BT Begins Customer Tests of Carrier Grade NAT

judgecorp writes "BT Retail has started testing Carrier Grade NAT (CGNAT) with its customer. CGNAT is a controversial practice, in which IP addresses are shared between customers, limiting what customers can do on the open Internet. Although CGNAT goes against the Internet's original end-to-end principles, ISPs say they are forced to use it because IPv4 addresses are running out, and IPv6 is not widely implemented. BT's subsidiary PlusNet has already carried out CGNAT trials, and now BT is trying it on "Option 1" customers who pay for low Internet usage."

Priority Failure.

If people had spent as much money on IP6 as they have on NAT, we'd be done by now.

Re:Priority Failure.

[Waffle+Iron]

Businesses make money by charging people for scarce resources. IPV6 addresses are in no way scarce, so why would they invest any money in that?

With NAT, they can keep making money the way they always have with minimal additional investment, and they can make even more money by offering dedicated IPV4 addresses to people who pay extra for some kind of "platinum premium plus pro" plan.

Re:Priority Failure.

[poetmatt]

Businesses make money by charging people for scarce resources

uh, no. businesses make money by providing value which customers then pay for. that doesn't mean artificially scarce resources, which aren't truly scarce. This will however, break a ton of shit very quickly.

Re:Priority Failure.

[Noughmad]

that doesn't mean artificially scarce resources, which aren't truly scarce.

That's why those De Beers guys are so poor.

Re:Priority Failure.

99.999 percent of people will never notice or care. They could make a free opt-out to satisfy the geeks and few would ever even ask for it.

Re:Priority Failure.

[petermgreen]

Yeah, it's sad but it was also inevitable in a world of companies driven more by selfish buisness interests than a desire to improve the system as a whole.

The thing is NAT delivers it's benefits immediately. You deploy the NAT box and then you can connect more computers than you have IPv4 address for. Simple. Yes some applications will break, that is why if you are a provider selling service you deploy it on your lowest tier customers who are least likely to be using such applications and represent the smallest loss of revenue if they decide to quit over the issue. If you are a company serving internal users you work out who does and doen't need to accept incoming connections to perform their buisness role.

For most networks* IPv6 only delivers it's benefits when a substantial fraction of OTHER PEOPLE have also deployed it thereby allowing you to start deploying IPv6 only systems in roles that need external connectivity. Until then it's just an extra cost with no benefit. So the selfish but rational thing to do is to wait for other people to go through the pain of early IPv6 deployment and then learn from their mistakes.

* There is at least one provider that is so damn big that they ran out of private IPv4 addresses to address systems that did not need external connectivity but that is the exception.

Re:Priority Failure.

[Overzeetop]

No, this time never existed. Back when everyone who had an internet connection cared about their connectivity there was no NAT - or at least none at the provider level. It's only when consumers hit the internet that we got NAT on a wide scale, and all those people only consumed data for the most part. People who were early adopters and were used to being hands on, a small fraction of the growing tide, cared then and care now. As time marches on, that fraction gets smaller and smaller.

Re:Priority Failure.

[rudy_wayne]

Yeah, it's sad but it was also inevitable in a world of companies driven more by selfish buisness interests than a desire to improve the system as a whole.

Unfortunately, it's not that simply. ISPs are faced with a very serious and legitimate business problem. -- switching to IPv6 is very expensive but provides no benefit to them. For example, the millions (tens of millions?, hundreds of millions??) of modems that would have to be replaced because they can only handle IPv4. These are typically supplied by the ISP. Replacing all of them is an enormous expense, and when you're done, everything works exactly the same as it did before. From a business standpoint, there is no benefit to justify the expense.

Or, the ISPs can say to their customers:

"We've made a change to our system. It isn't any faster, it isn't any different, everything works exactly as it did before, BUT, you have to pay for a new modem or else you can no longer connect to the Internet. Oh, and by the way, you'll probably have to buy a new router too, since many home routers, even new ones sold recently, don't support IPv6. So good luck with that."

Re:Priority Failure.

