UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6

← Back to Stories (view on slashdot.org)

UK ISP PlusNet Testing Carrier-Grade NAT Instead of IPv6

Posted by Unknown on Wednesday January 16, 2013 @03:15AM from the proxy-banned-from-posting dept.

judgecorp writes "Faced with the shortage of IPv4 addresses and the failure of IPv6 to take off, British ISP PlusNet is testing carrier-grade network address translation CG-NAT, where potentially all the ISP's customers could be sharing one IP address, through a gateway. The move is controversial as it could make some Internet services fail, but PlusNet says it is inevitable, and only a test at this stage." Regarding the failure of IPv6, these graphs imply otherwise.

26 of 445 comments (clear)

Min score:

Reason:

Sort:

I recall MxStream by MathFox · 2013-01-16 03:21 · Score: 3, Interesting

KPN tried "carrier grade" IP4-NAT in the Netherlands a decade ago... Unfortunately the router software was too buggy and made the routers trash and crash. And how can the customers of the ISP run servers on their computers? NAT has implications for the peer-to-peer nature of the Internet.

--
extern warranty;
main()
{
(void)warranty;
}
1. Re:I recall MxStream by MickyTheIdiot · 2013-01-16 03:25 · Score: 5, Insightful
  
  This may be a feature and not a bug to these ISPs.
  The business has changed. They are probably fine with screwing up incoming services. They can charge to fix what they screwed up by using NAT.
2. Re:I recall MxStream by Anonymous Coward · 2013-01-16 03:27 · Score: 5, Insightful
  
  Consumer grade network connections do not run servers.
  A far bigger problem is that a lot of internet services these days use IP-based blocks as the final "brute force" version of "you are abusing the service, go away". It would really suck to be under an ISP that shows every customer coming from a single IP. You'd find yourself banned from all kinds of random places as soon as someone using the same ISP decides to be an idiot.
3. Re:I recall MxStream by idontgno · 2013-01-16 03:31 · Score: 4, Interesting
  
  NAT has implications for the peer-to-peer nature of the Internet.
  For a lot of organizations, that's a bonus. If you don't trust the outside network, you certainly don't want to peer arbitrarily with them, and certainly not at any outside machine's initiative. With NAT, an outside system can't initiate connectivity with any machine inside the NAT boundary without some kind of prior arrangement, so no open-ended network scanning.
  If you treat the Internet as a big happy cloud of egalitarian peers collaborating at will, NAT sucks. If you treat the Internet as a bad neighborhood, which you have no way of avoiding between your house and the mall, NAT is the gated neighborhood you live in to keep the unsavory inhabitants of that bad neighborhood away from your pristine lawn and Lexus in the driveway. And people choose gated neighborhoods, and NAT, for that precise reason: separation and protection from the riff-raff, the panhandlers, the burglars and the car thieves, the Jehovah's Witnesses. Mostly the JWs, I think.
  
  --
  Welcome to the Panopticon. Used to be a prison, now it's your home.
4. Re:I recall MxStream by Tridus · 2013-01-16 03:44 · Score: 5, Insightful
  
  Yes they do, pretty regularly. Ever played a multiplayer game?
  
  --
  -- "So they told me that using the download page to download something was not something they anticipated." - Bill Gates
5. Re:I recall MxStream by Anonymous Coward · 2013-01-16 03:48 · Score: 4, Informative
  
  NAT has implications for the peer-to-peer nature of the Internet.
  For a lot of organizations, that's a bonus. If you don't trust the outside network, you certainly don't want to peer arbitrarily with them, and certainly not at any outside machine's initiative. With NAT, an outside system can't initiate connectivity with any machine inside the NAT boundary without some kind of prior arrangement, so no open-ended network scanning.
  That's what firewalls are for, not NAT. Please stop confusing the two.
6. Re:I recall MxStream by JDG1980 · 2013-01-16 03:54 · Score: 5, Insightful
  
  That will be a problem of the ISP then, if their customers can't use legitimate services because the ISP can't differentiate between the culprit and the innocent customers, the ISP has a problem. The ISP then has to have either a very good customer management which allows to disconnect culprits very fast without too many false positives, or the ISP has to introduce some kind of class ips, where the customers without complains share the "good ip", and customers with some bad stains get degraded to other, partly blacklisted IPs.
  Do you really think any ISPs are going to take on these kinds of responsibilities? You're expecting them to basically be moderators for every forum on the Internet. Aside from the fact that they *shouldn't* be doing this (they should be dumb pipes), they also don't *want* to do this because it's logistically impossible and would open them up to potential legal liability.
7. Re:I recall MxStream by Miamicanes · 2013-01-16 04:28 · Score: 3, Interesting
  
