Re: Ipv6 help

[JORDI PALET MARTINEZ via NANOG <nanog () nanog org>]

You need to understand the different way NAT64 works vs CGN (and 464XLAT uses NAT64 for the translation): The ports are 
allocated "on demand" in NAT64.

While in CGN you allocate a number of ports per customer, for example, 2.000, 4.000, etc.

If a customer is not using all the ports, they are just wasted. If a customer needs more ports, will have troubles.

This doesn't happen in NAT64.

Let's assume and operator that can get only a /22.

Let's make some numbers. If an average user uses 300 ports (from a public IP). When using 464XLAT, the number of users 
within the network, which in IPv4 is behind NAT46, does not trigger that number of ports. Anyway, let's be pessimistic 
and assume they are quadruple 1,200 ports.

Approximately 80% of the traffic (2 years ago it was 75%, in many cases it is reaching 90-95%) is IPv6. After the 1,200 
ports we only count 20% for IPv4, which is 240 ports.

Broadly speaking, if we assign NAT64 1,000 IPv4 addresses (assuming the operator needs 24 public IPv4 addresses for BGP 
and infrastructure, I have done it with much less - because 99% of the infrastructure can be IPv6-only or use private 
IPv4 for management), and that we use of each IPv4 address assigned to NAT64 only 64,511 ports (65,536-1,024), even 
knowing that they can all be used (may be you want to allocate some static IP/ports to some customers, etc.):

1,000 x 64,511 / 240 = 268,795 subscribers. This is assuming all the subscribers are using all the ports, which 
typically is not the case.

Now, if you have a NAT64 that tracks connections with a 5-tuple, then the number of external ports per user will be 
almost unlimited.

But also, this applies to the CLAT, which typically is doing (in CPEs) a stateful NAT44 (to a single private IPv4 
address)+stateless NAT46. The NAT44 in iptables uses a 5-tuple for connection tracking, so the same external ports can 
be reused many times as the source address and destination address/port will be different. So in practical cases, the 
number of external ports only limits the number of parallel connections that a single host behind the NAT can have to 
the same destination address and port. 



El 27/8/20 6:55, "Brian Johnson" <brian.johnson () netgeek us> escribió:

    Responses in-line

    > On Aug 26, 2020, at 4:07 PM, JORDI PALET MARTINEZ via NANOG <nanog () nanog org> wrote:
    > 
    > Because:
    > 
    > 1) It needs *much less* IPv4 addresses (in the NAT64) for the same number of customers.

    I cannot see how this is even possible. If I use private space internally to the CGN, then the available external 
space is the same and the internal customers are the same and I can do the same over sub ratio under both circumstance. 
Tell me how the math is different.

    > 2) It provides the customers as many ports they need (no a limited number of ports per customer).

    See response to answer 1

    > 3) It is not blocked by PSN (don't know why because don't know how the games have problems with CGN).

    Interesting, but I’m not sure how any over-loaded NAT translation would look different from the external system. 
Since you cannot explain it, it’s hard to discuss it.

    > 
    > You could share among an *almost unlimited* number of subscribers an small IPv4 block (even just a /22).

    The math would be the same as a CGN, so I do not see how this is any less or more useful. It does, however, require 
CPE capability that appears lacking and NAT444 does not. 

    > 
    > Regards,
    > Jordi
    > @jordipalet
    > 
    > 
    > 
    > El 26/8/20 22:31, "Brian Johnson" <brian.johnson () netgeek us> escribió:
    > 
    >    How does 464XLAT solve the problem if you are out of IPv4 space?
    > 
    >> On Aug 26, 2020, at 3:23 PM, JORDI PALET MARTINEZ via NANOG <nanog () nanog org> wrote:
    >> 
    >> They know we are there ... so they don't come!
    >> 
    >> By the way I missed this in the previous email: I heard (not sure how much true on that) that they are "forced" 
to avoid CGN because the way games are often programmed in PSP break them. So maybe will not be enough to sort out the 
problem with an OS and/or PSN change, all the affected games, will need to be adjusted.
    >> 
    >> Maybe the only way to force this is to tell our customers (many ISPs in every country) "don't buy Sony PS, they 
are unable to support new technologies, so you games will be blocked by Sony". Of course, unless we all decide to use 
464XLAT instead of CGN ... which resolves the problem.
    >> 
    >> A massive campaing could work ...
    >> 
    >> 
    >> El 26/8/20 22:08, "NANOG en nombre de surfer" <nanog-bounces+jordi.palet=consulintel.es () nanog org en nombre 
de surfer () mauigateway com> escribió:
    >> 
    >> 
    >> 
    >>   On 8/26/20 9:28 AM, Tony Wicks wrote:
    >>> They're the worst service company I have ever had the displeasure of dealing with, the arrogance and attitude 
of we are big, you are small we don't care about your customers was infuriating. Never have I seen a single call 
related to their opposition where as PSN accounted for about 10-20% of helpdesk calls. I don't understand why its 
seemingly impossible for them to implement ipv6 as almost everything I have deployed with CGN is dual stack V6.
    >> 
    >>   On 8/26/20 9:30 AM, Mark Tinka wrote:
    >>> We'll have to be creative with how we pressure them into getting serious
    >>> about IPv6.
    >> 
    >> 
    >>   Do those guys attend NANOG meetings?   >;-)   (evil smile)
    >> 
    >>   scott
    >> 
    >> 
    >> 
    >> **********************************************
    >> IPv4 is over
    >> Are you ready for the new Internet ?
    >> http://www.theipv6company.com
    >> The IPv6 Company
    >> 
    >> This electronic message contains information which may be privileged or confidential. The information is 
intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if partially, including attached files, is 
strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any 
disclosure, copying, distribution or use of the contents of this information, even if partially, including attached 
files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to 
inform about this communication and delete it.
    >> 
    >> 
    >> 
    > 
    > 
    > 
    > 
    > **********************************************
    > IPv4 is over
    > Are you ready for the new Internet ?
    > http://www.theipv6company.com
    > The IPv6 Company
    > 
    > This electronic message contains information which may be privileged or confidential. The information is intended 
to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, 
distribution or use of the contents of this information, even if partially, including attached files, is strictly 
prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any 
disclosure, copying, distribution or use of the contents of this information, even if partially, including attached 
files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to 
inform about this communication and delete it.
    > 
    > 
    > 




**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or confidential. The information is intended to be 
for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, 
distribution or use of the contents of this information, even if partially, including attached files, is strictly 
prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any 
disclosure, copying, distribution or use of the contents of this information, even if partially, including attached 
files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to 
inform about this communication and delete it.