[Bengie]

They shouldn't be able to call it "Internet" access if it's not a public IP address. This means they should not be classified as an ISP because they would not be offering Internet access as their primary service, just a crippled gateway to the Internet.

Re:Priority Failure.

[Sarten-X]

De Beers creates artificial exclusivity, not scarcity. It's a subtle but important distinction.

They produce a product that people value not because it's particularly rare, but because it's just uncommon enough to be a status symbol. Various substitutes can look and act similarly, so the high prices aren't justified by an actual need for the product. Rather, the need is for the brand itself, and the company creates and perpetuates the value of that brand by limiting supply. They ensure there's just enough supply to meet demand, but not enough surplus to impact the prices people are willing to pay.

Steve Jobs understood this concept well.

Re:Priority Failure.

[Opportunist]

Because I'll switch ISPs to whomever offers me IPv6 first.

Oh, wait, that would require that I have a choice...

Re:Priority Failure.

[Opportunist]

I know, but "AOL" was already trademarked...

Re:Priority Failure.

[grahamm]

There are already ISPs which supply IPv6. The SixXS FAQ lists 7 in the UK (which means competitors of BT) and 14 in the USA.

Re:Priority Failure.

[mark-t]

Indeed. They are doing that right now in fact, by not offering the service at all.

Re:Priority Failure.

[andreyv]

99.999 percent of people will never notice or care.

...until one of them gets IP banned on a popular website/game, and brings down all others.

Re:Priority Failure.

[gbjbaanb]

sure about that, from TFA:

BT admits that it can also affect activities such as online gaming

whoops, sure many old grannies won't notice but a lot of people are going to notice if their xbox doesn't connect anymore. Good job Microsoft never, ever wanted it online all the time :)

Also, as the people using the CGNat system are grouped together in a group of 10 (in the trial), I wonder if the RIAA will be concerned that any one of them could download whatever they liked and blame it on one of the others, who n doubt would deny all knowledge of illegal downloading.

So no online gaming with your friends, as much illegal movies and music as you like... I guess CGNat isn't such a bad idea after all!

Re:Priority Failure.

[neokushan]

There's more to it than NAT vs IPv6. The reality is we'll need both in the future. Say BT switched on IPv6 tomorrow and everyone in the UK got an IPv6 address - brilliant. But that's only half of the problem, they still need access to the IPv4 internet because all those servers the world over aren't IPv6 accessible yet.

Re:Priority Failure.

[hinchles]

My first ADSL connection back was with BT it was a 512kb service it was nearly £80 a month and came with a block of static IP address's 7 in total but lnly 5 usable as one was reserved for the router and one was your personal gateway on their network their little black router also had no NAT facilities.

And it was CONSUMER level not business level :)

Re:Priority Failure.

[Shompol]

They produce a product ...

diamonds is not a product, it's a mineral (aka raw material, commodity)

that people value not because it's particularly rare, but because it's just uncommon

and what is the difference between "rare" and "uncommon"?

... enough to be a status symbol.

It is not a status symbol because it is rare or uncommon -- it is a status symbol because De Beers adverised it... as a brand! "Diamonds are Forever"???? Have you ever seen anybody advertising a commodity before? "Gold is Forever", anybody?

Various substitutes can look and act similarly, so the high prices aren't justified by an actual need for the product.

Excepts this product is needed practically everywhere in technology, if not for De Beers having a chock-hold on the market and inflating prices. These guys produces a flawless artificial diamond for use in technology, and got death threats over it.

Rather, the need is for the brand itself, and the company creates and perpetuates the value of that brand by limiting supply. They ensure there's just enough supply to meet demand, but not enough surplus to impact the prices people are willing to pay. Steve Jobs understood this concept well.

Yes, they turned a commodity into a brand, by monopolizing 90% of supply. The problem is -- it is a commodity, a raw material needed everywhere in technology. If the price went down it could revolutionize semiconductors industry. It can also be artificially produced from graphite, but looks like that technology is going to be squashed by De Beers, much like the electric car was destroyed by the oil industry.

