Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK ISPs Respond To the Dangers of Using Carrier Grade NAT Instead of IPv6

Unknown Lamer posted about a year and a half ago | from the ten-years-warning-insufficient dept.

The Internet 165

Mark.JUK writes "Several major Internet Service Providers in the United Kingdom, including BSkyB, Virgin Media, TalkTalk, AAISP and Fluidata, have warned that the adoption of Carrier Grade NAT (IPv4 address sharing) is likely to become increasingly common in the future. But the technology, which many view as a delaying tactic until IPv6 becomes more common place, is not without its problems and could cause a number of popular services to fail (e.g. XBox Live, PlayStation Network, FTP hosting etc.). The prospect of a new style of two tier internet could be just around the corner." A few of the ISPs gave the usual marketing department answers, but three of them noted that they've been offering IPv6 for ages and CGNAT is only inevitable for folks that didn't prepare for what they knew was coming. Which, unfortunately, appears to be most of the major UK ISPs.

cancel ×

165 comments

If they offer IPv6...go ahead (4, Insightful)

ERJ (600451) | about a year and a half ago | (#42670445)

If, and only if, they do offer IPv6 services to their customers than I am pretty cool with this. Realistically IPv4 is done. There is no real other option for the ISPs than to move to this type of setup for backwards compatibility and push IPv6 for full compatibility.

Re:If they offer IPv6...go ahead (0)

Anonymous Coward | about a year and a half ago | (#42670801)

I've had IPv6 for a while from my UK ISP (indirectly, Merula). Before that I used Hurricane Electric. If you want IPv6, you can readily get it.

Re:If they offer IPv6...go ahead (3, Informative)

lattyware (934246) | about a year and a half ago | (#42671057)

I disagree - in some areas, no ISP that offers IPv6 covers the area, and tunnels are hard to set up (for average joe) and relatively slow.

Re:If they offer IPv6...go ahead (1)

operagost (62405) | about a year and a half ago | (#42671295)

Thus the first line of the GP post:

If, and only if, they do offer IPv6 services to their customers than I am pretty cool with this.

Re:If they offer IPv6...go ahead (1)

lattyware (934246) | about a year and a half ago | (#42671467)

My reply was aimed at the line "If you want IPv6, you can readily get it." in the parent.

Re:If they offer IPv6...go ahead (2)

gbjbaanb (229885) | about a year and a half ago | (#42671505)

the only kind of tunnelling you want is the NAT64 set up on your router - you don't really want IPv4 in the external internet coming into your home network once you have IPv6, but you'll still have a fair few devices internally (eg your TV) that only speak IPv4.

If they exist on the router, the average guy shouldn't have any worries except to enable the "IPv4 legacy mode" switch.

Re:If they offer IPv6...go ahead (1)

grahammm (9083) | about a year and a half ago | (#42671519)

There are ISPs which offer IPv6 over DSL to all areas of the UK. So, at least in UK, IPv6 is available for anyone who can get DSL.

Re:If they offer IPv6...go ahead (1)

Albanach (527650) | about a year and a half ago | (#42672519)

Which areas?

Virgin Media say they should have ipv6 running before they run out of addresses. Other ISPs offer ipv6 today and are available to anyone with broadband via a BT land line.

I'd have to imagine the percentage of UK homes that have internet access they would care about but who cannot get it via either BT or Virgin Media is very small.

I'd imagine the situation could be much worse in other countries like the US where homes often have a choice of just one or two providers.

Re:If they offer IPv6...go ahead (0)

Anonymous Coward | about a year and a half ago | (#42672667)

GP is right, sorry to burst your bubble like. :P

http://tech.slashdot.org/comments.pl?sid=3403189&cid=42671519

Go read.

Re:If they offer IPv6...go ahead (0)

Anonymous Coward | about a year and a half ago | (#42671171)

needs to be the other way round - ip6 as standard with a nat or proxy to legacy ip4 services.

IPv6 core, IPv4 edge, thanks vendors (3, Interesting)

swschrad (312009) | about a year and a half ago | (#42671575)

the big providers in the US, and many of the rest, are IPv6 enabled in the core. but edge equipment at the subscriber is not up to the task, so NAT IPv4 is how it's done here. virtually all of the DSL modems are MD'd (manufacturer discontinued) IPv4, so it makes sense.

Re:If they offer IPv6...go ahead (0)

Anonymous Coward | about a year and a half ago | (#42673685)

Dear sir or madam;

We, your ISP, are proud to announce the availability of IPV6 addresses. This modern service will only cost you an additional $60 per month. This fee allows you to use a total of 4 (four) IPV6 addresses on any device allowed on our network. Additional addresses may be purchased in blocks of 5 (five) with an upgrade to your service or, with a business account in blocks of 10 (ten) at a cost of $100 per block per year.

Yes, we know this is ridiculous price gouging, but, as every idiot says "Realistically IPv4 is done" and we certainly want to take advantage of your complete dependence on our service.

Good luck!

Remember this is the UK... (2, Insightful)

benjfowler (239527) | about a year and a half ago | (#42670475)

Unlike the US, where if people get bad service, they get vocal and kick up a stink, the British have a tendency to just wear it. Expensive, shit service is par for the course here, and business and the 1% know it.

Pink Floyd. (5, Funny)

SJHillman (1966756) | about a year and a half ago | (#42670551)

I didn't know Pink Floyd was talking about ISPs.
"Hanging on in quiet desperation is the English way. The pool is gone, v4 is over. Thought I'd more addresses to assign."

Re:Remember this is the UK... (0)

Anonymous Coward | about a year and a half ago | (#42670625)

Expensive, shit service is par for the course here, and business and the 1% know it.

Are we talking about the US or the UK?

You see, I'm confused, because the terrible screeching of the plebs here in the US has certainly not prevented expensive, shit service.

I rather thought the British simply understood this is the nature of our brave new world, and simply carried on without wasting time or energy on useless and ultimately futile whining.

Re:Remember this is the UK... (4, Informative)

somersault (912633) | about a year and a half ago | (#42670637)

Judging from what I've read about US telcos and ISPs, and the plans I've seen for mobile and broadband access here, it sounds like you have that the wrong way round. We have way more competition and better pricing in the UK.

