Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK ISPs Respond To the Dangers of Using Carrier Grade NAT Instead of IPv6

Posted by Unknown on from the ten-years-warning-insufficient dept.

Mark.JUK writes "Several major Internet Service Providers in the United Kingdom, including BSkyB, Virgin Media, TalkTalk, AAISP and Fluidata, have warned that the adoption of Carrier Grade NAT (IPv4 address sharing) is likely to become increasingly common in the future. But the technology, which many view as a delaying tactic until IPv6 becomes more common place, is not without its problems and could cause a number of popular services to fail (e.g. XBox Live, PlayStation Network, FTP hosting etc.). The prospect of a new style of two tier internet could be just around the corner." A few of the ISPs gave the usual marketing department answers, but three of them noted that they've been offering IPv6 for ages and CGNAT is only inevitable for folks that didn't prepare for what they knew was coming. Which, unfortunately, appears to be most of the major UK ISPs.

32 of 165 comments (clear)

  1. If they offer IPv6...go ahead by ERJ · · Score: 4, Insightful

    If, and only if, they do offer IPv6 services to their customers than I am pretty cool with this. Realistically IPv4 is done. There is no real other option for the ISPs than to move to this type of setup for backwards compatibility and push IPv6 for full compatibility.

    1. Re:If they offer IPv6...go ahead by lattyware · · Score: 3, Informative

      I disagree - in some areas, no ISP that offers IPv6 covers the area, and tunnels are hard to set up (for average joe) and relatively slow.

      --
      -- Lattyware (www.lattyware.co.uk)
    2. Re:If they offer IPv6...go ahead by gbjbaanb · · Score: 2

      the only kind of tunnelling you want is the NAT64 set up on your router - you don't really want IPv4 in the external internet coming into your home network once you have IPv6, but you'll still have a fair few devices internally (eg your TV) that only speak IPv4.

      If they exist on the router, the average guy shouldn't have any worries except to enable the "IPv4 legacy mode" switch.

    3. Re:If they offer IPv6...go ahead by marka63 · · Score: 2

      Firstly NAT64 isn't tunnelling, it is translation. Secondly NAT64 does NOT work for IPv4 initiated connections. As long as you have legacy IPv4 only devices that need to talk to the world you need a IPv4 path out bound. This could be dual stack, DS-Lite, 4rd.

    4. Re:If they offer IPv6...go ahead by marka63 · · Score: 2

      Virgin Media are missing the point. Some places in the world have already run out of IPv4 address and Virgin Media have customers that need to talk to those places. There is no good IPv4 to IPv6 solution.

      Additionally delaying deploying IPv6 just forces their customers to delay testing of IPv6 with their systems. ISP are already years behind where they should be and this is just Virgin Media using spin merchants to deflect from the fact that they dropped the ball.

  2. Remember this is the UK... by benjfowler · · Score: 2, Insightful

    Unlike the US, where if people get bad service, they get vocal and kick up a stink, the British have a tendency to just wear it. Expensive, shit service is par for the course here, and business and the 1% know it.

    1. Re:Remember this is the UK... by somersault · · Score: 4, Informative

      Judging from what I've read about US telcos and ISPs, and the plans I've seen for mobile and broadband access here, it sounds like you have that the wrong way round. We have way more competition and better pricing in the UK.

      --
      which is totally what she said
    2. Re:Remember this is the UK... by Sockatume · · Score: 2

      1) This is a future planning issue, not a service quality issue, and therefore there is nothing for end users to notice yet
      2) Complaining is the Great British passtime and I'm affronted that you would dare question our continued dominance in the field

      --
      No kidding!!! What do you say at this point?
    3. Re:Remember this is the UK... by Alomex · · Score: 3, Insightful

      You have the European Union and its competition rules to thank for that.

    4. Re:Remember this is the UK... by garyok · · Score: 2

      Yep, gotta agree with parent - £22/month for 78Mb/s (measured) from BT and fully ready for IPv6. I got sick of Be Un Limited after the third time they sent me a questionnaire on fibre.

