[GTER] Anunciar CGNAT para OCA'S

João Butzke lista-gter at tbonet.net.br
Mon Nov 26 19:02:06 -02 2018 

Dê uma olhada nesse topico do nanog


-------- Mensagem encaminhada --------
Assunto: 	Re: netflix OCA in a CG-NAT world
Data: 	Mon, 26 Nov 2018 13:09:53 +0800
De: 	Dave Temkin <dave at temk.in>
Para: 	Aaron Gould <aaron1 at gvtc.com>
CC: 	North American Network Operators' Group <nanog at nanog.org>



Not exactly. You don't need to advertise the RFC1918 to the OCA - just 
make sure you advertise the CGN prefix to it, and make sure that the 
OCA's default gateway knows how to reach the RFC1918 clients. So long as 
the "outside" IP of your CGN is advertised to the OCA (the IP that 
clients who would be using the OCA would appear to the internet as) it 
should work.

Regards,
-Dave

On Mon, Nov 26, 2018 at 1:04 PM Aaron1 <aaron1 at gvtc.com 
<mailto:aaron1 at gvtc.com>> wrote:

    Thanks Dave, so my local OCA will listen to my BGP advertisements
    for RFC1918 prefixes if I decided to advertise them?

    Aaron

    On Nov 25, 2018, at 10:47 PM, Dave Temkin <dave at temk.in
    <mailto:dave at temk.in>> wrote:

>     FWIW (reviving an old thread)-
>
>     Putting an OCA with bypass through the CGN with RFC1918 space will
>     actually work just fine. We (Netflix) don't formally support it
>     because of the vast number of non-standard CGN implementations out
>     there, but if your clients are in RFC1918 space and the next hop
>     router from the OCA knows how to reach them, it will just work. We
>     only use BGP to inform our control plane, not for local routing.
>     Any traffic not served via the OCA will go through CGN as usual
>     and out peering/transit. Note that it does complicate
>     troubleshooting for both sides.
>
>     And yes, IPv6 is fully supported by every piece of our
>     infrastructure; the issue is TVs and STBs that do not support v6 -
>     but we have finally seen the largest device manufacturers commit
>     to supporting it (if they don't already on their late model sets)
>     so that should change year over year.
>
>     -Dave
>
>     On Mon, Sep 17, 2018 at 11:52 PM Jared Mauch
>     <jared at puck.nether.net <mailto:jared at puck.nether.net>> wrote:
>
>
>
>         > On Sep 17, 2018, at 6:54 AM, Tom Ammon
>         <thomasammon at gmail.com <mailto:thomasammon at gmail.com>> wrote:
>         >
>         > I'm looking to understand the impact of CG-NAT on a set of
>         netflix OCAs, in an ISP environment. I see in Netflix's FAQ on
>         the subject that traffic sourced from RFC 1918/6598 endpoints
>         can't be delivered to the OCA. Is this simply a matter of
>         deploying the OCA on the outside of the CGN layer? What are
>         the other consequences of CGN upon the OCA?
>         >
>
>         Yes, you want to deploy it outside your CG-NAT.
>
>         I also strongly suggest you look at how to get native IPv6
>         from your clients behind the CG-NAT rolled out.  I know many
>         folks have had issues with various CDNs and the number of
>         devices that reach out.  This is why folks get the Google
>         captcha, etc.
>
>         Giving those end-users an alternate way out will help.  I
>         understand this may take effort and is harder for folks using
>         UBNT & Tik gear in a smaller environment, but there is value
>         for your end-users.
>
>         - Jared
>

More information about the gter mailing list