Greenfield 464XLAT (In January)

Baldur Norddahl baldur.norddahl at gmail.com
Fri Jun 12 09:13:08 UTC 2015


On 12 June 2015 at 07:14, Tore Anderson <tore at fud.no> wrote:

>
> Hi Baldur,
>
> MAP is *not* NAT; that's what's so neat about it. The users do get a
> public IPv4 address (or prefix!) routed to their CPE's WAN interface,
> towards which they can accept inbound unsolicited connections.
>


True if you are only doing MAP because you do not like pesky IPv4 packets
in your backbone (ie. do not like dual stack backbone).

But for us that are in the "have to buy IPv4 addresses" boat, the
interesting thing about MAP is that it can be used instead of carrier NAT.
You will have multiple users sharing the same IP address. Each user has a
port range routed to him. While he does get the public IP directly on his
CPE, he is restricted from using it freely. He will not be able to run ssh
on port 22 or a webserver on port 80/443.

In this sense it is carrier NAT implemented on the CPEs. And with it comes
some of the evil of carrier NAT.

If I ever go down the carrier NAT route I would like a MAP solution. It is
clever. The only problem is that I do not know of any equipment that will
actually do MAP (besides possible Cisco which is outside my price range).
The RFC is not even done yet.

Regards,

Baldur



More information about the NANOG mailing list