Re:Priority Failure.

[compro01]

I was told in grad school that we were going to run out of IP4 addresses in 2 years. That was in 1993.

Yeah, then we came up with CIDR. Then we widely implemented NAT as a stopgap.

The wolf has actually been there. We've just been shooting at it and scaring it off. Now it's back again and we're out of ammo.

Re:Priority Failure.

[Noughmad]

and what is the difference between "rare" and "uncommon"?

Ferrari is rare. Mercedes is uncommon. Now, hand in your geek card as you obviously never played Magic: The Gathering.

Re:Priority Failure.

[wagnerrp]

They did fix the issue. They designed IPv6. The trouble is that fifteen years later when the need is finally here, companies are too cheap/lazy/stubborn to adopt it.

Re:Priority Failure.

[AmiMoJo]

Virgin, or NTL as it was back then, thought that too once. They introduced a transparent web cache and it broke a huge number of sites. It was impossible to download files from popular websites because it looked like the same IP address was trying to download 50,000 at once. Video streaming sites instantly banned the proxies after seeing a massive DOS attack from them. Any site that needed you to log in was likely to block all NTL customers due to multiple failed login attempts from the proxy's IP addresses.

People did notice and did complain, and after a while they dropped them.

Re:Priority Failure.

[Dishevel]

But there never was an outcry of people demanding a static IP address for free.
Never.
Not once.
I am old. Not ignorant of these things and, ... well to be completely truthful, I can be an asshat. I am just not being one now.

Re:Priority Failure.

[Sarten-X]

diamonds is not a product, it's a mineral (aka raw material, commodity)

Diamond is indeed a mineral, with many industrial uses. Most of the diamonds mined, though, aren't used or marketed as an exclusive product. More on this in a minute.

and what is the difference between "rare" and "uncommon"?

Something "rare" is hard to find, even if you have the resources to acquire it. Something "uncommon" is just something that's not commonplace. It might also be rare, but in this case (as with Apple products) the price is kept just high enough that not everybody that wants one will have the resources to get one. They're readily available, but for some reason, it's still remarkable to see one.

To use the venerable car analogy, a DeLorean is rare, because there's so few of them in existence. A brand-new Mercedes Benz is uncommon, because it's unlikely for the average person to buy one.

...it is a status symbol because De Beers adverised it... as a brand!...

Less of a brand (because diamonds don't carry a big label saying "De Beers"), but more of a specific product. The symbolism of a diamond standing for love and commitment is purely a De Beers invention. Want to impress your wife? Give her a new Mercedes. Love her forever? Give her a diamond!

A car is just a chunk of metal, and a diamond is just a rock. A chunk of metal with the promise of reliable transportation and the luxury of comfort is a product. A rock with the symbolism of love and promise of durability is also a product.

Have you ever seen anybody advertising a commodity before? "Gold is Forever", anybody?

Every. Goddamned. Day.

I work in finance, so I watch a lot of finance-oriented television. Yes, there are many companies touting their gold-related investment strategies, which basically boil down to "buy gold and make the price go up so my pre-existing gold holdings are worth more". In a way, it's similar: They're shifting the public perception of a mundane item into a valuable product.

Excepts this product is needed practically everywhere in technology, if not for De Beers having a chock-hold on the market and inflating prices.

There are many other manufacturers of synthetic diamonds, perfect for industrial use. Until recently, though, the diamonds they could easily produce were all colored, which aren't as suitable for jewelry. Now Gemesis, Scio, and others can produce gem-quality colorless diamonds.

These guys produces a flawless artificial diamond for use in technology, and got death threats over it.

[citation needed]

If the price went down it could revolutionize semiconductors industry.

The price is currently a few dollars per carat, in powder form. One carat is a huge amount compared to the size of existing transistors, so it's rather ridiculous to blame the price for the lack of diamond semiconductors. Instead, it's likely the immaturity of diamond semiconductor technology that holds up back:

The combinations of the extreme properties of diamond ... suggest that diamond should out-perform nearly every other semiconducting material system for electronic applications. IN PRINCIPLE! The reality is that there are many other factors involved in developing and implementing a technology: cost, manufacturing infrastructure, investment, and knowledge base. I think it is fair to say that diamond materials need a lot more research, knowledge, and technology development before they can be considered a mature semiconducting material.