      Me: I'd love fibre. FTTC or FTTP, whatever! When are you planning to roll it out?

      Be: Mwahaha! I can't believe you fell for that. But we'll keep stringing you along so you keep paying us our subs...

      Looking forward to hearing of Be's demise. There's very little I despise more in IT than a company that's all mouth and no trousers.

      --
      One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors - Plato
    5. Re:Remember this is the UK... by Xarius · · Score: 2

      We've had those rules for longer than the EU has existed, our state-owned monopoly on the tubes was privatised in 1985...

      --
      C17H21NO4
    6. Re:Remember this is the UK... by Anonymous Coward · · Score: 2, Informative

      The copper PSTN network that means everyone has a telephone exchange near them was originally built by the Post Office (ie by the government). The telephone service half of the Post Office was then privatised as BT (the postal part became Royal Mail).

      Regulations to avoid BT becoming a monopoly mean that BT has to offer other companies the ability to provide their own DSL services hosted on BT's DSLAMs (BT Wholesale). LLU (Local Loop Unbundling) then meant that BT had to allow the companies access to the exchanges to install their own DSLAMs.

      The result is that in all built up areas you have dozens of companies offering LLU products. Using their own DSLAMS means they can provide better services than BT Wholesale, so for example ADSL2 was rolled out on a small number of LLU products before BT rolled it out. Even in rural areas where it's not cost effective for companies to install LLU options you still get a large number of companies able to provide a reasonable service via BT Wholesale, even if the older DSLAM tech and longer distances limit you to 8MB there.

    7. Re:Remember this is the UK... by Alomex · · Score: 3, Informative

      As you Brits say, bollocks.

      Here's just one example:

      In 2008, the European Commission announced that costs for sending roaming texts were also too high and, if the mobile industry didn't voluntarily drop prices, further mobile roaming regulations could follow.

      Mobile service providers ignored this warning, so the Commission has now regulated mobile roaming text prices, too. From 1 July 2009, all mobile service providers were forced to drop their text prices to 11p per text sent. Receiving texts while abroad is free.

    8. Re:Remember this is the UK... by xaxa · · Score: 2

      Indeed, and I think now that pretty much everyone who wants broadband has it, the competition has focused on retaining customers.

      After moving house and selecting an ISP I checked with my flatmate that it was OK. He said it wasn't -- his online gaming would use 10x as much bandwidth as they would allow. (I don't play games, so I was amazed how much bandwidth Steam used when he told me -- 10GB+ for a game, and regular multi-GB updates.)

      I phoned to cancel the order. They upgraded me to the top package (100GB/month included, some charge per GB for more) at no extra change. My flatmate said that was still no good, so I phoned back. They gave us "truly unlimited" (in writing) for the same price, which wasn't advertised on the website. That was 6 months ago, there haven't been any problems.

      I told my mum. She phoned her (different) ISP, she got offered a better deal but said she'd have to check with me. When she phoned them back she got offered 12-month contract for 8Mb/s (it's a bit rural...) broadband for £1 per month, on condition that she pays all £12 in advance and tops up her pay-as-you-go mobile phone with at least £10 at least every three months. (This is ADSL, and she pays a different company for landline telephone service, otherwise it would be about £5-12/month extra for a minimal phone service.)

  3. Major Supplier does not want home based servers by Anonymous Coward · · Score: 2, Interesting

    I've been following the IP6 thing here in the UK with interest. BT the major supplier seem to be uninterested in full IPV6 for all customers. I've seen statements that they are pursuing CGNAT for IPV6. If this is true it beggars belief. The only reason I can that makes any form of sense is the attempt to stop a proliferation of home based servers, suck as toasters, fridges, TV & PVRs etc.

    1. Re:Major Supplier does not want home based servers by vlm · · Score: 2

      ISPs are not the ones who designed ipv6 or the concepts behind it.

