[144307] in North American Network Operators' Group
RE: NAT444 or ?
daemon@ATHENA.MIT.EDU (Leigh Porter)
Thu Sep 8 04:52:34 2011
From: Leigh Porter <leigh.porter@ukbroadband.com>
To: Seth Mos <seth.mos@dds.nl>, NANOG <nanog@nanog.org>
Date: Thu, 8 Sep 2011 08:52:56 +0000
In-Reply-To: <BB679D1F-E58D-4EB1-A4EF-6C8C13E7547B@dds.nl>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: Seth Mos [mailto:seth.mos@dds.nl]
> Sent: 08 September 2011 06:43
> To: NANOG
> Subject: Re: NAT444 or ?
>=20
>=20
> Op 8 sep 2011, om 07:26 heeft Geoff Huston het volgende geschreven:
>=20
> >
> > On 08/09/2011, at 2:41 AM, Leigh Porter wrote:
> >
> > It may not be what Randy was referring to above, but as part of that
> program at APNIC32 I reported on the failure rate I am measuring for
> Teredo. I'm not sure its all in the slides I was using, but what I was
> trying to say was that STUN is simply terrible at reliably negotiating
> a NAT. I was then wondering what pixie dust CGNs were going to use that
> would have any impact on the ~50% connection failure rate I'm observing
> in Teredo. And if there is no such thing as pixie dust (damn!) I was
> then wondering if NATs are effectively unuseable if you want anything
> fancier than 1:1 TCP connections (like multi-user games, for example).
> After all, a 50% connection failure rate for STUN is hardly encouraging
> news for a=20CGN deployer if your basic objective is not to annoy your
> customers.
I have a concern about some weird and wonderful VPN solutions that people =
may be using. I am quite sure that some of them will just not work through=
NAT444, though I have no evidence of this. People have problems with some=
VPN solutions with single NAT (especially with no ALGs). NAT444 will just=
be a mess.
>=20
> The striking thing I picked up is that NTT considers the CGN equipment
> a big black hole where money goes into. Because it won't solve their
> problem now or in the future and it becomes effectively a piece of
> equipment they need to buy and then scrap "soon" after.
Well if you buy the 'right' solution then you can re-use it elsewhere. Man=
y solutions use multi-purpose processing cards to deliver NAT functionalit=
y which can be used for other stuff such as firewalling or some other mano=
r of traffic mangling.=20
>=20
> They acknowledge the need, but they'd rather not buy one.
> That and they (the isp) get called for anything which=20doesn't work.
Well at least these little problems that pop up keep people in jobs ;-) If=
everything just worked (tm) there would be nothing to do..
--
Leigh
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email=20
______________________________________________________________________