...that technology is going to be squashed by De Beers, much like the electric ca

Re:Priority Failure.

[Agent+ME]

What are those obvious reasons? I don't mind NAT so much when it at least has the decency to let me request port forwards to myself such as with UPnP. (Of course, I don't think any consumer routers are smart enough to forward UPnP requests they get upstream, which is frustrating in some situations.)

Re:Priority Failure.

[X0563511]

I've never had NAT, and I've never had to avoid it either.

I think you're confusing where the NAT lives. This is NAT outside of your zone of control. That's the problem.

Re:Priority Failure.

[green1]

But what if it's 20,000 customer's on an IP? and what if every time you reboot your modem you stay on the same node behind the same NAT with the same IP?

This seems far more likely than 4 or 16 customers and the possibility of a different IP when you reboot. It would more likely be at the node level, and you'd be on the same IP pretty much all the time.

I just find it interesting that they claim they have to NAT because nobody uses IPv6, and yet the reason that nobody uses IPv6 is that they refuse to offer it!
Quit making excuses, and start offering IPv6 already. don't use your own failure to implement IPv6 as an excuse why you should implement carrier grade NAT instead.

Re:Priority Failure.

[green1]

For now.

The question is where this leads in the future. First it will be free opt out, then it will be a discount if you take the NAT, then it will be the standard with an option to pay more for non-NAT, and then it will be only "premium" connections that even have that option. We've seen this sort of evolution on many "features". The carriers will make money off it.

I'd rather they quit using their own failure to implement IPv6 as an excuse to not implement IPv6. "nobody's using it, so we won't implement it" (how are they supposed to use it if you refuse to implement it???)

I understand that IPv4 addresses are getting scarce, but I think they'd be better off to start this same way, but with IPv6 and a NAT like gateway to IPv4, it ends up with a similar short term situation for the customers (with much traffic heading over the IPv4 tunnel), but it also helps the IPv6 upgrade along a little bit, and doesn't hurt these customers in the long term once more becomes available over IPv6

Re:Priority Failure.

[dissy]

But what if it's 20,000 customer's on an IP?

You're a lot closer than you realize.

IANA has recently reserved the IP block 100.64.0.0/10 for use with carrier grade NAT.
An entire /10! 100.64.0.0 to 100.127.255.255 - just over 4 million IPs.

This block exists purely to interconnect two RFC1918 IP blocks which have a chance of conflicting.
If the ISP decided to use 10.0.0.0/8 internally, then they wouldn't be able to connect any customers who's NAT router also used the 10.0.0.0 IP space. Similar problems arise with the 256 blocks of 253 IPs within 192.168.0.0/16

There is a new class of network middleware gear designed to sit between the real Internet and the customers which links them all together using that 100.64.0.0 block.
Each cable modem / DSL modem's WAN IP is within this private block, as is the new router gear designed for massive state tables. It also does some interesting tricks to keep DNS working.

The routers are designed to take a single /24 block of routable Internet addresses to share with all those natted WAN ports, which of course will turn right around and NAT your single private 100.64 IP with all your own devices on traditional RFC1918 IPs.

255 public Internet IP addresses shared with 4,194,302 private IP addresses, or 16,448 private IPs per single Internet IP.

For a guess of 20k, you are amazingly close! Far closer than 4-16

Ah, the bad old days...

[fuzzyfuzzyfungus]

Fantastic! This will be just as wonderful as AOL was, back when they were still unsure about this whole 'ISP' fad, and offered ghastly semi-access to the internet proper. I think I just threw up in my mouth from all the nostalgia!

Re:Ah, the bad old days...

Fantastic! This will be just as wonderful as AOL was, back when they were still unsure about this whole 'ISP' fad, and offered ghastly semi-access to the internet proper. I think I just threw up in my mouth from all the nostalgia!

