2 May
2014
2 May
'14
12:01 a.m.
On May 1, 2014, at 4:57 PM, Fred Baker (fred) <fred@cisco.com> wrote:
On May 1, 2014, at 4:10 PM, Jean-Francois Mezei <jfmezei_nanog@vaxination.ca> wrote:
Pardon my ignorance here. But in a carrier-grade NAT implementation that serves say 5000 users, when happens when someone from the outside tries to connect to port 80 of the shared routable IP ?
More to the point, your trust boundary includes 5000 people. Do you know them all? Who maintains their systems and software? Do you trust them?
What happens if they approach you from behind the NAT?
It’s unlikely that CGN changes this at all… Most CGN deployments will be a second layer of horror on top of the existing horrors already present. Owen