QUIC traffic throttled on AT&T residential

Brandon Martin lists.nanog at monmotha.net
Wed Feb 19 20:28:40 UTC 2020


On 2/19/20 2:54 PM, Fred Baker wrote:
> The argument I have heard is that residential firewalls often block anything that is*not*  UDP or TCP. The question for the googlers was existential - can it work at all?

I'm not sure that they "block" it, per se, though some probably do have 
an explicit rule to that effect.  I would think the bigger issue is that 
they don't know how to 1:N NAT arbitrary L4s (and how would they), so 
the absolute best you might get is that the first device behind the NAT 
to establish a mapping sees all the relevant L4 traffic and everybody 
else is locked out.  I'd suspect the normal case is simply that they 
drop it on the floor unless there's a specified "DMZ" host.

Perhaps this is just a semantic difference, but I think it's actually an 
even more difficult issue to resolve.  If it were simply blocked, that's 
usually "easy" (either for the user, via a management interface, or for 
the vendor, via policy template) to fix.  Writing an entirely new L4 NAT 
helper is a different matter entirely.

IPv6 would of course render this moot, but we all know how well IPv6 
traffic gets treated...
-- 
Brandon Martin



More information about the NANOG mailing list