Re:Remember this is the UK... (3, Insightful)

Alomex (148003) | about a year and a half ago | (#42670791)

You have the European Union and its competition rules to thank for that.

Re:Remember this is the UK... (1)

Anonymous Coward | about a year and a half ago | (#42671015)

*sigh*

I know everyone likes to think of the people as the government and what not, but please... let's not let this devolve in to a debate about the UK and the EU.

We've got FIVE SODDING YEARS OF BITCHING to come, thanks to some twerp being beholden to his party.

Let's save our strength.

Re:Remember this is the UK... (2)

Xarius (691264) | about a year and a half ago | (#42672593)

We've had those rules for longer than the EU has existed, our state-owned monopoly on the tubes was privatised in 1985...

Re:Remember this is the UK... (3, Informative)

Alomex (148003) | about a year and a half ago | (#42673113)

As you Brits say, bollocks.

Here's just one example:

In 2008, the European Commission announced that costs for sending roaming texts were also too high and, if the mobile industry didn't voluntarily drop prices, further mobile roaming regulations could follow.

Mobile service providers ignored this warning, so the Commission has now regulated mobile roaming text prices, too. From 1 July 2009, all mobile service providers were forced to drop their text prices to 11p per text sent. Receiving texts while abroad is free.

Re:Remember this is the UK... (2)

garyok (218493) | about a year and a half ago | (#42671031)

Yep, gotta agree with parent - £22/month for 78Mb/s (measured) from BT and fully ready for IPv6. I got sick of Be Un Limited after the third time they sent me a questionnaire on fibre.

Me: I'd love fibre. FTTC or FTTP, whatever! When are you planning to roll it out?

Be: Mwahaha! I can't believe you fell for that. But we'll keep stringing you along so you keep paying us our subs...

Looking forward to hearing of Be's demise. There's very little I despise more in IT than a company that's all mouth and no trousers.

Re:Remember this is the UK... (1)

jimicus (737525) | about a year and a half ago | (#42672031)

Fully ready for IPv6? Who's your ISP? BT have been very cagey and most FTTP providers are only reselling Openreach's wholesale product.

Re:Remember this is the UK... (0)

Anonymous Coward | about a year and a half ago | (#42672191)

I'm more surprised that he has a choice of providers. Here we have 3 companies (cable, phone and 1 wireless company), and that is just because I live in a major city in the US. Get just a few miles out of town and it becomes 1. You can literally be 25 minutes from downtown and only have one option for a provider. And I would kill for $35 a month for 78Mbps. I pay that much for 15Mbps and I have only ever seen that on speedtest.net when using a server hosted by my ISP. Most other measuring tools put me between 2 and 3.

Re:Remember this is the UK... (2, Informative)

Anonymous Coward | about a year and a half ago | (#42672855)

The copper PSTN network that means everyone has a telephone exchange near them was originally built by the Post Office (ie by the government). The telephone service half of the Post Office was then privatised as BT (the postal part became Royal Mail).

Regulations to avoid BT becoming a monopoly mean that BT has to offer other companies the ability to provide their own DSL services hosted on BT's DSLAMs (BT Wholesale). LLU (Local Loop Unbundling) then meant that BT had to allow the companies access to the exchanges to install their own DSLAMs.

The result is that in all built up areas you have dozens of companies offering LLU products. Using their own DSLAMS means they can provide better services than BT Wholesale, so for example ADSL2 was rolled out on a small number of LLU products before BT rolled it out. Even in rural areas where it's not cost effective for companies to install LLU options you still get a large number of companies able to provide a reasonable service via BT Wholesale, even if the older DSLAM tech and longer distances limit you to 8MB there.

Re:Remember this is the UK... (1)

Bert64 (520050) | about a year and a half ago | (#42672971)

Off the top of my head:

AAISP..
Entanet..

They resell BT wholesale, which just provides a PPP tunnel to servers run by the ISP, what protocol(s) they choose to run over the top of that tunnel has nothing to do with BT.

Interestingly, many years ago BT had a public ipv6 tunnel broker service, but this appears to be long gone. No idea why they abandoned it, but BT were a relatively early adopter of V6 and already had experience of v6 before 21cn or fttc were being rolled out, even first generation adsl was still under testing with bt first had ipv6.

Re:Remember this is the UK... (0)

Anonymous Coward | about a year and a half ago | (#42673407)

From the price, it's not the one he's using, but try Andrews and Arnold. They've been very vocal about their IPv6 support!

Re:Remember this is the UK... (2)

Sockatume (732728) | about a year and a half ago | (#42670677)

1) This is a future planning issue, not a service quality issue, and therefore there is nothing for end users to notice yet
2) Complaining is the Great British passtime and I'm affronted that you would dare question our continued dominance in the field

Re:Remember this is the UK... (1)

Albanach (527650) | about a year and a half ago | (#42672709)

I guess you've never purchased broadband in both countries.

Broadband in the US is expensive, slow and non-competitive by comparison. Customer service is astonishingly poor if you compare to a decent UK provider like Zen or A&A.

Most US homes will have a choice of one or two providers. DSL from the phone company and cable.

Re:Remember this is the UK... (1)

WaffleMonster (969671) | about a year and a half ago | (#42672915)

Most US homes will have a choice of one or two providers. DSL from the phone company and cable.

While the cable scene is as you describe DSL is open to competition by independent ISPs. Telco provides last mile circuit and ISP provides Internet connectivity thru telco ATM cloud.

It may not be advertised as heavily or known to most people as an option but it is there in many areas.

Major Supplier does not want home based servers (2, Interesting)

Anonymous Coward | about a year and a half ago | (#42670487)

I've been following the IP6 thing here in the UK with interest. BT the major supplier seem to be uninterested in full IPV6 for all customers. I've seen statements that they are pursuing CGNAT for IPV6. If this is true it beggars belief. The only reason I can that makes any form of sense is the attempt to stop a proliferation of home based servers, suck as toasters, fridges, TV & PVRs etc.

Re:Major Supplier does not want home based servers (1)

SJHillman (1966756) | about a year and a half ago | (#42670575)

But IPv6 is more or less designed to assign an IP address to every goddamn thing in your house, right down to the nails in the walls, so it really doesn't make any sense to stop people from doing that either.

