[157203] in North American Network Operators' Group
Re: Typical additional latency for CGN?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Oct 10 19:16:29 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20121010223003.98BAA299463A@drugs.dv.isc.org>
Date: Wed, 10 Oct 2012 16:11:55 -0700
To: Mark Andrews <marka@isc.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 10, 2012, at 3:30 PM, Mark Andrews <marka@isc.org> wrote:
>=20
> In message <Pine.LNX.4.61.1210100920590.26706@soloth.lewis.org>, Jon =
Lewis writ
> es:
>> I just spent a few minutes looking into this again, and figured out =
the=20
>> problem. AT&T has apparently changed the way their CGN works. I use =
a=20
>> form of port knocking to restrict access to SSHd from "foreign" =
networks.=20
>> It used to work fine from my phone. Now, the port knocking request =
from=20
>> the phone and the ssh connection are being NAT'd to different public =
IPs,=20
>> so my system is allowing ssh access to one AT&T IP, and then the ssh=20=
>> connection comes from a nearby but different IP.
>=20
> Which is a badly designed CGN. I turns singly homed clients into
> multi-homed client where the client has no control over the source
> address selection. At least with real multi-homed clients they have
> the ability to force source addresses to match.
>=20
AT&T probably likes it for mobile, however, because it's about the =
easiest
way possible to prevent data services from being successfully used for =
VOIP.
Owen
>> On Wed, 10 Oct 2012, Owen DeLong wrote:
>>=20
>>> The day before I left the US, it was still working on my iPad.
>>>=20
>>> Owen
>>>=20
>>> On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdeesha@gmail.com> wrote:
>>>=20
>>>> On 10/7/2012 9:22 PM, Jon Lewis wrote:
>>>>> has anyone else noticed AT&T mobile is blocking ssh (outgoing =
22/tcp) con
>> nections?
>>>>=20
>>>> Not here, have an SSH session open on my phone on port 22 as we =
speak. I'm
>> on an android on ATT's 3G network in central indiana, if that =
matters.
>>>>=20
>>>> --
>>>> Jon Sands
>>>> Fohdeesha Media
>>>> http://fohdeesha.com/
>>>>=20
>>>=20
>>>=20
>>>=20
>>=20
>> =
----------------------------------------------------------------------
>> Jon Lewis, MCP :) | I route
>> Senior Network Engineer | therefore you are
>> Atlantic Net |
>> _________ http://www.lewis.org/~jlewis/pgp for PGP public =
key_________
>>=20
> --=20
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