Me too!

Re:Ah, the bad old days...

[compro01]

Today is September 7189th.

It's time

[lesincompetent]

I hereby declare a Jihad against BT for their infidelity about IPv6.

On the other hand....

[mark-t]

With CGN, they can't *POSSIBLY* argue that an IP address somehow is linked with a particular subscriber anymore.

This is going to create a hell of a problem when people inside the CGN start doing stuff they aren't supposed to outside of it, and those people outside can't do anything useful with the IP that they have.

Re:On the other hand....

[mark-t]

Nope.... not remotely. Which is the whole problem.

Because if BT implements CGN, then the IP that somebody outside ot BT would have for somebody inside of it would actually map to a whole bunch of BT subscribers. BT has no possible way to tell which subscriber utilized the IP because all of them did... possibly even all at exactly the same time, unless BT maps every subscriber to a unique global IP anyways, at which point BT doesn't gain anything by using CGN at all.

Re:On the other hand....

[mark-t]

Except the time isn't known... Unless you can guarantee that the ISP and the destination clocks are synchronized to the second.

Re:On the other hand....

[bsdaemonaut]

The company requesting information would need to know the public facing source port and correlating time otherwise there would be no way to look up the correct state/mapping. The company requesting this information wouldn't be able to know this information unless the user was connecting directly to their servers or they themselves were playing man-in-the-middle. The former option is plausible with some activity, i.e. if a peer were directly connecting to them in a torrent, but the latter option would be illegal in most any situation I can think of. So while it still may be /possible/, it is definitely much more difficult nor am I convinced ISPs would be held to such exacting standards -- I run some relatively small routers by comparison, and at any point in time there can be thousands of (relatively short-lived) states, we're taking about some pretty massive amounts of data compared to what is required now.

Re:On the other hand....

[BuGless]

NTP is your friend. man ntpd.

Re:Just use IPV6

[Khyber]

It's BT. No explanation for the sheer incompetence is required.

Re:"Not widely inplemented"

[xorsyst]

BT already gives all customers a home hub (router) as part of the deal, this is pretty standard in the uk. They upgrade them every couple of years for you, so going to an IPv6-enabled one is not difficult.

Shouldn't be doing anything on the open net anyway

[Greyfox]

It's pretty easy to set up a node on Tor. We could just declare the "open internet" lost to commercial interests and do all the "interesting" stuff on an encrypted network. Sure, it's slower than an open connection, but with increasingly common cable and optical connections it's still faster than even reasonably fast DSL from a couple years back.

I've had to deal with this.

[Gerafin]

Having to share an IP address with tons of people is absolutely, 100% a crippling experience. There are plenty of sites (newspapers, the site I get textures from, RapidShare, etc.) who limit their services by IP address. There's nothing quite like seeing messages about how your IP has exceeded the download limit on a website you've never visited before. Also: having to deal with bans when playing online games, as many are IP-based. The impossibility of hosting your own servers for games or other purposes. BitTorrent is nigh unusable. I would not pay a dime for this kind of a service, ever again.

Verizon isn't much better

[zerofoo]

Verizon started field testing IPv6 on their FIOS network in 2010. I figured it's 2013 - they should be done testing by now.

I called our business services rep about a month ago and asked about IPv6 service for our FIOS connections at our offices.

The rep's response:

"IPv6, what's that?" "Hold on. Let me ask my support engineer."

Support engineer's response:

"IPv6 - What's that?"

I may retire from the IT business before Verizon deploys IPv6.

-ted

Re:Need some explanation here...

[GrandCow]

Over the last eight years and my previous three ISPs, my router has never once received anything other than a 192.168.x.x or a 10.x.x.x IP address from my local ISP. Not once have I received a live & legit IPv4 address. I have to pay a lot more for those. What's the difference between this and CGNAT?

You are thinking of your routers internal address, the one you use to access it from inside your home network to configure and troubleshoot. They are talking about the routers external address, the one the rest of the internet sees.