Re:Major Supplier does not want home based servers (2)

vlm (69642) | about a year and a half ago | (#42670659)

ISPs are not the ones who designed ipv6 or the concepts behind it.

Usually when you see a "demand" for NAT on ipv6 its people who don't understand the relationship between a statefull firewall and NAT, and they really are "demanding" their existing firewall minus the NAT part.

Re:Major Supplier does not want home based servers (3, Informative)

tlhIngan (30335) | about a year and a half ago | (#42671115)

Usually when you see a "demand" for NAT on ipv6 its people who don't understand the relationship between a statefull firewall and NAT, and they really are "demanding" their existing firewall minus the NAT part.

2 advantages of NAT beyond firewalling:

1) Apps know there's NAT, and cannot assume end-to-end connectivity. With IPv6, determining if there's end to end connectivity is much hardware because firewalls are transparent - you may be able to establish a partial link, but not a full one because the firewall lets some of the packets through. In the early days of NAT, this caused no end to confusion with old protocols (e.g., FTP) where one could connect to the FTP server, but fail to transfer data. These days, FTP clients often check to see if their IP address is in the reserved range and default to passive mode.

And trust me, trying to figure out why some client only worked partially is a royal annoyance until everyone started designing protocols to be smarter with their connections so you don't have to open 100 ports to play a game anymore.

2) It isolates the internal network numbering from the external. For 90% of home users, this would lead to blissful ignorance - their ISP can give them a new prefix and if they lose connectivity, they reboot the router and away they go. Do it in a traditional router environment where every PC needs ot use the prefix, and it's bound to happen that the next time their ISP changes prefixes, users get messed up. And diagnosing why would mean having to talk to family on the phone as remoting in is impossible (no connectivity, remember?), or a long drive out. Or family meetings where there's a pile of PCs in the corner as "they can't get on the internet".

Sure, it's supposed to be transparent and smooth, but that just means it likely won't. And since every internet-connected IPv6 machine will have at least two IPv6 addresses, chances are it's going to be some VERY long conversations with family leading to guilt trips and having to do onsite support. Just get me a box that does NATv6, DHCPv6 that I can drop in and tell my parents to reboot if they have issues and things revert back to how it works right now in the IPv4 era.

Plus, for me, i don't want to have to know the new IP address of my printer just because my ISP renumbered and gave me a different prefix, which means I'd probably have to use the reserved address space for that stuff so my IPv6 addresses don't keep wandering around, or having to update my )(@&#% firewall rules if there are some devices I don't want on the internet (data caps, remember?) but which always helpfully sniff router advertisements and other such autoconfiguration things in attempts to get on the 'net.

Re:Major Supplier does not want home based servers (2)

vlm (69642) | about a year and a half ago | (#42671867)

There is a pretty hard core attitude shift in ipv6 that thou shalt not static assign addresses. Dynamic / multicast DNS to the rescue, etc.
Also a VERY hard core attitude shift away from 1:1 mapping of address to interface. I have an ethernet at home with something like 4 ipv6 addrs on it, long story.
If you do that, a renumbering is simple. Wait a moment for the router to start advertising its new prefix and you're all done. No need to reboot or any of that.
We can trust mfgrs and poor programmers to totally F this up. Really ipv6 stacks should never have been made widely available with statically assignable addresses, that would fix a whole lot of issues with people who none the less demand the ability to shoot themselves in their foot.

Problem #1 is pretty much a firewall config issue. You want stateful firewalling or not? You decide.

Re:Major Supplier does not want home based servers (1)

Bengie (1121981) | about a year and a half ago | (#42672043)

Apps know there's NAT, and cannot assume end-to-end connectivity. With IPv6, determining if there's end to end connectivity is much hardware because firewalls are transparent

UPNP works well with any good IPv6 firewall. Just like UPNP with IPv4+NAT.

Re:Major Supplier does not want home based servers (0, Troll)

feld (980784) | about a year and a half ago | (#42672403)

Usually when you see a "demand" for NAT on ipv6 its people who don't understand the relationship between a statefull firewall and NAT, and they really are "demanding" their existing firewall minus the NAT part.

2 advantages of NAT beyond firewalling:

1) Apps know there's NAT, and cannot assume end-to-end connectivity. With IPv6, determining if there's end to end connectivity is much hardware because firewalls are transparent - you may be able to establish a partial link, but not a full one because the firewall lets some of the packets through.

Please tell me you don't have a job working with networks. Either programming or as a sysadmin/engineer. This problem was solved by people communicating across the internet before you were born.

There's only one advantage of NAT: reserving the IPv4 space. There are no others.

Re:Major Supplier does not want home based servers (0)

Anonymous Coward | about a year and a half ago | (#42672955)

1) Apps know there's NAT, and cannot assume end-to-end connectivity. With IPv6, determining if there's end to end connectivity is much hardware because firewalls are transparent - you may be able to establish a partial link, but not a full one because the firewall lets some of the packets through. In the early days of NAT, this caused no end to confusion with old protocols (e.g., FTP) where one could connect to the FTP server, but fail to transfer data. These days, FTP clients often check to see if their IP address is in the reserved range and default to passive mode.

Please don't talk such nonsense. NAT and firewalls have no relationship with each other. They may however both be implemented on the same router as in the case of a DSL/cable router.

Usually apps don't know there's NAT present. They have to go out of their way to detect it.

Having a 'partially' open connection is all to do with firewalls and nothing to do with NAT. The problem exists on IPv4 exactly as much as on IPv6, and with more issues on IPv4 NAT than IPv6 because you often know there internal IP and NAT rewrites the ports used within and outside the firewall, which means when a protocol tells you to send to an IP:port it cannot know the external IP:port without having to resort to methods like STUN (this is what causes problems with VoIP eg SIP, P2P protocols, Xbox Live etc). The external IP:port problem goes away with IPv6 because it's the same internally, this is what the end-to-end connectivity is all about. It's not about some ports firewalled and others not - that applies to any firewall setup on any version of IP.
 

