Posted on January 27, 2013 3:00 pm

UK ISPs Respond To the Dangers of Using Carrier Grade NAT Instead of IPv6

from the ten-years-warning-insufficient dept.

Several major Internet Service Providers in the United Kingdom, including BSkyB, Virgin Media, TalkTalk, AAISP and Fluidata, have warned that the adoption of Carrier Grade NAT (IPv4 address sharing) is likely to become increasingly common in the future. But the technology, which many view as a delaying tactic until IPv6 becomes more common place, is not without its problems and could cause a number of popular services to fail (e.g. XBox Live, PlayStation Network, FTP hosting etc.). The prospect of a new style of two tier internet could be just around the corner.” A few of the ISPs gave the usual marketing department answers, but three of them noted that they’ve been offering IPv6 for ages and CGNAT is only inevitable for folks that didn’t prepare for what they knew was coming. Which, unfortunately, appears to be most of the major UK ISPs

 

2 advantages of NAT beyond firewalling:

1) Apps know there’s NAT, and cannot assume end-to-end connectivity. With IPv6, determining if there’s end to end connectivity is much hardware because firewalls are transparent – you may be able to establish a partial link, but not a full one because the firewall lets some of the packets through. In the early days of NAT, this caused no end to confusion with old protocols (e.g., FTP) where one could connect to the FTP server, but fail to transfer data. These days, FTP clients often check to see if their IP address is in the reserved range and default to passive mode.

And trust me, trying to figure out why some client only worked partially is a royal annoyance until everyone started designing protocols to be smarter with their connections so you don’t have to open 100 ports to play a game anymore.

2) It isolates the internal network numbering from the external. For 90% of home users, this would lead to blissful ignorance – their ISP can give them a new prefix and if they lose connectivity, they reboot the router and away they go. Do it in a traditional router environment where every PC needs ot use the prefix, and it’s bound to happen that the next time their ISP changes prefixes, users get messed up. And diagnosing why would mean having to talk to family on the phone as remoting in is impossible (no connectivity, remember?), or a long drive out. Or family meetings where there’s a pile of PCs in the corner as “they can’t get on the internet”.

Sure, it’s supposed to be transparent and smooth, but that just means it likely won’t. And since every internet-connected IPv6 machine will have at least two IPv6 addresses, chances are it’s going to be some VERY long conversations with family leading to guilt trips and having to do onsite support. Just get me a box that does NATv6, DHCPv6 that I can drop in and tell my parents to reboot if they have issues and things revert back to how it works right now in the IPv4 era.

Plus, for me, i don’t want to have to know the new IP address of my printer just because my ISP renumbered and gave me a different prefix, which means I’d probably have to use the reserved address space for that stuff so my IPv6 addresses don’t keep wandering around, or having to update my )(@&#% firewall rules if there are some devices I don’t want on the internet (data caps, remember?) but which always helpfully sniff router advertisements and other such autoconfiguration things in attempts to get on the ‘net.