplish this task. Are there any recommendations?- Hide quoted text -

>
> > - Show quoted text -- Hide quoted text -

>
> - Show quoted text -


define an access list capturing the source address's then do a route
map setting next hop to the new route ?
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN, from nat without VPN to nat with it Allan Wilson Cisco 1 07-05-2004 10:51 PM
Identity Nat v Exemption NAT Kenny D Cisco 1 05-08-2004 03:11 PM
NAT exemption versus Static NAT. Where is the difference? Anonymous Poster Cisco 0 04-26-2004 04:29 AM
Attn: NAT Experts - 2611XM and NAT pool JCVD Cisco 1 02-13-2004 12:30 PM
NAT or Not to NAT; how to do an Internet connection for a 100-PC company ? Al Dykes Cisco 8 10-29-2003 12:34 AM



Advertisments