No ipv6 for you

[sl4shd0rk]

"Limiting what customers can do..." seems to be the new norm... along with with "shut up. give up rights. sign EULA"

CGNAT has nothing to do with End-to-end

[bgt421]

The end-to-end principle has to do with where network logic is placed, not which devices are reachable, routeable, or have an IP address. As simply as possible, the end-to-end principle means that we should have smart end hosts and a dumb network. This is why routers don't guarantee packet delivery -- its up to the hosts (with TCP, et al.) to ensure this. This is in contrast to telephony networks, where the network is responsible for almost everything.

There are good reasons to oppose CGNAT, but the "end to end principle" is not one of them.

http://en.wikipedia.org/wiki/End-to-end_principle
or, if you're inclined to primary sources:
http://groups.csail.mit.edu/ana/Publications/PubPDFs/End-to-End%20Arguments%20in%20System%20Design.pdf

21CN

[TinheadNed]

Apropos of nothing, here's what BT did invest in for their "21st Century Network".

It's all IPv4.

Re:CG NAT is not new!

[znark]

Your cell carrier doesn't count as an ISP for your smartphone? You don't get a publicly routable address on any cell network I've used.

At least Saunalahti in Finland offers publicly routable IPv4 addresses to their mobile customers. You have to activate the feature in the self-service portal and use the correct APN so generally only those who know what they're doing would do it, but it is all documented on their website. The feature is free of charge.

Re:What's the BFD with not doing v6

[JDG1980]

Well, part of the problem is that there are still routers being sold today that don't support IPv6.

You'll need a regulatory push to get to IPv6. The digital TV transition in the US didn't happen because people gradually migrated off of analog, it happened because the government said 'after this date, analog TV goes dark'.

Re:What do you mean IPv6 isn't implemented

[wagnerrp]

Tons of people still use WinXP that has no functional IPv6 stack. Tons of people use old consumer modems and routers that have no IPv6 stack. Even many new modems and routers don't come with IPv6 capability. Was this poor planning on the part of ISPs, and entirely their fault? Abso-fucking-lutely!

Re:Which would be more evil?

[wagnerrp]

Those that could convert to IPv6 would do so, freeing up IPv4 space for those that could not.

BT and its customer

[multi+io]

BT Retail has started testing Carrier Grade NAT (CGNAT) with its customer.

Has the customer been informed already? How does he or she take it?

Re:How about....

[jones_supa]

Exactly!

Although CGNAT goes against the Internet's original end-to-end principles, ISPs say they are forced to use it because IPv4 addresses are running out, and IPv6 is not widely implemented.

Well, implement it then, for crikessakes! It's your job!

"Although getting seriously overweight goes against principles of healthy life, I am forced to buy bigger clothes because the old ones cannot fit, and all I do is eat junk food."

Re:If people had put more thought into the transit

[petermgreen]

Actually I think all we really needed was a transition mechanism that went with the flow of NAT e.g.

1: for each IPv4 address and UDP port combination an IPv6 address would be allocated.
2: IPv6 packets passing over legacy infrastructure would be encapsulated in a UDP packet. An anycast address would be created to represent IPv6 addresses with no IPv4 equivilent.
3: if a NAT changed the IPv4 address or UDP port of a packet containing an encapsulated IPv6 packet then the IPv6 addresses of the packet inside would be updated to match

With this system the end systems and internet core would need to be updated, but the rest of the existing infrastructure could be left in place.

But i'm just a nobody. Those with power over the stamdards process were on a crusade against NAT so such a system would be unthinkable to them and the transition mechanisms we got either ignored NAT (6to4) or fought it (teredo). Worse still ISPs didn't take either of those transition mechanisms seriously meaning that connectivity between users of transition mechanisms and users of native IPv6 has been poor.

Re:bye bye port forwarding

[petermgreen]

AIUI skype first tries direct connection using nat traversal techniques if needed. If that fails it routes the call via a node with a public IP address (they used to (ab)use customers on open internet connections to provide this service but nowadays I belive they provide it from their own servers).