couple of questions regarding 'lifeline' and large scale nat...

Masataka Ohta mohta at
Sat Feb 11 08:19:57 UTC 2012

Leo Bicknell wrote:

>> The applications can simply be debugged to use socket option
> "Simple" is subjective. 

To "the problems of some applications that make thousands of
TCP connections in a short order eating up ports makes it a
nightmare to manage and debug", I gave you an objectively
simple answer.

> Keep in mind many users will have a home
> gateway which also does NAT.  And indeed double NAT in the home (router
> doing NAT, third party device doing NAT) is depressingly common.

Double NAT does not make things worse, as long as "static
bypasses" exist, which is your assumption.

OTOH, the double NAT, some of which may or may not IPv6 capable,
makes IPv6 deployment hard, if not impossible.

> That
> means some of the troubleshooting will be via a triple-NAT if the
> carrier is performing the conversion.

The carrier should have a trouble shooting equipment within
its private network, which means trouble shooting over
the double NAT with IPv4 is much easier than with IPv6.

>> Are you saying we MUST record all the IP addresses and
>> port numbers of all peers of your customers to prevent
>> illegal things?
> If the carrier NAT's, maybe.

> Today port information need not be stored, because an IP is assigned
> to a customer.


With your requirement to record IP address of peers, a carrier
must record port numbers of peers of its customer, if some
carriers of the peers use NAT.

Note that there already are carriers who use NAT.

Note also that, recording peers' IPv4 address needs 4Bs,
recording peers' IPv4 addresses and port numbers needs 6Bs
and recording peers' IPv6 addresses needs 16Bs.

> Law enforcement can come request who was using an
> IP, and be given the customer information.  It's what everyone has
> come to expect.

That's completely different from recording information of peers
of your customer.

> Large operations tend to find that having a cost effective and staff
> time effective way to deal with law enforcement is very important.

True. And, see the double NAT example you mentioned.

>> IPv6 means considerably more amount of headache and
>> support costs than using NAT cleverly and simply.
> When IPv4 addresses are selling for $100 an address that equation
> changes quickly.  That day may be only a few months or years off.

Sorry, are you seriously saying that paying $100 once for a
customer is so much expense for a carrier?

Even if so, the carrier should deploy NAT, because $100 is
paid only once for hundreds of customers.

Moreover, wide deployment of NAT will further reduce prices
of IPv4 addresses.

						Masataka Ohta

More information about the NANOG mailing list