OpenDNS CGNAT Issues

Tue Sep 11 16:29:14 UTC 2018

"Where does that leave the little guy with CGN?
Right here. Screaming into the avoid begging for help. Some special
exception. "
As a group that you'd consider a "little" guy, we've always ran full dual
stack ipv4/ipv6. The issue is being dual stack literally takes twice as
long to configure everything, it causes twice as many potential routing
problems, and you must now monitor twice as many routes, etc.. As a little
guy who has to fight tooth and nail for every customer, we hardly have time
in the day to run it this way, but we do, and guess what, every single day
we get ipv4 issues. Not CGNAT ipv4 issues, we actually have not seen a
single issue with CGNAT for our customer base, our techs ask a simple
question at install, "what do you use the internet for?", "gaming", "Okay,
dedicated public it is". And yet, with all those publics out there, we
still get calls everyday about some site not letting them in. It's all ipv4
issues. So not only do we have to expend the energy to implement dual stack
in our network, it doesn't save us any headaches. Until web hosting
companies, and cloud services offer ipv6 only as the defacto instead of the
premium service, only then will you see ipv4 not be an issue on the web.
The reason you only see the little guys screaming into the void is because
the big guys already have the contacts and already have the pull to get it
resolved in hours. I've posted in another forum the need for us as an
industry to have an association directly in charge of maintaining contacts
at all associations that have a history of aggressive filtering, so issues
like these don't take a little guy like us 2-4 weeks to resolve. If the
little guys were all a part of this association, they would contact their
membership rep for the contact and the membership rep would reach out as a
representative of the group as a whole to resolve any IP filtering issue
that occurs. Anything less than that will continue to have this forum
clogged with requests like these.

Michael

On Tue, 11 Sep 2018 at 07:31, Ca By <cb.list6 at gmail.com> wrote:

>
>
> On Tue, Sep 11, 2018 at 6:04 AM Matt Hoppes <
> mattlists at rivervalleyinternet.net> wrote:
>
>> That isn’t a solution. He still will need to dual stack and CGNat that.
>>
>
> But the flows that can support ipv6, will go ipv6 and not be subject to
> these abuse triggers.
>
> Look, this list has monthly reports from some small network operator
> hurting their customers with CGN NAT. Meanwhile, the big guys like Comcast
> / Charter / ATT / Cox have moved onto ipv6.
>
> Where does that leave the little guy with CGN?
>
> Right here. Screaming into the avoid begging for help. Some special
> exception.
>
> And, me, saying you had 10+ years of not deploying ipv6.  Here’s to the
> next 10 years of you email this list about your own failure to keep up with
> the times.
>
> We will have this discussion again and again.  Not sure your customers
> will stick around, all they know is your CGN space got black listed from
> yet another service
>
> #realtalk
>
>
>> On Sep 11, 2018, at 08:54, Ca By <cb.list6 at gmail.com> wrote:
>>
>>
>>
>> On Mon, Sep 10, 2018 at 9:12 PM Darin Steffl <darin.steffl at mnwifi.com>
>> wrote:
>>
>>> Hello,
>>>
>>> I have a ticket open with OpenDNS about filtering happening on some of
>>> our CGNAT IP space where a customer has "claimed" the IP as theirs so other
>>> customers using that same IP and OpenDNS are being filtered and not able to
>>> access sites that fall under their chosen filter.
>>>
>>> I have a ticket open from 6 days ago but it's not going anywhere fast.
>>>
>>> Can someone from OpenDNS contact me or point me to a contact there to
>>> help get this resolved? I believe we need to claim our CGNAT IP space so
>>> residential users can't claim IP's of their own.
>>>
>>> Thank you!
>>>
>>
>> You should provide your users ipv6, opendns supports ipv6 and likely will
>> not have this issue you see
>>
>> https://www.opendns.com/about/innovations/ipv6/
>>
>> I am sure it may cost you time / money / effort. But this old thing we
>> call ipv4 is in a death spiral, and it will just get worse and worse for
>> you without ipv6.
>>
>>
>>
>>>
>>> --
>>> Darin Steffl
>>> Minnesota WiFi
>>> www.mnwifi.com
>>> 507-634-WiFi
>>> <http://www.facebook.com/minnesotawifi> Like us on Facebook
>>> <http://www.facebook.com/minnesotawifi>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180911/2fb84c69/attachment.html>