At 12:19 AM 4/10/2009, Rubens Kuhl wrote:
On shared media like radio access, every unwanted packet means less
performance you will get out of the network.
This can be done by NAT,
stateful filtering with public IPs or stateless filtering with public
IPs; the advantage of doing NAT is making it ea
t;From: Charles Wyble [mailto:char...@thewybles.com]
>Sent: Thursday, April 09, 2009 6:09 PM
>To: Skywing
>Cc: NANOG list
>Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
>
>Yep verizon does indeed filter all unsolicated inbound traffic to the EVDO
>network. It can be
Roland Dobbins wrote:
On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote:
Please share your thought and thanks in advance :)
No, IMHO. Most broadband operators don't insert firewalls inline in
front of their subscribers, and wireless broadband is no different.
Some operators put
On shared media like radio access, every unwanted packet means less
performance you will get out of the network. This can be done by NAT,
stateful filtering with public IPs or stateless filtering with public
IPs; the advantage of doing NAT is making it easier for the end-point
software to know that
t;
> - S
>
> -Original Message-
> From: Roland Dobbins
> Sent: Thursday, April 09, 2009 09:32
> To: NANOG list
> Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
>
>
> On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote:
>
>>
, April 09, 2009 09:32
To: NANOG list
Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote:
Please share your thought and thanks in advance :)
No, IMHO. Most broadband operators don't insert firewalls inline in
Verizon filters unsolicited inbound traffic for their EVDO customers in my
experience.
- S
-Original Message-
From: Roland Dobbins
Sent: Thursday, April 09, 2009 09:32
To: NANOG list
Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
On Apr 9, 2009, at 11:48 PM
Hello Steven,
There seems to be an underlying assumption to your question
- that a firewall exists for Gi traffic only because of the NAT
requirement. This is not necessarily a safe assumption to make. The NAT
functionality may be needed to conserve IP space but does not take away from
the impor
On Apr 10, 2009, at 12:21 AM, Alexander Harrowell wrote:
I would think that, however you are providing IP addresses, any
ingress point
to a GSM core network ought to be carefully policed on security
grounds.
Sure. But stateful firewalls aren't required to protect that
infrastructure, st
On Apr 10, 2009, at 12:17 AM, Mikael Abrahamsson wrote:
Todays GGSN and other devices should handle it, even though they
didn't do it well 5+ years back.
There's a lot of legacy (and not-so-legacy) gear out there with weak
IP stacks; beyond that, the relevant BCPs like iACLs should be
de
On Thursday 09 April 2009 16:48:32 Lee, Steven (NSG Malaysia) wrote:
> Hi all, in most of the existing 2G/2.5G mobile PS-core (Packet Switch)
> networks have Gi segment (interface between GGSN & IP Router/firewall). Due
> to the IP address constraint, operator usually do NAT on the Gi firewall to
>
On Apr 9, 2009, at 11:48 PM, Lee, Steven (NSG Malaysia) wrote:
Please share your thought and thanks in advance :)
No, IMHO. Most broadband operators don't insert firewalls inline in
front of their subscribers, and wireless broadband is no different.
The infrastructure itself must be prot
On Thu, 9 Apr 2009, Lee, Steven (NSG Malaysia) wrote:
Hi all, in most of the existing 2G/2.5G mobile PS-core (Packet Switch)
networks have Gi segment (interface between GGSN & IP Router/firewall).
Due to the IP address constraint, operator usually do NAT on the Gi
firewall to NAT the private I
13 matches
Mail list logo