      Usually when you see a "demand" for NAT on ipv6 its people who don't understand the relationship between a statefull firewall and NAT, and they really are "demanding" their existing firewall minus the NAT part.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    2. Re:Major Supplier does not want home based servers by tlhIngan · · Score: 3, Informative

      Usually when you see a "demand" for NAT on ipv6 its people who don't understand the relationship between a statefull firewall and NAT, and they really are "demanding" their existing firewall minus the NAT part.

      2 advantages of NAT beyond firewalling:

      1) Apps know there's NAT, and cannot assume end-to-end connectivity. With IPv6, determining if there's end to end connectivity is much hardware because firewalls are transparent - you may be able to establish a partial link, but not a full one because the firewall lets some of the packets through. In the early days of NAT, this caused no end to confusion with old protocols (e.g., FTP) where one could connect to the FTP server, but fail to transfer data. These days, FTP clients often check to see if their IP address is in the reserved range and default to passive mode.

      And trust me, trying to figure out why some client only worked partially is a royal annoyance until everyone started designing protocols to be smarter with their connections so you don't have to open 100 ports to play a game anymore.

      2) It isolates the internal network numbering from the external. For 90% of home users, this would lead to blissful ignorance - their ISP can give them a new prefix and if they lose connectivity, they reboot the router and away they go. Do it in a traditional router environment where every PC needs ot use the prefix, and it's bound to happen that the next time their ISP changes prefixes, users get messed up. And diagnosing why would mean having to talk to family on the phone as remoting in is impossible (no connectivity, remember?), or a long drive out. Or family meetings where there's a pile of PCs in the corner as "they can't get on the internet".

      Sure, it's supposed to be transparent and smooth, but that just means it likely won't. And since every internet-connected IPv6 machine will have at least two IPv6 addresses, chances are it's going to be some VERY long conversations with family leading to guilt trips and having to do onsite support. Just get me a box that does NATv6, DHCPv6 that I can drop in and tell my parents to reboot if they have issues and things revert back to how it works right now in the IPv4 era.

      Plus, for me, i don't want to have to know the new IP address of my printer just because my ISP renumbered and gave me a different prefix, which means I'd probably have to use the reserved address space for that stuff so my IPv6 addresses don't keep wandering around, or having to update my )(@&#% firewall rules if there are some devices I don't want on the internet (data caps, remember?) but which always helpfully sniff router advertisements and other such autoconfiguration things in attempts to get on the 'net.

    3. Re:Major Supplier does not want home based servers by vlm · · Score: 2

      There is a pretty hard core attitude shift in ipv6 that thou shalt not static assign addresses. Dynamic / multicast DNS to the rescue, etc.
      Also a VERY hard core attitude shift away from 1:1 mapping of address to interface. I have an ethernet at home with something like 4 ipv6 addrs on it, long story.
      If you do that, a renumbering is simple. Wait a moment for the router to start advertising its new prefix and you're all done. No need to reboot or any of that.
      We can trust mfgrs and poor programmers to totally F this up. Really ipv6 stacks should never have been made widely available with statically assignable addresses, that would fix a whole lot of issues with people who none the less demand the ability to shoot themselves in their foot.

      Problem #1 is pretty much a firewall config issue. You want stateful firewalling or not? You decide.

      --
      "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
  4. Re:appropriate slashdot quote by benjfowler · · Score: 3, Insightful

    They're probably looking to segment the market and screw as much money out of their customers as possible.

  5. Pink Floyd. by SJHillman · · Score: 5, Funny

    I didn't know Pink Floyd was talking about ISPs.
    "Hanging on in quiet desperation is the English way. The pool is gone, v4 is over. Thought I'd more addresses to assign."

  6. IP4 is all you need, if .. by Krneki · · Score: 2, Interesting

    .. your country bought a shit load of IP address in the early day of teh Internet.

    for the record:
    Slovenia population: 2M
    IP4 reserved IP: 2.5M
    http://www.nirsoft.net/countryip/si.html

    --
    Love many, trust a few, do harm to none.
    1. Re:IP4 is all you need, if .. by Krneki · · Score: 3, Interesting

      In the early day of the internet we didn't even bother with DHCP, all the PCs in the lab had static internet IPs.

