Netflix banning HE tunnels

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Fri Jun 10 20:22:21 UTC 2016


On Sat, 11 Jun 2016 00:21:52 +0900, Masataka Ohta said:

> As such, the fish passages can be constructed, if translation
> behavior of the NAT boxes are known to end systems so that
> the end systems have sufficient knowledge to reverse the
> translation.

This requires each end system to restrict its use of ephemeral ports
to a specified *different* subrange per system, because the number of
end systems times their ephemeral port range can't exceed the number of
front-end systems times their ephemeral port range.  You just lost the
only thing that makes CGNAT work - time multiplexing a given external
IP/port pair across several sequential users.

Also, there's no existing mechanism for "if translation behavior of
the NAT boxes are known to end systems".  So you're looking at
end systems having to change software *anyhow*.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20160610/8c48185d/attachment.sig>


More information about the NANOG mailing list