Re:Major Supplier does not want home based servers (1)

antientropic (447787) | about a year and a half ago | (#42673395)

Amazing how you manage to spin two giant downsides of NAT as advantages. #1 is especially bad: no end-to-end connectivity means whole classes of applications (like peer-to-peer systems) are only possible with awful hacks (if you are lucky). #2 is really a non-issue. Things like SLAAC and DNS were invented for a reason.

Re:Major Supplier does not want home based servers (0)

Anonymous Coward | about a year and a half ago | (#42673535)

2) It isolates the internal network numbering from the external. For 90% of home users, this would lead to blissful ignorance - their ISP can give them a new prefix and if they lose connectivity, they reboot the router and away they go.

You don't need full NAT for this. Use a ULA internally and move it through IPv6-to-IPv6 Network Prefix Translation (NPT):

http://tools.ietf.org/html/rfc6296
http://en.wikipedia.org/wiki/IPv6_prefix_translation
http://en.wikipedia.org/wiki/Unique_local_address

Rewritting ports and addresses is no longer necessary. A 1:1 mapping between the ISP-prefix-IP and the ULA-IP solves this.

Re:Major Supplier does not want home based servers (1)

ravenlord_hun (2715033) | about a year and a half ago | (#42673819)

Looking at your links, that thing sounds like the solution to one of the biggest problems (I have) with IPv6. But, it also looks... pretty experimental. Looking it up, it's added into linux kernel 3.7 on 2012 Dec. I'd rather not make assumptions just when it'll reach consumer level devices...

Kind of annoying that even when EVERYONE SHOULD USE IPV6 such solutions are still just starting to get accepted and are faaaaaaaaaaaaaaaaar put into use.

Re:Major Supplier does not want home based servers (1)

makomk (752139) | about a year and a half ago | (#42673759)

Apps know there's NAT, and cannot assume end-to-end connectivity. With IPv6, determining if there's end to end connectivity is much hardware because firewalls are transparent - you may be able to establish a partial link, but not a full one because the firewall lets some of the packets through.

They don't know what kind of NAT though, which matters for most applications that care about end-to-end connectivity because there's a good chance the system on the other end is NATted too. Is it full-cone, restricted-cone, symmetric? Does this depend on whether the application is speaking UDP or TCP? What about the other end? Will we have to let the other system initiate the connection because they're behind a symmetric NAT and can't holepunch, or vice-versa, or will we have to give up on peer-to-peer communications altogether and go through a central server?

Standard NAT holepunching techniques work just fine with firewalls. They do not work reliably with NAT, and especially not with carrier-grade NAT.

Re:Major Supplier does not want home based servers (1)

TheRealMindChild (743925) | about a year and a half ago | (#42671119)

Not necessarily. If you want a cluster on its own little network, it acts as one machine, so logically to everyone else it should come across as one logical host when routed out. Regardless of IPv6 or not

Re:Major Supplier does not want home based servers (1)

Dagger2 (1177377) | about a year and a half ago | (#42671357)

Which you can do just fine without NAT; use a separate subnet for the little network and you're done. No need to make your life harder than it already is by translating addresses over the boundary too.

Re:Major Supplier does not want home based servers (1)

mark-t (151149) | about a year and a half ago | (#42672159)

That's only fine if you don't want any internet connectivity with those devices at all. If a NAT'ed connection would genuinely be good enough for a some proper subset of your network, then why use up globally visible IP's that could be better used on devices that actually *would* use them?

Sure, this might not seem like a problem given the large address space available with ipv6, but can you give me a single practical reason that we should be deliberately wasteful with that space when NAT accomplishes the goal with significantly less effort than configuring a firewall to accomplish the same thing? At least with ipv6, you still have the option of the deciding which devices you'd want to have globally visible IP's and which ones you might want to be collected under a single one. Please consider that NAT under ipv6 does not automatically mean that every device must use it*... it only means that the devices *YOU* choose can be collected together and treated as one by the outside.

*Heck, it doesn't even mean that with v4, as long as you have globally visible v4 IP's available for you to use. I've got an account with my ISP that allows me to have more than one (but a fixed number of) globally visible IP's, and I've configured my own home ipv4 router to give certain machines on my LAN globally visible IP's which are assigned by my ISP via DHCP, bypassing NAT for Internet connectivity, while putting all the other ones behind a NAT (I have over a dozen different devices on my LAN, but nowhere near enough global IP's from my ISP for even half of them). Granted, much of my incentive for setting it up this way is because of the limited number of globally visible IP addresses available from my ISP (and I am currently utilizing all of them), but even if the number were much larger than I have right now, I do not think I would substantially alter the basic configuration.

Re:Major Supplier does not want home based servers (1)

Pf0tzenpfritz (1402005) | about a year and a half ago | (#42672819)

Not necessarily. If you want a cluster on its own little network, it acts as one machine, so logically to everyone else it should come across as one logical host when routed out. Regardless of IPv6 or not

If you want a cluster act as one machine then you'll have to load balance it anyway. Either by appliance or software, so what's the deal?

so how do you ping them? (0)

Anonymous Coward | about a year and a half ago | (#42673687)

Do you have to look at the network topology and ping a 128-char hex dump?

DNS updates are STILL broken for IPv6 and piss easy for IPv4.

If you're willing to leave everything to "automagically" connect (and then be completely fuggered when it doesn't), then you have a house with magic IP6 pixies running things and hope for the best.

Seriously.

I have a NAS box and a Media server and some computers that will want to share drives and so on.

IPv4 this is EASY (relatively!) to do.

I give my machine the name. It asks for a lease, the DHCP server tells my DNS server what IP address was handed out for what machine and what it should be called.

I can then "ping arthur". As opposed to "ping 192.168.0.93" or use fixed IP addresses and copy the info to my DNS server config and reboot.

But what do you do if you have IP6?

DNS updates won't work. And now you have "ping 2e:92:ee:24:5a:3f:f4:f4:f4:90:0d".

Brill.

appropriate slashdot quote (0)

Anonymous Coward | about a year and a half ago | (#42670503)

"If you wait long enough, it will go away... after having done its damage. If it was bad, it will be back."

What insentive is there for ISP's to go IPv6?

Surely having a two-tier internet just allows for more marketing oppertunities...