      Linux and windows 95 with static internet IP4 address with no firewalls.

      Pull something like that now and you are fucked up in 2 minutes. :)

      --
      Love many, trust a few, do harm to none.
    2. Re:IP4 is all you need, if .. by feld · · Score: 2

      your company is idiotic. you shouldn't get a PUBLIC ip when you connect to a VPN with ipv4

  7. CGN is not instead of IPv6, it is complementary. by Moskit · · Score: 3, Insightful

    Even if an ISP implements IPv6 or dual stack for his residential customers, they will still face problems:
    - IPv6-only customer will not be able to reach IPv4-only content (and I bet there will be lots of it for years)) without CGN (NAT64)
    - not enough public IPv4 addresses for all customers mean that there has to be a form of NAT deployed centrally (CGN with NAT44) to provide them with IPv4 access (again, not all content is reachable by IPv6).

    Of course public IPv4 addresses (going around CGN) will be still there, you will just need to pay more for them. Marketing departments are not going to miss such an occasion, after all they need a financial explanation to rollout of IPv6.
    If you want to host a game server or FTP, you still can. Just pay a tad more for the privilege, right?

    IPv6 by itself is not going to resolve everything and avoid CGN usage. Those ISPs who say "we deployed IPv6 and it fixes everything" forget about the problem underneath (trailing/legacy IPv4 content).

  8. I can predict the future by slashmydots · · Score: 2

    So you've got an ISP that uses ipv6 and you get your own address so every service on the internet is guaranteed to work (sort of). Then you've got an ISP where rumor gets around that you all share one IP and that might cause a gigantic list of problems, break a ton of services, prevent you from accessing millions of websites that IP-banned "you," etc. Guess which ones customers are going to go for. You need zero technical knowledge to tell someone that with one ISP a ton of stuff on the internet doesn't work and with the other it works just fine.

  9. define:Carrier Grade by game+kid · · Score: 3, Funny
    Carrier Grade adj., patently obsolete; low quality; ridiculous; fucked up.

    WTF!? He just one-hit killed me. That's some Carrier Grade bullshit right there.

    At DeweyCheatam&Howe, we are committed to combining Carrier Grade customer service with Wall Street Grade executive profits.

    Come on, dude, stop driving that Carrier Grade '60s clunker and get a real car!

    She's my ex-girlfriend now, because that Carrier Grade whore was in our bedroom with some poolboy from down the block.

    --
    You can hold down the "B" button for continuous firing.
  10. Re:CGN is not instead of IPv6, it is complementary by DarkOx · · Score: 2

    NAT64 is not the solution so many here make it out to be. The original sensible migration path was to use dual stack and get most services over to ipv6 before the v4 space ran out.

    Everyone here knows the problems with less than 1:1 NAT in a pure v4 world. Slashdot'ers complain bitterly about it all the time. NAT64 brings all those problems and more.

    Think about this. Suppose your v6 only mail relay needs to send mail to a v4 only relay. It looks up the MX for the domain, than looks up the name it gets in response. Oh there is only A record no AAAA. Okay no problem right?

    We will just set up our DNS server to generate synthetic AAAA records when only an A rec exists and prefix the A record with the ipv6 network address spaced allocated for NAT'ing to the ipv4 space. Sounds good but now you have to give up DNSSEC or deal with even more complexity.

    Oh that remote mail server wants to a reverse lookup? How does a v4 only host deal with ipv6 PTR record? it probably doesn't. In any case the source ip points back at an address being used by the NAT gateway; but that's dynamic so the DNS server is going to have aware of the NAT device and probably be capable of generating synthetic PTR records on the fly.

