Subject: Re: IPv6 Comment
To: Gregg C Levine <hansolofalcon@worldnet.att.net>
From: Andrew Gillham <gillham@vaultron.com>
List: current-users
Date: 09/06/2000 11:36:05
Gregg C Levine writes:
> Hello again from Gregg C Levine usually with Jedi Knight Computers
> I see you missed my point. I am referring to the switched multi-gigabit
> hardware, exactly what you are referring to. AT&T won't be out of the
Are you suggesting that the 6509 w/ MSM can do wire-speed NAT? Or that it
can do wirespeed "nat overload" (aka PAT), including "fixing" things like
ftp/dns, etc on the fly? I don't believe it can, at least it isn't going
to be able to "fix" the NAT/PAT problems on the fly at wire-speed. You
should be able to do (some) static/dynamic NAT though, provided the state
is shared between switches. (aka the "MLS entries" on a 6509)
The "Cisco CSS 11xxx" family claims to support wire-speed NAT, but again
it appears to be for NAT not PAT. (e.g. speeding up server farms or
cache clusters)
The big problem with dynamic NAT at wire-speed is the fact that the flow
needs to pass through the same switch _both_ directions or it will not
work. This can be eliminated by having the switches share the state of
these flows. (which I believe is done by Cisco's MLS)
Application fixup just can't be done at wire-speed unless you build ASICs
that support the specific application.
Don't get stuck thinking about having to only do 100-200Mbit/s of NAT, PAT,
or "fixup" as packets exit the network. Think about having to do 100-200
GIGabit/s as packets "exit" your NAT areas. (e.g. you want to do NAT/PAT
at the distribution or access layer rather than in the core where you are
talking 100s of Gigabit/s) So you end up needing to create splits in your
network around NAT barriers.
You may think that you only have to do NAT/PAT as the packets exit your
private network via peering points. (which will be ultra-highspeed at
this point) In reality you will have customers on your network with
their own address space, so you have to ensure that any other packets on
your network reach them *after* going through the NAT/PAT process.
The point Feico was making is that many ISPs are not going to want to
make these kind of sacrifices when they could push for IPv6 support.
-Andrew