Re:appropriate slashdot quote (3, Insightful)

benjfowler (239527) | about a year and a half ago | (#42670519)

They're probably looking to segment the market and screw as much money out of their customers as possible.

Carrier-NAT SUCKS!!!!! (0)

Anonymous Coward | about a year and a half ago | (#42670547)

I HATE it!!!! No SIP telephony. No remote access. No server hosting stuff. The only way I've been able to access a carrier-NATted network from the outside is by having the CPE router establish a VPN tunnel on connection to the internet. Even then the traffic has to flow the the VPN hub, so yeah carrier -NAT SUCKS!!!

Re:Carrier-NAT SUCKS!!!!! (1)

jones_supa (887896) | about a year and a half ago | (#42673369)

It's a hassle to babysit servers at home anyway.

IP4 is all you need, if .. (2, Interesting)

Krneki (1192201) | about a year and a half ago | (#42670585)

.. your country bought a shit load of IP address in the early day of teh Internet.

for the record:
Slovenia population: 2M
IP4 reserved IP: 2.5M
http://www.nirsoft.net/countryip/si.html [nirsoft.net]

Re:IP4 is all you need, if .. (1)

SJHillman (1966756) | about a year and a half ago | (#42670629)

The college I went to has a full v4 class B address space to play with, about 65000. There are about 3000 students enrolled at any given time and fewer than a thousand employees.

I was hosting several servers in my dorm room with Internet addressable IPs (sadly not static)

Re:IP4 is all you need, if .. (3, Interesting)

Krneki (1192201) | about a year and a half ago | (#42670717)

In the early day of the internet we didn't even bother with DHCP, all the PCs in the lab had static internet IPs.

Linux and windows 95 with static internet IP4 address with no firewalls.

Pull something like that now and you are fucked up in 2 minutes. :)

Re:IP4 is all you need, if .. (1)

SJHillman (1966756) | about a year and a half ago | (#42670911)

I should mention that this was still the case when I graduated from there in 2010

Re:IP4 is all you need, if .. (1)

ericloewe (2129490) | about a year and a half ago | (#42671253)

That just halves the typical usability time frame for your average Windows 95 installation.

Re:IP4 is all you need, if .. (0)

Anonymous Coward | about a year and a half ago | (#42670947)

The company I work for has a full class A (one of the last to be given out), and we use the shit out of that block. Even my laptop, which is connected via a VPN is given an address from this block.

Re:IP4 is all you need, if .. (2)

feld (980784) | about a year and a half ago | (#42672353)

your company is idiotic. you shouldn't get a PUBLIC ip when you connect to a VPN with ipv4

Re:IP4 is all you need, if .. (0)

Anonymous Coward | about a year and a half ago | (#42670669)

sounds like Telekom Slovenije, d.d. saved the day

Re:IP4 is all you need, if .. (0)

Anonymous Coward | about a year and a half ago | (#42670707)

That's nothing. I work for an organization which owns a /8. I don't really blame them for hoarding it.

CGN is not instead of IPv6, it is complementary. (3, Insightful)

Moskit (32486) | about a year and a half ago | (#42670603)

Even if an ISP implements IPv6 or dual stack for his residential customers, they will still face problems:
- IPv6-only customer will not be able to reach IPv4-only content (and I bet there will be lots of it for years)) without CGN (NAT64)
- not enough public IPv4 addresses for all customers mean that there has to be a form of NAT deployed centrally (CGN with NAT44) to provide them with IPv4 access (again, not all content is reachable by IPv6).

Of course public IPv4 addresses (going around CGN) will be still there, you will just need to pay more for them. Marketing departments are not going to miss such an occasion, after all they need a financial explanation to rollout of IPv6.
If you want to host a game server or FTP, you still can. Just pay a tad more for the privilege, right?

IPv6 by itself is not going to resolve everything and avoid CGN usage. Those ISPs who say "we deployed IPv6 and it fixes everything" forget about the problem underneath (trailing/legacy IPv4 content).

Re:CGN is not instead of IPv6, it is complementary (1)

Sique (173459) | about a year and a half ago | (#42670709)

NAT64 is not too bad, and it puts the problems to the right side. If the IPv4 side complains that they run into problems because of those many connections from the same IP, they know they have to move to IPv6.

Re:CGN is not instead of IPv6, it is complementary (2)

DarkOx (621550) | about a year and a half ago | (#42671379)

NAT64 is not the solution so many here make it out to be. The original sensible migration path was to use dual stack and get most services over to ipv6 before the v4 space ran out.

Everyone here knows the problems with less than 1:1 NAT in a pure v4 world. Slashdot'ers complain bitterly about it all the time. NAT64 brings all those problems and more.

Think about this. Suppose your v6 only mail relay needs to send mail to a v4 only relay. It looks up the MX for the domain, than looks up the name it gets in response. Oh there is only A record no AAAA. Okay no problem right?

We will just set up our DNS server to generate synthetic AAAA records when only an A rec exists and prefix the A record with the ipv6 network address spaced allocated for NAT'ing to the ipv4 space. Sounds good but now you have to give up DNSSEC or deal with even more complexity.

Oh that remote mail server wants to a reverse lookup? How does a v4 only host deal with ipv6 PTR record? it probably doesn't. In any case the source ip points back at an address being used by the NAT gateway; but that's dynamic so the DNS server is going to have aware of the NAT device and probably be capable of generating synthetic PTR records on the fly.

NAT64 is probably fine for the base case of contacting some webserver via http(s). It really falls down pretty fast when you think about other protocols, and typical SOPs on legacy systems that make all kids of assumptions about ipv4 addressing. Its not just smtp either think about all the stuff both older UNIX and Windows systems do by source subnet. Which by definition are the ones you have the NAT64 gateway in the first place. As for WWW access a traditional layer 7 proxy server for use when only an A record exists is likely a better choice.

This feet dragging that's gone will mean that largish deployments of things like NAT64 are likely to be required; and that's unfortunate; because it takes what would have been a somewhat complex transition and turned it into something that is going to be a costly train wreck with difficult and confusing brokenness all over the place.