    NAT64 is probably fine for the base case of contacting some webserver via http(s). It really falls down pretty fast when you think about other protocols, and typical SOPs on legacy systems that make all kids of assumptions about ipv4 addressing. Its not just smtp either think about all the stuff both older UNIX and Windows systems do by source subnet. Which by definition are the ones you have the NAT64 gateway in the first place. As for WWW access a traditional layer 7 proxy server for use when only an A record exists is likely a better choice.

    This feet dragging that's gone will mean that largish deployments of things like NAT64 are likely to be required; and that's unfortunate; because it takes what would have been a somewhat complex transition and turned it into something that is going to be a costly train wreck with difficult and confusing brokenness all over the place.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  11. IPv6 core, IPv4 edge, thanks vendors by swschrad · · Score: 3, Interesting

    the big providers in the US, and many of the rest, are IPv6 enabled in the core. but edge equipment at the subscriber is not up to the task, so NAT IPv4 is how it's done here. virtually all of the DSL modems are MD'd (manufacturer discontinued) IPv4, so it makes sense.

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  12. Already happened by homb · · Score: 5, Informative

    CGN has already happened in countries that were late on the Internet bandwagon and got too few IPs.
    I am currently an unfortunate subscriber going through CGN, and let me tell you, the time I spent debugging connectivity issues is mindblowing.
    For those who don't understand the extent of the problem, CGN is also called NAT444:
    Your internal network has an IPv4 subnet, say 10.17.0.x. Then your router is allocated an IPv4 from your ISP. You think that's your IP, but it isn't. Your ISP itself is running NAT internally, and ultimately your data is being sent through the wire to the wider Internet with yet another IP.
    So you have 3 networks: IPv4 IPv4 IPv4
    Practically speaking, nothing that acts as a server will work. i.e. none of the modern multiplayer networking stacks work reliably, for example. When testing your PS3 networking, it will say (correctly) that you are screwed because you have a "Type 3 NAT", which is Sony speak for NAT444.

  13. Re:CGN is not instead of IPv6, it is complementary by WaffleMonster · · Score: 2

    As you wrote - each of ISPs mentioned in the article says in one way or the other that CGN is a neccessity.

    Most also say they have no immediate plans to deploy CGN as sufficient IPv4 address space is available within their allocations.

    Every last one of them have already or are in process of deploying IPv6.

    Problem with IPv6 is that the business case is weak.

    Q. Hello, I am Interested in Internet service, do you offer IPv6?

    A. No, there is no business case for us to do so.

    Q. Thanks for your time....click.

    For me this is already reality today. Every RFP without exception we have participated in last 3 years either required or asked about IPv6.

    ISPs have to spend money upgrading to IPv6 without offering anything new to get more income from subscribers.

    CGN and "pay more for a public IPv4" is, sadly, one of such cases that is likely to go forward

    This was never about providing anything "new" it is about getting to *continue* to provide the same level of service.

    CGN costs more not only in terms of hardware it costs in customer support and administrative resources required to manage the system vs dumb packet punters.

    As an ISP the less CGN you need the less you spend. The more IPv6 you deploy the less CGN you need.

  14. Article is all FUD by cullenfluffyjennings · · Score: 2

    This article was totally lacking in any useful facts about why CGN (Carrier Grade NAT) won't work just fine. As you can see today, lots of games and things like Skype manage just fine to talk to other devices that are also behind a NAT. One of the many ways they do it is ICE (http://tools.ietf.org/html/rfc5245). Most applications today are designed to work behind NATs, that is because most people are behind NATs. Sure, I wish I could wave a magic want and have everyone using v6 but articles like this that have no factual information on what the problem is or why don't help.

  15. Mod parent insightful by OneAhead · · Score: 2

    This is exactly what a lot of people fail to see. The free market is like Portland cement: stop stirring it for too long and it loses its fluidity and sets into cartels. And say what you will about the EU, they're doing a relatively good job at continuously prodding the big market players for the good of the consumer. Especially compared to the US, where a lot of providers of common services (like cell and internet) overprice and underdeliver.