[arin-ppml] CGN multiplier was: RE: Input on an article by Geoff Huston (potentially/myopically off-topic addendum)
Michel Py
michel at arneill-py.sacramento.ca.us
Thu Sep 15 14:02:04 EDT 2011
>> Michel Py wrote:
>> 1. Basic and idiot-proof firewall.
> Owen DeLong wrote:
> There's no difference here between NAT and no NAT. The stateful
> inspection firewall portion is identical.
There actually is a slight advantage with NAT: difficult if not
impossible to misconfigure the firewall part. I can't tell how many
broken firewall setups I see are broken, because there is something
equivalent to a "permit ip any any" somewhere near the top. It takes
some skill do configure a firewall correctly, skill that the people who
need cheap solutions generally do not possess. With NAT, the worst you
can do is a "DMZ host", you expose 1 host not the entire network.
> In reality, the hardware to deploy a full multi homed solution,
> including tunnel terminating routers for 2 colos can be had for
> about $600. You can find 1U colo slots for around $40/month
> or less, including transit.
And what about your time?
Time to handle the paperwork with ARIN to get an ASN and a PI prefix.
Time to find the 2 colos.
Time to purchase, install and configure the gear (including BGP config
with the 2 colos).
* your hourly rate = ??
Plus the Arin setup fees, plus the Arin maintenance fee. Plus the $60
for Comcast to have a static IP, because you if you can handle the
dynamic one not the customer, etc etc.
I want your setup, I want you to configure it and take care of
everything.
Give me an itemized quote for:
1. Setup cost (total hardware + fees + labor + travel)
2. Recurring costs
And compare to one-time $200 for a dual-wan router.
No, a dual-wan router is not what I call multihoming. Yes, there are
plenty of people out there that use it because they can't afford your
solution.
What you describe is indeed THE superior solution, but money does not
grow on trees. If I had to bill myself at the rate I charge customers
for configuring my own network, I'd be bankrupt.
> Lee Dilkie wrote:
> and ARIN will issue you a /24 PI space for such whimsical reasons?
Actually, if you have the setup Owen describes, yes. Fully multihomed,
good enough reason (as long as there are any /24 left). After that,
you'll have to buy a prefix on top of paying ARIN.
Michel.
More information about the ARIN-PPML
mailing list