couple of questions regarding 'lifeline' and large scale nat...

Leo Bicknell bicknell at ufp.org
Fri Feb 10 19:00:36 CST 2012


In a message written on Sat, Feb 11, 2012 at 09:19:46AM +0900, Masataka Ohta wrote:
> The applications can simply be debugged to use socket option
> of REUSEPORT.

"Simple" is subjective.  Keep in mind many users will have a home
gateway which also does NAT.  And indeed double NAT in the home (router
doing NAT, third party device doing NAT) is depressingly common.  That
means some of the troubleshooting will be via a triple-NAT if the
carrier is performing the conversion.

> Are you saying we MUST record all the IP addresses and
> port numbers of all peers of your customers to prevent
> illegal things?

If the carrier NAT's, maybe.

Today port information need not be stored, because an IP is assigned
to a customer.  Law enforcement can come request who was using an
IP, and be given the customer information.  It's what everyone has
come to expect.

It's also not just what is legally required, but what is administratively
friendly.  Will the law say you have to track ports with carrier
grade NAT, probably not.  Will law enforcement spend a lot more
time with your staff trying to track down bad people costing you
time and money if you don't, probably.

Large operations tend to find that having a cost effective and staff
time effective way to deal with law enforcement is very important.

> IPv6 means considerably more amount of headache and
> support costs than using NAT cleverly and simply.

When IPv4 addresses are selling for $100 an address that equation
changes quickly.  That day may be only a few months or years off.

-- 
       Leo Bicknell - bicknell at ufp.org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20120210/d2b38012/attachment.bin>


More information about the NANOG mailing list