Re:CGN is not instead of IPv6, it is complementary (1)

mark-t (151149) | about a year and a half ago | (#42670919)

Absolutely no IPv6 proponent is suggesting that anyone adopt ipv6 at this time without having a dual ipv4/ipv6 stack. The point of having ipv6 is to be able to connect to future possible ipv6-only content... which will start proliferating once the norm became people having both stacks. Much like how windows-only apps started becoming the norm even while it was still essentially just a GUI over top of DOS.

Re:CGN is not instead of IPv6, it is complementary (1)

Moskit (32486) | about a year and a half ago | (#42672465)

As you wrote - each of ISPs mentioned in the article says in one way or the other that CGN is a neccessity.

Problem with IPv6 is that the business case is weak. ISPs have to spend money upgrading to IPv6 without offering anything new to get more income from subscribers. CGN and "pay more for a public IPv4" is, sadly, one of such cases that is likely to go forward.

Re:CGN is not instead of IPv6, it is complementary (1)

mark-t (151149) | about a year and a half ago | (#42672833)

What's new that they could actually afford to offer more public IP's for home subscribers that actually want them.

And increased customer choice spells more opportunity for commercial gain, does it not?

Re:CGN is not instead of IPv6, it is complementary (2)

WaffleMonster (969671) | about a year and a half ago | (#42673435)

As you wrote - each of ISPs mentioned in the article says in one way or the other that CGN is a neccessity.

Most also say they have no immediate plans to deploy CGN as sufficient IPv4 address space is available within their allocations.

Every last one of them have already or are in process of deploying IPv6.

Problem with IPv6 is that the business case is weak.

Q. Hello, I am Interested in Internet service, do you offer IPv6?

A. No, there is no business case for us to do so.

Q. Thanks for your time....click.

For me this is already reality today. Every RFP without exception we have participated in last 3 years either required or asked about IPv6.

ISPs have to spend money upgrading to IPv6 without offering anything new to get more income from subscribers.

CGN and "pay more for a public IPv4" is, sadly, one of such cases that is likely to go forward

This was never about providing anything "new" it is about getting to *continue* to provide the same level of service.

CGN costs more not only in terms of hardware it costs in customer support and administrative resources required to manage the system vs dumb packet punters.

As an ISP the less CGN you need the less you spend. The more IPv6 you deploy the less CGN you need.

Re:CGN is not instead of IPv6, it is complementary (1)

Chris Mattern (191822) | about a year and a half ago | (#42673895)

The problem with ipv6/ipv4 dual stacking when there is little to no ipv6 only out there is that it is pain now, payoff later...maybe. Unsurprisingly, it's had trouble getting people to line up for it.

Re:CGN is not instead of IPv6, it is complementary (0)

Anonymous Coward | about a year and a half ago | (#42671121)

Even if an ISP implements IPv6 or dual stack for his residential customers, they will still face problems:
- IPv6-only customer will not be able to reach IPv4-only content (and I bet there will be lots of it for years)) without CGN (NAT64)
- not enough public IPv4 addresses for all customers mean that there has to be a form of NAT deployed centrally (CGN with NAT44) to provide them with IPv4 access (again, not all content is reachable by IPv6).

First off, one shouid generally be dual-stack at this point.

If you're out of public IPv4 addresses, then give the end-point an IPv6 address and use NAT64; do NOT given them a private/RFC1918 IPv4 address, and set up NAT44.

Re:CGN is not instead of IPv6, it is complementary (1)

Yi Ding (635572) | about a year and a half ago | (#42672773)

There's a RFC about one group's experience with using IPv6 and NAT64 exclusively (not dual stack): https://tools.ietf.org/html/rfc6586 [ietf.org] It looks like the biggest stumbling blocks are chat clients and games. The result is not too surprising, because most P2P networking arrangements involve some kind of passing of IP addresses around, and it's doubtful that most programmers would have put in IPv6 support already.

Waiting on IPv6 for how long??? (-1)

Anonymous Coward | about a year and a half ago | (#42670621)

IPv6 was defined back in 1996. It STILL has not been adopted universally, although there are some very interesting deployments in Asia.
The biggest problem with IPv6 is that it doesn't interoperate with IPv4. There are clumsy "gateways" and "tunnelling" methods, but deploying IPv6 in anything more than a lab or home network requires a huge investment in technology and effort to make it work. For this reason, genuine adoption of IPv6 on the "real Internet" that we use every day has been held up for almost 20 years.

When are we going to have a new IPv7 which addresses this problem and gives us a solid new IP that can allow incremental adoption in the existing Internet, thereby ensuring it WILL be adopted and solve the IPv4 problems? IETF, GET TO WORK!!!!

Re:Waiting on IPv6 for how long??? (1)

Githaron (2462596) | about a year and a half ago | (#42670771)

Do you really think you are going to get everyone to adopt an IPv7 before IPv6 is ubiquitous? Some people are already invested in IPv6. It will send the wrong message if the standards organizations start changing the recommended protocols before the current ones are widely adopted. Even less organizations will want to be early adopters. Without early adopters, there will not be any late adopters who wait until charges are widespread before switching.

Re:Waiting on IPv6 for how long??? (1)

mark-t (151149) | about a year and a half ago | (#42670963)

ipv7 will not be necessary until we start colonizing other planets... *OUTSIDE* of our solar system.

Re:Waiting on IPv6 for how long??? (1)

ericloewe (2129490) | about a year and a half ago | (#42671281)

It'd probably be enough for a large portion of our galaxy, too.

Re:Waiting on IPv6 for how long??? (1)

Bengie (1121981) | about a year and a half ago | (#42672123)

We don't have enough for Earth yet alone our solar system: http://xkcd.com/865/ [xkcd.com]

Re:Waiting on IPv6 for how long??? (0)

Anonymous Coward | about a year and a half ago | (#42672229)

it was thinking like this why we got stuck with IPV4

Re:Waiting on IPv6 for how long??? (1)

mark-t (151149) | about a year and a half ago | (#42672623)

Not sure if you're trying to be funny, sarcastic, or if you genuinely think that.

The reason we got stuck with 32 bits is because when that was decided upon, nobody ever expected that the internet protocol was going to become ubiquitous. That shortsighted view does not exist today.

Yes, we will run out of ipv6 space eventually... it's a given. But it's not going to happen before we go to the stars [wordpress.com] .

