<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div class="moz-cite-prefix"><font size="4">Hi, Matt:</font></div>
<div class="moz-cite-prefix"><font size="4"><br>
</font></div>
<div class="moz-cite-prefix"><font size="4">1) The challenge that
you described can be resolved as one part of the benefits from
the EzIP proposal that I introduced to this mailing list about
one month ago. That discussion has gyrated into this thread more
concerned about IPv6 related topics, instead. If you missed that
introduction, please have a look at the following IETF draft to
get a feel of what could be done:</font></div>
<div class="moz-cite-prefix"><font size="4"><br>
</font></div>
<div class="moz-cite-prefix"><font size="4">
<a class="moz-txt-link-freetext"
href="https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-space">https://datatracker.ietf.org/doc/html/draft-chen-ati-adaptive-ipv4-address-space</a>
<br>
</font></div>
<div class="moz-cite-prefix"><font size="4"><br>
</font></div>
<div class="moz-cite-prefix"><font size="4">2) With respect to the
specific case you brought up, consider the EzIP address pool
(240/4 netblock with about 256M addresses) as the replacement to
that of CG-NAT (100.64/10 netblock with about 4M addresses).
This much bigger (2^6 times) pool enables every customer
premises to get a static IP address from the 240/4 pool to
operate in simple router mode, instead of requesting for a
static port number and still operates in NAT mode. Within each
customer premises, the conventional three private netblocks may
be used to handle the hosts (IoTs).<br>
</font></div>
<div class="moz-cite-prefix"><font size="4"><br>
</font></div>
<div class="moz-cite-prefix"><font size="4">3) There is a
whitepaper that presents an overview of other possibilities
based on EzIP approach: </font>
<div class="moz-cite-prefix"><font size="4"><br>
</font> </div>
<font size="4"> </font>
<div class="moz-cite-prefix"><font size="4"> <a
class="moz-txt-link-freetext"
href="https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf">https://www.avinta.com/phoenix-1/home/RevampTheInternet.pdf</a></font></div>
<div class="moz-cite-prefix"><font size="4"><br>
</font></div>
<div class="moz-cite-prefix"><font size="4">Hope the above makes
sense to you.</font></div>
<div class="moz-cite-prefix"><font size="4"><br>
</font></div>
<div class="moz-cite-prefix"><font size="4">Regards,</font></div>
<div class="moz-cite-prefix"><font size="4"><br>
</font></div>
<div class="moz-cite-prefix"><font size="4"><br>
</font></div>
<div class="moz-cite-prefix"><font size="4">Abe (2022-04-02 23:10)<br>
</font></div>
<font size="4"> </font>
<div class="moz-cite-prefix"><br>
</div>
</div>
<div class="moz-cite-prefix"> <br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 2022-04-02 16:25, Matthew Petach
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAEmG1=qEG1ZGsgSM0Gcq59WfceO4VPT=ynHJ_W-F51yMcTNZ=Q@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Fri, Apr 1, 2022 at 6:37
AM Masataka Ohta <<a
href="mailto:mohta@necom830.hpcl.titech.ac.jp"
moz-do-not-send="true" class="moz-txt-link-freetext">mohta@necom830.hpcl.titech.ac.jp</a>>
wrote:</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex"> <br>
If you make the stateful NATs static, that is, each<br>
private address has a statically configured range of<br>
public port numbers, it is extremely easy because no<br>
logging is necessary for police grade audit trail<br>
opacity. </blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
Masataka Ohta<br>
</blockquote>
<div><br>
</div>
<div>Hi Masataka,</div>
<div>One quick question. If every host is granted a range of
public port </div>
<div>numbers on the static stateful NAT device, what happens
when </div>
<div>two customers need access to the same port number?</div>
<div><br>
</div>
<div>Because there's no way in a DNS NS entry to specify a </div>
<div>port number, if I need to run a DNS server behind this </div>
<div>static NAT, I *have* to be given port 53 in my range; </div>
<div>there's no other way to make DNS work. This means </div>
<div>that if I have two customers that each need to run a </div>
<div>DNS server, I have to put them on separate static </div>
<div>NAT boxes--because they can't both get access to </div>
<div>port 53.</div>
<div><br>
</div>
<div>This limits the effectiveness of a stateful static NAT </div>
<div>box to the number of customers that need hard-wired </div>
<div>port numbers to be mapped through; which, depending </div>
<div>on your customer base, could end up being all of them, </div>
<div>at which point you're back to square one, with every </div>
<div>customer needing at least 1 IPv4 address dedicated </div>
<div>to them on the NAT device.</div>
<div><br>
</div>
<div>Either that, or you simply tell your customers "so sorry </div>
<div>you didn't get on the Internet soon enough; you're all </div>
<div>second class citizens that can't run your own servers; </div>
<div>if you need to do that, you can go pay Amazon to host </div>
<div>your server needs." </div>
<div><br>
</div>
<div>And perhaps that's not as unreasonable as it first
sounds; </div>
<div>we may all start running IPv4-IPv6 application gateways </div>
<div>on Amazon, so that IPv6-only networks can still interact </div>
<div>with the IPv4-only internet, and Amazon will be the
great </div>
<div>glue that holds it all together.</div>
<div><br>
</div>
<div>tl;dr -- "if only we'd thought of putting a port number
field </div>
<div>in the NS records in DNS back in 1983..."</div>
<div><br>
</div>
<div>Matt</div>
<div><br>
</div>
</div>
</div>
</blockquote>
<p><br>
</p>
<div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br />
<table style="border-top: 1px solid #D3D4DE;">
<tr>
<td style="width: 55px; padding-top: 13px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" alt="" width="46" height="29" style="width: 46px; height: 29px;" /></a></td>
<td style="width: 470px; padding-top: 12px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link" target="_blank" style="color: #4453ea;">www.avast.com</a>
</td>
</tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body>
</html>