[189966] in North American Network Operators' Group
Re: Netflix banning HE tunnels
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Fri Jun 10 16:34:20 2016
X-Original-To: nanog@nanog.org
To: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
From: Valdis.Kletnieks@vt.edu
In-Reply-To: <cc0bcf1a-e342-36cf-530a-713c9f2a1184@necom830.hpcl.titech.ac.jp>
Date: Fri, 10 Jun 2016 16:22:21 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
--==_Exmh_1465590141_2073P
Content-Type: text/plain; charset=us-ascii
On Sat, 11 Jun 2016 00:21:52 +0900, Masataka Ohta said:
> As such, the fish passages can be constructed, if translation
> behavior of the NAT boxes are known to end systems so that
> the end systems have sufficient knowledge to reverse the
> translation.
This requires each end system to restrict its use of ephemeral ports
to a specified *different* subrange per system, because the number of
end systems times their ephemeral port range can't exceed the number of
front-end systems times their ephemeral port range. You just lost the
only thing that makes CGNAT work - time multiplexing a given external
IP/port pair across several sequential users.
Also, there's no existing mechanism for "if translation behavior of
the NAT boxes are known to end systems". So you're looking at
end systems having to change software *anyhow*.
--==_Exmh_1465590141_2073P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBV1shfQdmEQWDXROgAQK0NRAAiov01bhczojhyxWnHVRFI/oD06G4+ky/
Jn0FjkwYDJCbwI30Zafz5xId9MenJpEGwZe5LQPVhML9XOd0dkebC+f4NYajKnWP
Qedr02ZI3klsxGCIdf/gTKtkrNO6OxStlf1G3tabsTVaZ8JhlYZCNt1XprnxOP3h
0moLlgZ7NuamJX0taAPeqxIrGewv3E6iBxwnZf4B85rGw7BASfm7eHNgUmJAj2KO
2ErasE9uyN48sStbhs3/uVaP/2NTbkxBYa17Slk8LRjqlmCrA4rHOAPwm6QxOnJJ
pD0cXjl7y3oQRdWToGhHsAels4SRD1d6nrqqANWzCe6+YqEQibZo5rGmJwGVQapY
dq95DaQYN2LmKFen4kq7Usi6pBvY+RmMQwEhgIIApEl4JLzLN7KIyaHBlw/PxjAs
NZ71I7G0ux1aatphdTvbFIvzU2O1WjnxVivNj5AJ4Bxldh04ihzPo3K98QwFlmxU
9aZRH7+T0B7F1sFiFqtiC7wGDU4JtgFPd3d3PG3x4CT12+1DzqEIOyl1bykWS4k+
YbuWTl0N3QFJ4/TcphrdU5YirhZJ3U+7AQXk4NW+6dR9UPalDenW32tCKkLM0H6m
63JE7YFSaQTa7BIz91DAkFmW0Wh1qIYBucZeoOr/lNlZgbHaPDp1Xb0OdYozwn3Z
Gqvty+HIXL4=
=yWb0
-----END PGP SIGNATURE-----
--==_Exmh_1465590141_2073P--