Re:Waiting on IPv6 for how long??? (1)

Dagger2 (1177377) | about a year and a half ago | (#42671237)

The biggest problem with IPv6 is that it doesn't interoperate with IPv4

Perhaps, but it's impossible [wikipedia.org] , which rather puts a damper on doing it.

that can allow incremental adoption in the existing Internet

This is what we already did with IPv6.

Premium rates should be charged for IPv4 (0)

Anonymous Coward | about a year and a half ago | (#42670657)

I can't really believe that no one has thought of this or even suggested it.

Premium rates should be charged for IPv4 addresses, or even taxed/levied by the government, there for making IPv6 cheaper.

Most people won't care if they get an IPv6 address or IPv4 address. If IPv6 is cheaper then people will go for it.

Perhaps the reason why carrier grade nat is being bandied about is because the government and its various security services want to monitor us even more, and carrier grade nat will make that even easier.

I think there SHOULD be 2 tiers (-1)

Anonymous Coward | about a year and a half ago | (#42670697)

I think that we should abandon ipv6 plans and move to a system where and IP address is assumed to be in country unless a flag is set. That give each country 32bits of address space. Cross country communications can be handled by the routing table. And the dns system be used to determine which route to use.

Re:I think there SHOULD be 2 tiers (1)

kaws (2589929) | about a year and a half ago | (#42671195)

I'm pretty sure that, that's what the carrier grade NAT will accomplish.

I can predict the future (2)

slashmydots (2189826) | about a year and a half ago | (#42670705)

So you've got an ISP that uses ipv6 and you get your own address so every service on the internet is guaranteed to work (sort of). Then you've got an ISP where rumor gets around that you all share one IP and that might cause a gigantic list of problems, break a ton of services, prevent you from accessing millions of websites that IP-banned "you," etc. Guess which ones customers are going to go for. You need zero technical knowledge to tell someone that with one ISP a ton of stuff on the internet doesn't work and with the other it works just fine.

Re:I can predict the future (1)

Ironchew (1069966) | about a year and a half ago | (#42671309)

Guess which ones customers are going to go for.

The only one available in their area. If customers have a choice of two (or three!) ISPs, they will all use carrier-grade NAT.

IPv6 alleviates scarcity, and thus profits made on that scarcity. This is why it will not be implemented without government intervention.

Re:I can predict the future (1)

Barefoot Monkey (1657313) | about a year and a half ago | (#42671673)

I have a couple of questions:

Are Internet-users in the UK actually limited to one ISP per area?

How do ISPs profit from scarcity of addresses? I assume that you're referring to the practice of reserving static IP addresses for a premium, but they already did that pre-scarcity. Now that addresses are exhausted wouldn't it simply mean that they have fewer IPs available to sell to new customers, while existing customers who already lease static IPs will cling to the ones they already have?

Re:I can predict the future (1)

Ironchew (1069966) | about a year and a half ago | (#42671791)

Are Internet-users in the UK actually limited to one ISP per area?

I'm not sure, but if the UK is anything like the US, I wouldn't be surprised if customers had no choice in the end.

How do ISPs profit from scarcity of addresses? I assume that you're referring to the practice of reserving static IP addresses for a premium, but they already did that pre-scarcity.

You answered your own question. Carrier-grade NAT would allow ISPs to charge a premium for a residential IP (and an even bigger premium for a static IP).

Now that addresses are exhausted wouldn't it simply mean that they have fewer IPs available to sell to new customers, while existing customers who already lease static IPs will cling to the ones they already have?

The whole point of IPv6 is to do away with the scarcity of end-to-end static IPs. From a business perspective, IPv6 would destroy the investment these existing customers have made.

Re:I can predict the future (1)

andrewbaldwin (442273) | about a year and a half ago | (#42672367)

Are Internet-users in the UK actually limited to one ISP per area?

I'm not sure, but if the UK is anything like the US, I wouldn't be surprised if customers had no choice in the end.

Actually the UK is very lucky in this regard. I use the word lucky as I seriously doubt it was ever planned this way - that would be too much to expect.

We are generally fortunate in having multiple ISPs all across the country. Apart from the 'big boys' (BT, Virgin, Sky, Talk Talk) there are a number of smaller ones - both independents and virtual ISPs reselling services provided by others [actually Virgin is Talk Talk underneath].

The big companies grab the lions share - mainly catering to the fit and forget "I don't want to understand the technology" user base.

I personally use a smaller supplier which gives me fast and reliable connections, a static IP (v4, v6 planned for this year), genuinely unlimited downloads at a price comparable with the big companies [once their headline grabbing first x months special deals wear off].

Re:I can predict the future (0)

Anonymous Coward | about a year and a half ago | (#42672731)

Thankfully the UK is absolutely nothing like the US. But thanks for your uninformed opinion...

Re:I can predict the future (1)

Shimbo (100005) | about a year and a half ago | (#42672415)

Are Internet-users in the UK actually limited to one ISP per area?

Most people end up using BT Wholesale's ADSL for the last mile, which is treated as a utility and regulated as such. Other ISPs use that but have their own arrangements for peering. Presumably they need to co-operate with BT to get IPV6 working, so they are doomed.

In urban areas, ISPs sometimes locate equipment in BTs exchanges and run their own backhaul network; presumably they are a little less dependent on BT. And there are ISPs like Virgin which bought up the cable networks after the dot-com buble burst who have nothing to do with BT at all.

Re:I can predict the future (1)

grahammm (9083) | about a year and a half ago | (#42672839)

Most people end up using BT Wholesale's ADSL for the last mile, which is treated as a utility and regulated as such. Other ISPs use that but have their own arrangements for peering. Presumably they need to co-operate with BT to get IPV6 working, so they are doomed.

No. The ISP connects to BT Wholesale using PPTP and customers establish a PPP link to the ISP, so ISPs can (as mine does) send both IPv4 and IPv6 over the PPP link. It does, of course, require the customer's router to support IPv6.

Re:I can predict the future (1)

grahammm (9083) | about a year and a half ago | (#42672941)

No. The ISP connects to BT Wholesale using PPTP

Correction, I should have written L2TP not PPTP.