  > That will be a problem of the ISP then
  What a wonderfully-naive view of the internet. As we all know, consumers in Britain and America have bountiful high-speed low-latency broadband choices within a healthy, competitive marketplace. We have cable OR dsl... maybe cable AND dsl if we're incredibly lucky, and... er...um...
  Ok, right then. We're fucked.
  Cellular data has low caps and rapidly gets expensive if you're allowed to exceed them without getting throttled to sub-dialup speeds. Satellite data has insane latency, and *insidious* caps whose throttling kicks in at thresholds that aren't necessarily transparent or obvious from the marketing literature. Fiber to the home barely exists, and with the exception of Google in Kansas City, is still the exclusive fiefdom of basically one incumbent large corporation with its own agenda that's vehemently opposed to network neutrality. And those incumbent carriers have all done their best to bribe/buy/bully state officials into passing laws making it illegal for communities (or even existing neighborhoods) to take matters into their own hands, leapfrog over those incumbent carriers, and lay their own open-access fiber *anyway*.
8. Re:I recall MxStream by FireFury03 · 2013-01-16 04:50 · Score: 3, Informative
  
  With NAT, an outside system can't initiate connectivity with any machine inside the NAT boundary without some kind of prior arrangement
  That's untrue. Most consumer NAT routers (at least the ones I tested about 3 years ago - doubt its really changed) don't bother to include a stateful firewall and with appropriate ISP-side routing, will happilly let connections into the private network. What you need is a stateful firewall, not NAT - that will protect you, and also doesn't completely fuck up loads of protocols at the same time.
  The depressing thing (other than idiots claiming that NAT is good for security) is that Plusnet *were* trialling IPv6, but pulled the plug on the trial last year. When I asked them a month or so ago, they informed me that they had no plans to roll out IPv6 at all. Time to switch to a competent ISP if you're with Plusnet, I suspect (EntaNet and AAISP both offer v6 connections over DSL).
  
  --
  http://blog.nexusuk.org
9. Re:I recall MxStream by hairyfeet · 2013-01-16 06:03 · Score: 3, Insightful
  
  Uhhh...and the ISP is gonna give a shit....why exactly? if its like most places in the USA they know they have you by the short hairs, where you gonna go? Shitty satnet? Assraping cellular? Most places have one, maybe 2 choices if you are lucky and the ISPs KNOW THIS. In my area they can assrape me with caps, CG-NAT and any other shitty thing all they want because they know its a choice of them or a 2Mbps on a good day DSL that the carrier (AT&T may they rot in hell) have made clear its a DO NOT FIX.
  BTW all of those that have DSL? May want to be looking for an exit as the rumor is that AT&T is seriously looking at bailing on DSL. The reason being they are making assraping money on wireless and they don't want to spend any money upgrading the landlines when they can force everybody onto shitty data plans. Boy that "free market" really works huh? If they do pull out it will leave the cableco with a monopoly on landline Internet in many places and you think you are getting buttfucked now? Oh boy just you wait. Already mine has started playing "the cap game" which is REAL fun. Use their VoIP? No cap, Vonage? Cap. Use Windows all the updates have no cap, Linux or Mac? Cap city,use their PPV? No cap, Netflix? You get the picture.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
10. Re:I recall MxStream by realityimpaired · 2013-01-16 06:24 · Score: 3, Funny
  
  Sure they do... but you have to keep recasting it every few rounds because it expires.
Not "instead of", but "in addition to" by Anonymous Coward · 2013-01-16 03:21 · Score: 5, Insightful

Dual-stack deployment with NAT'd IPv4 alongside with IPv6 is the only viable short-term option for consumer ISPs. You can't just cut off people from the IPv4 internet, you'd leave them with a pretty much useless internet connection.
1. Re:Not "instead of", but "in addition to" by bobbied · 2013-01-16 04:12 · Score: 4, Interesting
  
  You are right.
  I never really understood why we didn't just map all the IPv4 addresses to a IPv6 subset and provide a very simple rule to translate, say by adding all zeros or some other number to the IPv4 address to get its IPv6 one. Then start forcing the adoption of IPv6 by not accepting v4 traffic from the top down though the domain registration authorities and hosting providers. Get legal agreements from them to not route IPv4 traffic in exchange for IPv6 address assignments and allowing new domain registrations, force top level domain authorities to only support IPv6 going forward.
  You want to keep your website available? You want your customers to see new domains? You need a IPv6 assignment because we won't route v4 traffic and DNS is going to give you an IPv6 address. ISP's would then be free to provide IPv4 connections, but only if they did the translation to IPv6 internally themselves, which would end up costing IPv4 customers more money and limiting what they can see.
  Eventually, there would be enough pressure for the ISP's to push IPv6 down the food chain to the end user who will either pay more for IPv4 service, or upgrade to IPv6. Eventually there will be a tipping point and IPv6 will see universal acceptance.
  The problem here is that nobody really has the necessary power to force IPv6 on the world.... So we will keep bumping along trying more and more incremental patches to IPv4. Eventually, you could be behind 20 NATs wondering why your SIPP/VOIP device won't make any calls...
  Hey, how about we just put all of the adult content on IPv6 only addresses.... You know THAT would set a fire under things....
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
2. Re:Not "instead of", but "in addition to" by Chirs · 2013-01-16 05:43 · Score: 5, Informative
  
