nanog mailing list archives
Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6
From: Lee Howard <Lee () asgard org>
Date: Thu, 17 Jan 2013 11:01:10 -0500
On 1/17/13 9:54 AM, "William Herrin" <bill () herrin us> wrote:
On Thu, Jan 17, 2013 at 5:06 AM, . <oscar.vives () gmail com> wrote:The people on this list have a influence in how the Internet run, hope somebody smart can figure how we can avoid going there, because there is frustrating and unfun."Free network-based firewall to be installed next month. OPT OUT HERE if you don't want it."
I haven't heard anyone talking about carrier-grade firewalls. To make CGN work a little, you have to enable full-cone NAT, which means as long as you're connected to anything on IPv4, anyone can reach you (and for a timeout period after that). And most CGN wireline deployments will have some kind of bulk port assignment, so the same ports always go to the same users. NAT != security, and if you try to make it, you will lose more customers than I predicted.
It's not a hard problem. There are yet plenty of IPv4 addresses to go around for all the people who actually care whether or not they're behind a NAT.
I doubt that very much, and look forward to your analysis supporting that statement. Lee
Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside com bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6, (continued)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 fredrik danerklint (Jan 16)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Sander Steffann (Jan 16)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 William Herrin (Jan 16)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Mark Andrews (Jan 16)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 . (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Mike Jones (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Brandon Ross (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 . (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Neil J. McRae (Jan 28)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 William Herrin (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Lee Howard (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 William Herrin (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Owen DeLong (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Jeff Kell (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Eric Tykwinski (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Owen DeLong (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Constantine A. Murenin (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Brandon Ross (Jan 17)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 William Herrin (Jan 18)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Seth Mos (Jan 18)
- Re: Slashdot: UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6 Lee Howard (Jan 18)