Netflix banning HE tunnels
Masataka Ohta
mohta at necom830.hpcl.titech.ac.jp
Sat Jun 11 00:33:40 UTC 2016
Valdis.Kletnieks at vt.edu wrote:
> This requires each end system to restrict its use of ephemeral ports
> to a specified *different* subrange per system, because the number of
> end systems times their ephemeral port range can't exceed the number of
> front-end systems times their ephemeral port range.
Yes, and the resulting 48 bit address space should be large enough.
Moreover, reverse NAT with dynamic port allocation is possible.
Though, like dynamic address allocation, it is not very useful for
servers, clients are fine.
> You just lost the
> only thing that makes CGNAT work - time multiplexing a given external
> IP/port pair across several sequential users.
That is an argument against static NAT with 32 bit address space
without port translation/sharing.
> Also, there's no existing mechanism for "if translation behavior of
> the NAT boxes are known to end systems".
UPnP offers such mechanisms though that of v1 is not very efficient.
> So you're looking at
> end systems having to change software *anyhow*.
Or live with conventional NAT, which is the current reality.
The point is that migration can be done smoothly only by upgrading
one end and that, after the upgrade, unupdated systems can continue
to live with conventional NAT.
Masataka Ohta
More information about the NANOG
mailing list