  I never really understood why we didn't just map all the IPv4 addresses to a IPv6 subset and provide a very simple rule to translate, say by adding all zeros or some other number to the IPv4 address to get its IPv6 one.
  Um....they did?
  http://en.wikipedia.org/wiki/IPv6#IPv4-mapped_IPv6_addresses
This is just the beginning by alphaminus · 2013-01-16 03:27 · Score: 5, Informative

Rather than doing this correctly, it will go like this. All "home" users will get CG-NAT. "Business" users will be allowed public IPs at a steep premium, and only when that possibility is completely exhausted, will IPv6 truly begin to be implemented. Hell, people might just use duct tape code and NAT subterfuge to drag this out another decade or two.
My Rant.... by ZiakII · 2013-01-16 03:31 · Score: 5, Informative

How the hell does slashdot.org not support IPV6, I thought this was a tech website?
1. Re:My Rant.... by Mr_Silver · 2013-01-16 03:51 · Score: 5, Informative
  
  How the hell does slashdot.org not support IPV6, I thought this was a tech website?
  Forget IPV6 ... it doesn't have valid HTML, valid CSS and looks terrible on mobile devices.
  
  --
  Avantslash - View Slashdot cleanly on your mobile phone.
2. Re:My Rant.... by the+eric+conspiracy · 2013-01-16 04:43 · Score: 4, Insightful
  
  Edit should be supported until moderation or a reply occurs.
Re:Really instead of ? by characterZer0 · 2013-01-16 03:36 · Score: 4, Insightful

If we had started transitioning seriously a few years ago
Some of us did. All the computers and network equipment at my house has been ready for IPv6 for years. I am just waiting for my ISP to get with the program.
ISPs are the problem here. But with government-granted monopolies without regulation, they have no incentive to support IPv6.

--
Go green: turn off your refrigerator.
Re:Am I reading that graph wrong? by Guspaz · 2013-01-16 03:39 · Score: 4, Informative

Google reports about 1% of their traffic is IPv6. That's probably a better estimate of IPv6 deployment.
Re:Really instead of ? by Alomex · 2013-01-16 03:50 · Score: 3, Informative

ISPs are the problem here.
Actually Windows 7 is also part of the problem and a step backwards. You see it has a buggy Teredo implementation leading to a ton of Teredo Ethernet adapters hanging on to their entries in the ipconfig tables. Some people report up to thousands of adapters. This has lead to various organizations disabling the IPv6 stack in their Windows network configuration.
IP Theft from IP... by KitFox · 2013-01-16 03:50 · Score: 5, Interesting

So what happens when the "copyright enforcement agencies" decide that somebody on that NAT IP has downloaded a movie and three strikes or something similar gets kicked in for the IP? (I know it's perfectly possible given port, IP, and Time to back-track a connection through a properly-logged NAT.Just an amusing side effect if somebody is dumb, and dumb happens a lot these days.)

--
@Whee
Worst rant ever by saveferrousoxide · 2013-01-16 03:57 · Score: 3, Funny

There's no words in all caps, no fantastical assertions, not a single typo, and it's 15 words long!! I'll give you some charity style points for using 100% improper punctuation, but really: 2/10. Hell, this rant about your rant was nearly 3x longer!! You should be ashamed.
Three birds with one stone by tepples · 2013-01-16 04:10 · Score: 4, Interesting

That's what firewalls are for, not NAT. Please stop confusing the two.
But they're not entirely orthogonal, as NAT imposes a firewall by default. It takes down three birds with one stone, namely delaying the effects of IPv4 depletion until an IPv6 rollout can be afforded, firewalling out those assumed to be unsavory, and upselling business class connections to home-based businesses. How would NAT be implemented without a firewall?
1. Re:Three birds with one stone by mellon · 2013-01-16 04:29 · Score: 4, Insightful
  
  This is actually not true. Most NATs can be penetrated from the outside; they have to be able to be penetrated, or things like Skype don't work. Pretty much any UDP-based protocol requires that the NAT open holes. So the notion that NAT == Firewall is utterly incorrect, and in fact the feeling of security that you apparently have based on this misconception is likely to cause you harm in the future.
Big Dumb Pipe by ThatsNotPudding · 2013-01-16 06:32 · Score: 5, Interesting

There should be a Kickstarter campaign to create an ISP that is actually named Big Dumb Pipe with promises not to up sell, or offer 'cloud storage', or offer security suites to protect your snowflakes, or pretend to be a content creator, but merely provide access and up time, for they are only a Big Dumb Pipe (tm). Oh; and no caps or throttling.