Re:I can predict the future (1)

jonbryce (703250) | about a year and a half ago | (#42672633)

BT supply the local loop to everywhere in the country except Hull, which is supplied by Kingston. Cable providers, and by far the largest of them is Virgin, supply an alternative local loop to around 2/3 of the population.

On the BT network, other providers have put equipment into most of the exchanges which you can connect to over ADSL instead of BT (called local loop unbundling). BT also resell their service to other ISPs and you can get them everywhere you can get BT. If you want to use Cable, BT Fibre or Kingston, then you are stuck with that ISP, or in the case of BT, a reseller.

Re:I can predict the future (0)

Anonymous Coward | about a year and a half ago | (#42672755)

The Hull area sucks for competition, without BT or Virgin cable, we are literally STUCK with these KCOM / Karoo / KC rip off merchants.

Don't bother with OFCOM, they're full on useless even tho they have obligations to enforce competition rules, they don't bother and refuse to look into things in this area (Hull) no matter what you do. It really is like living in a different country ISP wise.

Re:I can predict the future (0)

Anonymous Coward | about a year and a half ago | (#42672027)

I have a more specific prediction. "Deluxe Internet services". Want those services that will break with IP sharing? Pay more to the ISP for the "deluxe" internet package (ipv6). Problem solved (from the ISP's point of view).

Yeah, I know which option the customer is going to *want* to go for. I also know the ISP will make sure that the customer has to pay a little more for that option.

define:Carrier Grade (3, Funny)

game kid (805301) | about a year and a half ago | (#42670721)

Carrier Grade
adj., patently obsolete; low quality; ridiculous; fucked up.

WTF!? He just one-hit killed me. That's some Carrier Grade bullshit right there.

At DeweyCheatam&Howe, we are committed to combining Carrier Grade customer service with Wall Street Grade executive profits.

Come on, dude, stop driving that Carrier Grade '60s clunker and get a real car!

She's my ex-girlfriend now, because that Carrier Grade whore was in our bedroom with some poolboy from down the block.

Re:define:Carrier Grade (1)

mark-t (151149) | about a year and a half ago | (#42671313)

"Carrier grade" has nothing to do with quality.

It has to do with policy.

If you were searching for synonyms, in the context of "carrier grade NAT" you wouldn't be too far off with "large scale", "group", or "widely distributed".

NAT has problems at any level. On a small scale, such as home use, these may not insurmountable. At carrier grade level, however, it's very problematic.

Compare being hit by a bicycle to being hit by a bus. Neither is good, but the latter is more likely to cause lasting problems.

Re:define:Carrier Grade (0)

Anonymous Coward | about a year and a half ago | (#42671947)

NAT has problems at any level. On a small scale, such as home use, these may not insurmountable. At carrier grade level, however, it's very problematic.

I actually like NAT when used at home scale. With NAT there's only one way in and out the network, and it's very simple to collectively control what goes out and what goes in. Managing a set of IPs would be less convenient, especially when I have services I want to be visible only to LAN. With NAT, everything is LAN-only by default. It is quite similar to the whitelisting approach in information security, the NAT approach shares many of the benefits and drawbacks.

In addition, with a single IP address I can view my own LAN as a single service when accessed from outside, instead of a collection of services. Why should my SSH server and HTTP servers have diffent addresses even if they run on different machines?

Re:define:Carrier Grade (1)

LiENUS (207736) | about a year and a half ago | (#42672297)

I actually like NAT when used at home scale. With NAT there's only one way in and out the network, and it's very simple to collectively control what goes out and what goes in. Managing a set of IPs would be less convenient, especially when I have services I want to be visible only to LAN. With NAT, everything is LAN-only by default. It is quite similar to the whitelisting approach in information security, the NAT approach shares many of the benefits and drawbacks.

You can accomplish exactly that without nat, it's just a firewall set to deny only (in fact unless you do that even with nat your lan is almost as open as without nat.) The big #1 benefit to nat is your internal addresses aren't dependent on your isp's configuration, it allows you to have your own subnetting that YOU control without having an AS and address assignment.

Re:define:Carrier Grade (1)

Drishmung (458368) | about a year and a half ago | (#42673077)

"Carrier grade" has nothing to do with quality.

Well for NAT, it has a lot to do with quality, just not in any positive sense. :)

If you were searching for synonyms, in the context of "carrier grade NAT" you wouldn't be too far off with "large scale", "group", or "widely distributed".

In fact, many people in the IETF prefer the name LSN (Large Scale NAT) to CGN. Or CHN (Carrier Hosted NAT). "Carrier Grade" carrys an implied endorsement. "Carrier Grade Routers", "Carrier Grade NAT". Oooh, shiny, it must be good.

Already happened (5, Informative)

homb (82455) | about a year and a half ago | (#42671929)

CGN has already happened in countries that were late on the Internet bandwagon and got too few IPs.
I am currently an unfortunate subscriber going through CGN, and let me tell you, the time I spent debugging connectivity issues is mindblowing.
For those who don't understand the extent of the problem, CGN is also called NAT444:
Your internal network has an IPv4 subnet, say 10.17.0.x. Then your router is allocated an IPv4 from your ISP. You think that's your IP, but it isn't. Your ISP itself is running NAT internally, and ultimately your data is being sent through the wire to the wider Internet with yet another IP.
So you have 3 networks: IPv4 IPv4 IPv4
Practically speaking, nothing that acts as a server will work. i.e. none of the modern multiplayer networking stacks work reliably, for example. When testing your PS3 networking, it will say (correctly) that you are screwed because you have a "Type 3 NAT", which is Sony speak for NAT444.

Expand TCP port numbers (1, Offtopic)

rjforster (2130) | about a year and a half ago | (#42672869)

In jest I once remarked that we should keep IPv4 but rejig TCP to support 128 bits of port numbering (or maybe even more). Each client could have a (formerly) full 16bit range of ports and we could support a bajillion devices and do modulo 2^16 math to 'map' to the ports you're familiar with.

People called me evil.

May I repeat that this was in jest.

Re:Expand TCP port numbers (0)

Anonymous Coward | about a year and a half ago | (#42673219)

Too late! Half a dozen ISP's have already seen it and are implementing this brilliant idea right now. Somebody stop them!

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...