[189971] in North American Network Operators' Group
Re: Netflix banning HE tunnels
daemon@ATHENA.MIT.EDU (Masataka Ohta)
Fri Jun 10 20:33:54 2016
X-Original-To: nanog@nanog.org
To: Valdis.Kletnieks@vt.edu
From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
Date: Sat, 11 Jun 2016 09:33:40 +0900
In-Reply-To: <210614.1465590141@turing-police.cc.vt.edu>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Valdis.Kletnieks@vt.edu wrote:
> This requires each end system to restrict its use of ephemeral ports
> to a specified *different* subrange per system, because the number of
> end systems times their ephemeral port range can't exceed the number of
> front-end systems times their ephemeral port range.
Yes, and the resulting 48 bit address space should be large enough.
Moreover, reverse NAT with dynamic port allocation is possible.
Though, like dynamic address allocation, it is not very useful for
servers, clients are fine.
> You just lost the
> only thing that makes CGNAT work - time multiplexing a given external
> IP/port pair across several sequential users.
That is an argument against static NAT with 32 bit address space
without port translation/sharing.
> Also, there's no existing mechanism for "if translation behavior of
> the NAT boxes are known to end systems".
UPnP offers such mechanisms though that of v1 is not very efficient.
> So you're looking at
> end systems having to change software *anyhow*.
Or live with conventional NAT, which is the current reality.
The point is that migration can be done smoothly only by upgrading
one end and that, after the upgrade, unupdated systems can continue
to live with conventional NAT.
Masataka Ohta
