[180910] in North American Network Operators' Group
Re: Greenfield 464XLAT (In January)
daemon@ATHENA.MIT.EDU (Baldur Norddahl)
Fri Jun 12 05:16:43 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <20150612071433.75cbf6a5@echo.ms.redpill-linpro.com>
Date: Fri, 12 Jun 2015 11:13:08 +0200
From: Baldur Norddahl <baldur.norddahl@gmail.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 12 June 2015 at 07:14, Tore Anderson <tore@fud.no> wrote:
>
> Hi Baldur,
>
> MAP is *not* NAT; that's what's so neat about it. The users do get a
> public IPv4 address (or prefix!) routed to their CPE's WAN interface,
> towards which they can accept inbound unsolicited connections.
>
True if you are only doing MAP because you do not like pesky IPv4 packets
in your backbone (ie. do not like dual stack backbone).
But for us that are in the "have to buy IPv4 addresses" boat, the
interesting thing about MAP is that it can be used instead of carrier NAT.
You will have multiple users sharing the same IP address. Each user has a
port range routed to him. While he does get the public IP directly on his
CPE, he is restricted from using it freely. He will not be able to run ssh
on port 22 or a webserver on port 80/443.
In this sense it is carrier NAT implemented on the CPEs. And with it comes
some of the evil of carrier NAT.
If I ever go down the carrier NAT route I would like a MAP solution. It is
clever. The only problem is that I do not know of any equipment that will
actually do MAP (besides possible Cisco which is outside my price range).
The RFC is not even done yet.
Regards,
Baldur
