NAT444 or ?

Thu Sep 8 05:26:46 UTC 2011

On 08/09/2011, at 2:41 AM, Leigh Porter wrote:

> 
> 
>> -----Original Message-----
>> From: Daniel Roesen [mailto:dr at cluenet.de]
>> Sent: 07 September 2011 17:38
>> To: nanog at nanog.org
>> Subject: Re: NAT444 or ?
>> 
>> On Wed, Sep 07, 2011 at 12:16:28PM +0200, Randy Bush wrote:
>>>> I'm going to have to deploy NAT444 with dual-stack real soon now.
>>> 
>>> you may want to review the presentations from last week's apnic
>> meeting
>>> in busan.  real mesurements.  sufficiently scary that people who were
>>> heavily pushing nat444 for the last two years suddenly started to say
>>> "it was not me who pushed nat444, it was him!"  as if none of us had
>> a
>>> memory.
>> 
>> Hm, I fail to find relevant slides discussing that. Could you please
>> point us to those?
>> 
>> I'm looking at http://meetings.apnic.net/32
> 
> There is a lot in the IPv6 plenary sessions:
> 
> http://meetings.apnic.net/32/program/ipv6
> 
> This is what I am looking at right now. Randy makes some good comments in those sessions. I have not found anything yet, but I am only on session 3, pertaining specifically to issues around NAT444.

It may not be what Randy was referring to above, but as part of that program at APNIC32 I reported on the failure rate I am measuring for Teredo. I'm not sure its all in the slides I was using, but what I was trying to say was that STUN is simply terrible at reliably negotiating a NAT. I was then wondering what pixie dust CGNs were going to use that would have any impact on the ~50% connection failure rate I'm observing in Teredo. And if there is no such thing as pixie dust (damn!) I was then wondering if NATs are effectively unuseable if you want anything fancier than 1:1 TCP connections (like multi-user games, for example). After all, a 50% connection failure rate for STUN is hardly encouraging news for a CGN deployer if your basic objective is not to annoy your customers.

regards,
Geoff