Totally agree dude! Advantanges and disadvanges. Once you have a large routed network with privates, it sux to convert.
----------------------------------------------------------- Dennis Burgess, CCNA, A+, Mikrotik Certified Trainer WISPA Board Member - wispa.org Link Technologies, Inc -- Mikrotik & WISP Support Services WISPA Vendor Member Office: 314-735-0270 Website: http://www.linktechs.net LIVE On-Line Mikrotik Training Author of "Learn RouterOS" -----Original Message----- From: wireless-boun...@wispa.org [mailto:wireless-boun...@wispa.org] On Behalf Of Matt Larsen - Lists Sent: Wednesday, October 28, 2009 2:23 PM To: WISPA General List Subject: Re: [WISPA] NAT issue with Hotmail/Yahoo/Google I believe that we have fixed this by using the StarOS policy routing to split up some of our subnets to SourceNAT through a different IP address on our NAT server. If we are going to get into the public vs. privates discussion, well.... I have used NAT for customer IP addresses from day 1. I used to use publics, but it was a tremendous pain in the ass, and would be very difficult to implement on my current network design (routed subnets at every single location) so I have no interest in giving each customer their own public IP address. There are about 160 private subnets on the access points in my network, so I have no intention of switching to publics anytime soon. I also loathe PPPoE and have worked with a couple of people who tried to convert to it and converted back as soon as they could because it just didn't work as well as advertised. YMMV, but I'm just fine not using it. NAT has been very beneficial to my customers as a whole, since they are not directly exposed to the Internet and we have far fewer virus/trojan/backdoor issues because of it. We do have a few folks who need a public IP, and route several subnets of public IP addresses out to towers where public IP addresses are needed. That is fine with me, because we charge extra for the IP addresses. Just another reason for power users to move up the pricing ladder if they want the extras. Not using publics has also been a godsend as far as maintaining flexibility between backbone providers and utilization of secondary links in the event of failures. Sometime in the next month, I'm switching my primary backbone to go through a new provider that is delivering 50meg for the same price that I was previously paying for 15. Moving traffic to that backbone will be as simple as changing one line in a policy routing statement. If I was using publics, I would still be stuck with the previous provider. I don't like being hostage to outside network providers if I can avoid it. In addition to my primary backbone link, I also have backbone links with two other neighboring WISPs and the ability to route traffic to the Internet through them in the event of an outage on my network between my APs and my NOC. They can do the same thing through my network. Just last week, a set of rolling power outages took out two towers that were the redundant paths to five APs on the far eastern side of my network. OSPF figured it out and routed them out through my neighbor's network until the towers came back up and it switched back. Same thing happened on his network last month, and we handled the majority of his traffic until his backbone link was back up. That is not a very simple thing to implement with public IP addresses, but it was pretty easy to make it happen with privates. So yeah, I have my reasons for using NAT. Switching to publics is a rhetorical answer, not a useful one. Matt Larsen vistabeam.com Mike Hammett wrote: > I believe Matt has around 5k subs, maybe I'm wrong. At 5k subs, his > cost per year per IP address is $0.45. That's under $0.04/month. I'd > consider that a reasonable expense. > > > ----- > Mike Hammett > Intelligent Computing Solutions > http://www.ics-il.com > > > > -------------------------------------------------- > From: "Scott Reed" <scottr...@onlyinternet.net> > Sent: Wednesday, October 28, 2009 1:23 PM > To: "WISPA General List" <wireless@wispa.org> > Subject: Re: [WISPA] NAT issue with Hotmail/Yahoo/Google > > >> <RANT> >> So, as with so much that goes on the lists, not just this one, "oh, >> you aren't doing it my way so the fix is do it my way." What a bunch >> of baloney!! >> There are lots of ways to do almost everything we do as ISPs. What >> really needs to happen is for people to read the post, think about >> what the real question is and then, if and only if, the can pose a >> solution to the real problem, post a suggestion. >> >> But, since the only posts I have seen to Matt's is give everyone a >> public address, I have a few questions: >> >> So, who is going to buy Matt a block of IPs to fix this non-NAT issue? >> I ask, because I do as Matt does and if that is the fix, I need >> someone to buy me a block as well. >> But the issue isn't really NAT, is it? >> The real question is how does he deal with the current issue on his >> current network? >> >> </RANT> >> >> Matt Larsen - Lists wrote: >> >>> We are having a problem with certain sites that are rejecting our >>> customers because they say the IP address has sent too much traffic over >>> the last 24 hours. This is a problem, as 98% of our customers are >>> behind a single NATted IP address. I am just changing the IP address >>> of the NAT server every 12 hours now, but am looking for a better >>> solution. Anyone have any similar issues? >>> >>> Matt Larsen >>> vistabeam.com >>> >>> >>> >>> -------------------------------------------------------------------- >>> ------------ >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> -------------------------------------------------------------------- >>> ------------ >>> >>> WISPA Wireless List: wireless@wispa.org >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >>> -------------------------------------------------------------------- >>> ---- >>> >>> >>> No virus found in this incoming message. >>> Checked by AVG - www.avg.com >>> Version: 8.5.423 / Virus Database: 270.14.36/2465 - Release Date: >>> 10/28/09 09:34:00 >>> >>> >>> >> -- >> Scott Reed >> Sr. Systems Engineer >> GAB Midwest >> 1-800-363-1544 x4000 >> Cell: 260-273-7239 >> >> >> >> --------------------------------------------------------------------- >> ----------- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> --------------------------------------------------------------------- >> ----------- >> >> WISPA Wireless List: wireless@wispa.org >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> >> > > > ---------------------------------------------------------------------- > ---------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > ---------------------------------------------------------------------- > ---------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > ------------------------------------------------------------------------ -------- WISPA Wants You! Join today! http://signup.wispa.org/ ------------------------------------------------------------------------ -------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
