Carrier Grade NAT

Matt Palmer mpalmer at hezmatt.org
Tue Jul 29 22:53:52 UTC 2014


On Wed, Jul 30, 2014 at 09:28:53AM +1200, Tony Wicks wrote:
> 2. IPv6 is nice (dual stack) but the internet without IPv4 is not a viable
> thing, perhaps one day, but certainly not today (I really hate clueless
> people who shout to the hills that IPv6 is the "solution" for today's
> internet access)

Do you have IPv6 deployed and available to your entire customer base, so
that those who want to use it can do so?  To my way of thinking, CGNAT is
probably going to be the number one driver of IPv6 adoption amongst the
broad customer base, *as long as their ISP provides it*.

> 3. 99.99% of customers don't notice they are transiting CGNAT, it just
> works.

More precisely: you don't hear from 99.99% of customers, regardless of
whether or not they notice problems that are caused by CGNAT.  People put up
with some *really* bad stuff sometimes without mentioning it to their
service provider.

> 5. NAT translation timeouts are important, XBOX and PlayStation suck.

Do they suck, or do they just not misbehave in a way that plays nicely
with your CGNAT?

> 10. It is not uncommon for people who run some game servers and websites
> (like banks) to be completely clueless/confused about cgnat and randomly
> block IP's as large numbers of users connect from  single IP. This is not a
> big issue in practice.

Is this cluelessness, or just reacting to a usage pattern which
overwhelmingly screams "abuse" that your CGNAT happens to emulate?  From my
experience, I've blocked a lot more abusive sources than NATs by blocking
IPs that originate a lot of connections with varying UAs, for example.  If
you walk like a duck and quack like a duck, it isn't only clueless people
who will call you a duck.

- Matt

-- 
"Python is a rich scripting language offering a lot of the power of C++
while retaining the ease of use of VBscript."
		-- The PyWin32 documentation



More information about the NANOG mailing list