[149665] in North American Network Operators' Group
Re: couple of questions regarding 'lifeline' and large scale nat...
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Fri Feb 10 20:01:38 2012
Date: Fri, 10 Feb 2012 17:00:36 -0800
From: Leo Bicknell <bicknell@ufp.org>
To: "nanog@nanog.org" <nanog@nanog.org>
Mail-Followup-To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <4F35B422.1020403@necom830.hpcl.titech.ac.jp>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Sat, Feb 11, 2012 at 09:19:46AM +0900, Masataka Oht=
a wrote:
> The applications can simply be debugged to use socket option
> of REUSEPORT.
"Simple" is subjective. Keep in mind many users will have a home
gateway which also does NAT. And indeed double NAT in the home (router
doing NAT, third party device doing NAT) is depressingly common. That
means some of the troubleshooting will be via a triple-NAT if the
carrier is performing the conversion.
> Are you saying we MUST record all the IP addresses and
> port numbers of all peers of your customers to prevent
> illegal things?
If the carrier NAT's, maybe.
Today port information need not be stored, because an IP is assigned
to a customer. Law enforcement can come request who was using an
IP, and be given the customer information. It's what everyone has
come to expect.
It's also not just what is legally required, but what is administratively
friendly. Will the law say you have to track ports with carrier
grade NAT, probably not. Will law enforcement spend a lot more
time with your staff trying to track down bad people costing you
time and money if you don't, probably.
Large operations tend to find that having a cost effective and staff
time effective way to deal with law enforcement is very important.
> IPv6 means considerably more amount of headache and
> support costs than using NAT cleverly and simply.
When IPv4 addresses are selling for $100 an address that equation
changes quickly. That day may be only a few months or years off.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
--HcAYCG3uE/tztfnV
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQIVAwUBTzW9s7N3O8aJIdTMAQLvig/+PXLVoXj6fTYRcj46ZFrQz753Um1TWM3y
Im1PUeRK4ULCoLwXJv9qEpqQ+zALpZh7hC7tViL5y7234sFFx2TXyhofYk3aVHi4
xpCMgq7InU1FCu2KuPNR4QECuEBh3jer8L3TCreiIdn3o5efXbIPMdNqY+XLbs0j
v9vLAeEQs81W8C29d+taRbqERup7er01IBkctXdQ6ftV6QthgU/ENul8NSlUlF60
dRVdW4PBaYf6I2iOmjuXJn7E8He5tdIbPGlRzWBlpJfoBCEpsJJiHjcPy6BGNfel
po8ia2sVbTsqLJzeko05Amz5QpRIu3p3yX6UUTt6v3+uFXrVz8PMr1MiTIRB+aff
RGLJAK2MfFvqiZKa7Bbg7Pg0bDzTYwuBhAlAa7IdU7vrEsUA7iHKQz0fSBV1jR9j
iHZyj6oBcnwPYgjmZ9hckqvSCzK8HEi1tadts5JiAjqu+T7gwNuyPcuWEsawIagx
yf17t8Z9d+axco4Q0JOpucPt0kd5NqwWinIIYfT7dhyb1Ed4vmIc1YMA0q9TOXYU
Jjl2tjj1v3UIH9Z6LCG7dyD6Fru9pXfAzJ0CDGmE5Y1PtPAtcojuusYcbruUdtEe
/LJ7YY540ooxx9DCDIwroZltLSun7MphIr0YbV1MYE+SJyrfHa8k3DH7eEBgdbHS
ZSvXaRjKzMc=
=wrNC
-----END PGP SIGNATURE-----
--HcAYCG3uE/tztfnV--
