NAT444 or ?

• Previous message (by thread): NAT444 or ?
• Next message (by thread): NAT444 or ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Seth Mos [mailto:seth.mos at dds.nl]
> Sent: 08 September 2011 06:43
> To: NANOG
> Subject: Re: NAT444 or ?
> 
> 
> Op 8 sep 2011, om 07:26 heeft Geoff Huston het volgende geschreven:
> 
> >
> > On 08/09/2011, at 2:41 AM, Leigh Porter wrote:
> >
> > It may not be what Randy was referring to above, but as part of that
> program at APNIC32 I reported on the failure rate I am measuring for
> Teredo. I'm not sure its all in the slides I was using, but what I was
> trying to say was that STUN is simply terrible at reliably negotiating
> a NAT. I was then wondering what pixie dust CGNs were going to use that
> would have any impact on the ~50% connection failure rate I'm observing
> in Teredo. And if there is no such thing as pixie dust (damn!) I was
> then wondering if NATs are effectively unuseable if you want anything
> fancier than 1:1 TCP connections (like multi-user games, for example).
> After all, a 50% connection failure rate for STUN is hardly encouraging
> news for a CGN deployer if your basic objective is not to annoy your
> customers.

I have a concern about some weird and wonderful VPN solutions that people may be using. I am quite sure that some of them will just not work through NAT444, though I have no evidence of this. People have problems with some VPN solutions with single NAT (especially with no ALGs). NAT444 will just be a mess.

> 
> The striking thing I picked up is that NTT considers the CGN equipment
> a big black hole where money goes into. Because it won't solve their
> problem now or in the future and it becomes effectively a piece of
> equipment they need to buy and then scrap "soon" after.

Well if you buy the 'right' solution then you can re-use it elsewhere. Many solutions use multi-purpose processing cards to deliver NAT functionality which can be used for other stuff such as firewalling or some other manor of traffic mangling. 


> 
> They acknowledge the need, but they'd rather not buy one.
> That and they (the isp) get called for anything which doesn't work.

Well at least these little problems that pop up keep people in jobs ;-) If everything just worked (tm) there would be nothing to do..

--
Leigh


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

• Previous message (by thread): NAT444 or ?
• Next message (by thread): NAT444 or ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]