Re: Netflix banning HE tunnels

[Valdis.Kletnieks () vt edu]

On Sat, 11 Jun 2016 00:21:52 +0900, Masataka Ohta said:

> As such, the fish passages can be constructed, if translation
> behavior of the NAT boxes are known to end systems so that
> the end systems have sufficient knowledge to reverse the
> translation.

This requires each end system to restrict its use of ephemeral ports
to a specified *different* subrange per system, because the number of
end systems times their ephemeral port range can't exceed the number of
front-end systems times their ephemeral port range.  You just lost the
only thing that makes CGNAT work - time multiplexing a given external
IP/port pair across several sequential users.

Also, there's no existing mechanism for "if translation behavior of
the NAT boxes are known to end systems".  So you're looking at
end systems having to change software *anyhow*.

Attachment: _bin
Description: