Tweaks to IPv4 could free up 'hundreds of millions of addresses'
By Dan Robinson, Wed 1 Jun 2022
- https://www.theregister.com/2022/06/01/ipv4_proposed_changes/
I also feel like the effort that some people are putting into retaining
IPv4 is probably questionable effort and probably would be better spent
on transitioning to IPv6.
On 2022-06-08, Grant Taylor <gtaylor@tnetconsulting.net> wrote:
I also feel like the effort that some people are putting into retaining
IPv4 is probably questionable effort and probably would be better spent
on transitioning to IPv6.
I have steadfastly refused to use IPV6 and disable it on all of my devices. I'm just not interested in dealing with it. At the rate this "transition"
is going by the time it's really necessary to use IPV6 I'll either be too
old to care about the damned internet or pushing up daisies.
On 08/06/2022 22:36, Roger Blake wrote:
On 2022-06-08, Grant Taylor <gtaylor@tnetconsulting.net> wrote:
I also feel like the effort that some people are putting into retaining
IPv4 is probably questionable effort and probably would be better spent
on transitioning to IPv6.
I have steadfastly refused to use IPV6 and disable it on all of my
devices.
I'm just not interested in dealing with it. At the rate this "transition"
is going by the time it's really necessary to use IPV6 I'll either be too
old to care about the damned internet or pushing up daisies.
one peculiarity I have seen is:
On a IPv4 network, devices use the configured IP address of the DNS. In
my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
When running on IPv6, mobile phones over Wifi seemed able to get their
DNS results from a DNS OUTSIDE my LAn despite there being a DNS on teh
LAN itself.
This was despite the Pi Hole also set up for DNS over IPv6.
the computers on the LAN used the internal DNS.
I ended up having to disable IPv6 support in the router to ensure teh Pi
Hole DNS was used by *ALL* devices.
A work colleague tells me that in the IPv6 standard there is more
freedom to use other DNS rather than use the IP address that the device
is TOLD is the DNS via DHCP.
I have steadfastly refused to use IPV6 and disable it on all of my devices.
I'm just not interested in dealing with it. At the rate this
"transition" is going by the time it's really necessary to use IPV6
I'll either be too old to care about the damned internet or pushing
up daisies.
I will say that there has been more of an effort over the last five or so years for alternate DNS protocols,Some of which may be built into your browser which might happily ignore the system wide DNS settings.
On 06/09/2022 06:16 AM, Grant Taylor wrote:
Some of which may be built into your browser which might happily ignore the system wide DNS settings.
I will say that there has been more of an effort over the last five or so years for alternate DNS protocols,
one peculiarity I have seen is:
On a IPv4 network, devices use the configured IP address of the DNS. In
my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
When running on IPv6, mobile phones over Wifi seemed able to get their
DNS results from a DNS OUTSIDE my LAn despite there being a DNS on teh
LAN itself.
This was despite the Pi Hole also set up for DNS over IPv6.
the computers on the LAN used the internal DNS.
I ended up having to disable IPv6 support in the router to ensure teh Pi
Hole DNS was used by *ALL* devices.
to the point of not ignoring IPv4 DNS settings but ignoring IPv6 DNS settings?
A work colleague tells me that in the IPv6 standard there is more
freedom to use other DNS rather than use the IP address that the
device is TOLD is the DNS via DHCP.
On 2022-06-08, Grant Taylor <gtaylor@tnetconsulting.net> wrote:
I also feel like the effort that some people are putting into
retaining IPv4 is probably questionable effort and probably would
be better spent on transitioning to IPv6.
I have steadfastly refused to use IPV6 and disable it on all of my
devices. I'm just not interested in dealing with it. At the rate this "transition" is going by the time it's really necessary to use IPV6
I'll either be too old to care about the damned internet or pushing
up daisies.
On a IPv4 network, devices use the configured IP address of the DNS.
In my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
When running on IPv6, mobile phones over Wifi seemed able to get
their DNS results from a DNS OUTSIDE my LAn despite there being a DNS
on teh LAN itself.
This was despite the Pi Hole also set up for DNS over IPv6.
the computers on the LAN used the internal DNS.
I ended up having to disable IPv6 support in the router to ensure teh
Pi Hole DNS was used by *ALL* devices.
to the point of not ignoring IPv4 DNS settings but ignoring IPv6
DNS settings?
Am Mittwoch, 08. Juni 2022, um 22:45:30 Uhr schrieb SH:
On a IPv4 network, devices use the configured IP address of the DNS.
In my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
When running on IPv6, mobile phones over Wifi seemed able to get
their DNS results from a DNS OUTSIDE my LAn despite there being a DNS
on teh LAN itself.
This was despite the Pi Hole also set up for DNS over IPv6.
the computers on the LAN used the internal DNS.
I ended up having to disable IPv6 support in the router to ensure teh
Pi Hole DNS was used by *ALL* devices.
This is the worst idea.
You need to make sure that your computers get the IPv6 DNS resolver by
DHCPv6 (if your routers runs a DHCPv6) and via the IPv6 Router
Advertisement.
I'm not. I think the entire idea of doing so is not a good one.
There are several reasons:
- It will slow down the transition to IPv6 (that is definitely needed)
- The "new" addresses will cause many problems: All routers, operating systems and firewalls MUST be updated.
The chance is really high that most of them won't be changed, so the
new addresses, e.g. from the current localhost area, can't be properly
used in many networks.
True, but this must be implemented in EVERY device that uses IPv4 to function. This will take years to be done and many devices can't be
changed, like old operating systems, routers etc.
True, and these people must be stopped doing so.
Th only way is to move to IPv6, if all normal stuff is usable via IPv6,
the IPv4 addresses are free again and can be used for legacy purposes.
Full ack. The new global addresses will create many problems at
many places.
We must start/continue transition to IPv6 ASAP.
There are still very bad companies like SONY that sell (junk) products (PlayStation 4) that can't use IPv6 at all.
Nope. That's not true.
Your client computer has no idea if my 192.168.1.0 is the zeroth address
in 192.168.1.0/24 or the middle of the 192.168.0.0/23 network. You
don't have to change anything.
Your client computer has no idea if my 192.168.1.0 is the zeroth address in 192.168.1.0/24 or the middle of the 192.168.0.0/23 network. You don't have to
change anything.
Further or later you will be offline. I also don't know a reason why
people refuse to learn IPv6. If you managed to learn IPv4, it is very
easy.
We must start/continue transition to IPv6 ASAP.
On 6/10/22 3:58 AM, Marco Moock wrote:
- The "new" addresses will cause many problems: All routers,
operating systems and firewalls MUST be updated.
Nope. That's not true.
Your client computer has no idea if my 192.168.1.0 is the zeroth
address in 192.168.1.0/24 or the middle of the 192.168.0.0/23
network. You don't have to change anything.
The things that will need to be updated are things that are directly
attached to the network using zeroth addresses.
So the very vast majority of things will not need to be updated to
support zeroth addresses.
The chance is really high that most of them won't be changed, so
the new addresses, e.g. from the current localhost area, can't be
properly used in many networks.
It's only a locally significant problem. Things that want to use the
zeroth address may need to update. Things that aren't local don't
need to care.
True, but this must be implemented in EVERY device that uses IPv4
to function. This will take years to be done and many devices can't
be changed, like old operating systems, routers etc.
Nope. (See above.)
True, and these people must be stopped doing so.
Good luck convincing them.
We should also start hosting services on IPv6. I'm sick and tired of
people discouraging running mail servers on IPv6.
There are still very bad companies like SONY that sell (junk)
products (PlayStation 4) that can't use IPv6 at all.
horse ... water ...
On 2022-06-10, Marco Moock <mo01@posteo.de> wrote:
Further or later you will be offline. I also don't know a reason why
people refuse to learn IPv6. If you managed to learn IPv4, it is
very easy.
I see no good reason for it.
i seem to recall that when setting up Pi hole, I put in a IPv4
address 192.168.0.29 and there was no option to add a IPv6 address
EVEN though there was a toggle option for enable IPv6 support in Pi
Hole.
In the Vodafone router I have a toggle option for IPv6 support. I can
also enter in the IPv4 address of my preferred DNS but there is no
box for entering an IPv6 address for my preferred DNS.....
Hmmm what next?
Exactly, my ISP gives my a /29 subnet, but rather than assigning it
that way and getting 6 usable addresses plus a useless subnet addr
and broadcast addr, I assign all 8 addrs as /32 and get two more
usable IPs out of it ...
horse ... water ...
What does that mean?
PS: I am not an English native speaker.
Have you also changed all computers there that they don't treat the
BC address as BC?
This only applies to the net addresses they want to make usable.
But think about making subnets of 127.0.0.0/8 public routable?
Currently the entire net is localhost, so addresses within that net
MUST NOT be transmitted to another host.
This must be changed on EVERY router, firewall, operating system etc.
If not, these new addresses can't be used in environments where routers
are blocking it.
See the post about localhost above. If I run a public server on the
new global address 127.123.2.1, then this can't be used of somebody
runs an operating system, a firewall or a router that doesn't know
about the change. Win XP, Vista and 7 users can't access it, many
computers in home networks with older routers can't access it.
For some I managed it, others are resistent to all suggestions.
Full ack. I will further or sooner host my own sendmail server. Then I
can make it reachable via IPv6.
Sadly, my current mail provider doesn't support IPv6 in MX.
My own services (squid/danted/ftpd) are already IPv6 capable.
What does that mean?
PS: I am not an English native speaker.
Have you also changed all computers there that they don't treat the
BC address as BC?
I disagree. I certainly will not be changing over to IPV6.
After working with IPV4 practically since it was deployed I'm just not willing to learn or even blindly use another protocol.
I also see no good reason for every damned electronic device to be internet-connected in the first place,
which seems to be at least part of the driving force for this.
(In general if a product has "smart" in its name or description I
want nothing to do with it.)
Fortunately, as I stated previously, the "transition" is going so
slowly the chances are I won't have to deal with it in my lifetime
and what happens after that is not my concern.
On 6/10/22 3:58 AM, Marco Moock wrote:
We must start/continue transition to IPv6 ASAP.
Agreed.
We should also start hosting services on IPv6. I'm sick and tired of
people discouraging running mail servers on IPv6.
There are still very bad companies like SONY that sell (junk) products (PlayStation 4) that can't use IPv6 at all.
horse ... water ...
schrieb Andy Burns:
my ISP gives my a /29 subnet, but rather than assigning it
that way and getting 6 usable addresses plus a useless subnet addr
and broadcast addr, I assign all 8 addrs as /32 and get two more
usable IPs out of it ...
Have you also changed all computers there that they don't treat the BC address as BC?
Ok, can you calculate 2³²?
This is the maximum amount of possible IPv4 addresses. Even this isn't
enough and many areas of that space can't be used for global
addressing. This is the reason for IPv6 and there is no way around it.
On 10/06/2022 11:00, Marco Moock wrote:
Am Mittwoch, 08. Juni 2022, um 22:45:30 Uhr schrieb SH:
On a IPv4 network, devices use the configured IP address of the DNS.
In my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
When running on IPv6, mobile phones over Wifi seemed able to get
their DNS results from a DNS OUTSIDE my LAn despite there being a DNS
on teh LAN itself.
This was despite the Pi Hole also set up for DNS over IPv6.
the computers on the LAN used the internal DNS.
I ended up having to disable IPv6 support in the router to ensure teh
Pi Hole DNS was used by *ALL* devices.
This is the worst idea.
You need to make sure that your computers get the IPv6 DNS resolver by
DHCPv6 (if your routers runs a DHCPv6) and via the IPv6 Router
Advertisement.
i seem to recall that when setting up Pi hole, I put in a IPv4 address 192.168.0.29 and there was no option to add a IPv6 address EVEN though
there was a toggle option for enable IPv6 support in Pi Hole.
In the Vodafone router I have a toggle option for IPv6 support. I can
also enter in the IPv4 address of my preferred DNS but there is no box
for entering an IPv6 address for my preferred DNS.....
Hmmm what next?
On Fri, 10 Jun 2022 13:51:01 -0600
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
On 6/10/22 3:58 AM, Marco Moock wrote:
We must start/continue transition to IPv6 ASAP.
Agreed.
For someone who doesn't know much about these issues , could someone explain what kind of stuff a person would have to be involved in in order for that person to have to take explicit steps for a transition as opposed to things just working for whatever combination of hardware and software they're using ?
In particular , does someone who is not a networking professional need to take some explicit steps ?
On 6/10/22 11:56 PM, Marco Moock wrote:
This only applies to the net addresses they want to make usable.
Yes.
But think about making subnets of 127.0.0.0/8 public routable?
There are many facets to the IPv4 Cleanup Project as I understand it.
I think that trying to use any part of the 127/8 network across the
global Internet is as effective as spitting into a hurricane.
But that's /global/.
I do think that it's possible, if not likely, that companies (e.g.
Google) can update all of their equipment such that they can use parts
of the 127/8 network other than 127.0.0.0/24 internally the same way
that they can currently use RFC 1918 / 7793 addresses. Meaning private passing through a CGNAT solution.
Your Windows XP won't care that the 192.0.2.127 it thinks it's talking
to is actually being translated to 127.2.0.192 inside of $COMPANY's data center.
Spiros Bousbouras <spibou@gmail.com> wrote:
On Fri, 10 Jun 2022 13:51:01 -0600
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
On 6/10/22 3:58 AM, Marco Moock wrote:
We must start/continue transition to IPv6 ASAP.
Agreed.
For someone who doesn't know much about these issues , could someone explain
what kind of stuff a person would have to be involved in in order for that person to have to take explicit steps for a transition as opposed to things just working for whatever combination of hardware and software they're using ?
In particular , does someone who is not a networking professional need to take some explicit steps ?
Well I just wasted another hour of my life trying to enable it for
my home internet connection (mobile broadband). It turns out that
yes, I am now using a modem that supports IPv6 and IPv4/IPv6 over
PPP. But whenever I enable it, the modem never connects. I guessed
that this means my ISP/telco doesn't support it. But no, although
as usual they're to polite to have an official page about it they
announced IPv4/v6 for mobile in 2016*. But it doesn't work, and
there's only so far to dig with that because there aren't many
cofiguration changes involved. Plus the error condition is "hmm,
it's been a couple of minutes and it's _still_ 'connecting', guess
that doesn't work either" (an all too familiar error condition, I
might add).
On the other hand I know most households here in Australia with
wired internet are now using modems/routers with IPv6 enabled,
because that's the default for most/all the new hardware they got
when the 'National Broadband Network' rolled out in Australia. So
they didn't need to take any explicit steps.
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
There are many facets to the IPv4 Cleanup Project as I understand it.
I think that trying to use any part of the 127/8 network across the
global Internet is as effective as spitting into a hurricane.
But that's /global/.
I do think that it's possible, if not likely, that companies (e.g.
Google) can update all of their equipment such that they can use
parts of the 127/8 network other than 127.0.0.0/24 internally the
same way that they can currently use RFC 1918 / 7793 addresses.
Meaning private passing through a CGNAT solution.
Your Windows XP won't care that the 192.0.2.127 it thinks it's
talking to is actually being translated to 127.2.0.192 inside of
$COMPANY's data center.
The project's GitHub pages seem to make it pretty clear that they
_are_ talking about global scope for all this. Their stated aim is
"adding 419 million new IPs to the world". They more or less
suggest that the battle is already won on internal networks:
""These addresses will never work globally"
They won't unless we try. They already work fine with the patchsets
we have on Linux, FreeBSD, and macOS. These addresses work on a
local LAN, in tunnels, and via the two major routing daemons we've
patched, and nearly every IoT OS we've tried."
https://github.com/schoen/unicast-extensions/blob/master/FAQ.md
That’s not a very promising answer. They still haven’t got their work fully merged into the main Unix kernels and I can find no hint
anywhere about how close Windows support is.
Stop using the Vodafone router for DHCP/DNS and use the Pi Hole
instead.
I disagree. I certainly will not be changing over to IPV6. After working with >IPV4 practically since it was deployed I'm just not willing to learn or even >blindly use another protocol. I also see no good reason for every damned >electronic device to be internet-connected in the first place, which seems
to be at least part of the driving force for this. (In general if a product >has "smart" in its name or description I want nothing to do with it.)
Fortunately, as I stated previously, the "transition" is going so slowly the >chances are I won't have to deal with it in my lifetime and what happens >after that is not my concern.
What would Sony need to do in order to add support ? >en.wikipedia.org/wiki/PlayStation_4_system_software :
The PlayStation 4 system software is the updatable firmware and operating
system of the PlayStation 4. The operating system is Orbis OS, based on
FreeBSD 9.
I'm guessing that FreeBSD 9 does have support.
Why is turning off the DHCPv6 server on the router a problem? Just
run the DHCPv6 server on the pi hole. And why is the router
advertisement an issue? You should have a static block of addresses
assigned to the router, and the DHCPv6 server just assigns to
individual machines within that block.
There are ways around it, such as carrier-grade NAT. There won't be
an actual need for IPV6 in my lifetime and as I've said what happens
after that is not my concern. I plan to keep IPV6 disabled here
indefinitely.
Stop using the Vodafone router for DHCP/DNS and use the Pi Hole
instead.
For that it must be possible to switch off DHCPv6 on the router. Also
the IPv6 router advertisement must be changed at the router, because it
must come from that router. The only way is a router that offers to
change the settings.
Why is turning off the DHCPv6 server on the router a problem? Just
run the DHCPv6 server on the pi hole. And why is the router
advertisement an issue? You should have a static block of addresses
assigned to the router, and the DHCPv6 server just assigns to
individual machines within that block. --scott
On 10/06/2022 11:51, SH wrote:
On 10/06/2022 11:00, Marco Moock wrote:
Am Mittwoch, 08. Juni 2022, um 22:45:30 Uhr schrieb SH:
On a IPv4 network, devices use the configured IP address of the DNS.
In my case I have a pi Hole so all DNS queries all go to teh Pi Hole.
When running on IPv6, mobile phones over Wifi seemed able to get
their DNS results from a DNS OUTSIDE my LAn despite there being a DNS
on teh LAN itself.
This was despite the Pi Hole also set up for DNS over IPv6.
the computers on the LAN used the internal DNS.
I ended up having to disable IPv6 support in the router to ensure teh
Pi Hole DNS was used by *ALL* devices.
This is the worst idea.
You need to make sure that your computers get the IPv6 DNS resolver by
DHCPv6 (if your routers runs a DHCPv6) and via the IPv6 Router
Advertisement.
i seem to recall that when setting up Pi hole, I put in a IPv4 address
192.168.0.29 and there was no option to add a IPv6 address EVEN though
there was a toggle option for enable IPv6 support in Pi Hole.
It does now. As well as being able to choose among half-a-dozen
pre-defined IPv6 DNS providers such as Cloudflare you can also specify
two IPv6 addresses for your own choice of upstream IPv6 DNS server.
In the Vodafone router I have a toggle option for IPv6 support. I can
also enter in the IPv4 address of my preferred DNS but there is no box
for entering an IPv6 address for my preferred DNS.....
Hmmm what next?
Stop using the Vodafone router for DHCP/DNS and use the Pi Hole instead.
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
On 6/10/22 11:56 PM, Marco Moock wrote:
*SKIP*But think about making subnets of 127.0.0.0/8 public routable?There are many facets to the IPv4 Cleanup Project as I understand it.
But if a normal website server like wikipedia.org ever resolves to 127.2.0.192, or my ISP ever assigns an IP address like that to my home internet connection, _that_ would be very bad state of affairs. The
question is therefore whether website operators and ISPs can be
trusted not to use the new global addresses inappropriately?
which i sm doing as i disabled dhcp in the router and enabled the pi
holes own dhcp
CG-NAT is no way around it, you can't run any servers, you can't use
SIP at all. CG-NAT and DS-Lite is just really nasty.
The transition is already complete in most of Asia. They can't get IPv4 addresses because there haven't been any available for years, so they use IPv6. The transition is only going slowly in the US where address space
is plentiful. Most of the rest of the world is not that way, and if you
want to talk to the rest of the would you likely would want IPv6.
On 12 Jun 2022 11:50:31 +1000
not@telling.you.invalid (Computer Nerd Kev) wrote:
Well I just wasted another hour of my life trying to enable it for
my home internet connection (mobile broadband). It turns out that
yes, I am now using a modem that supports IPv6 and IPv4/IPv6 over
PPP. But whenever I enable it, the modem never connects. I guessed
that this means my ISP/telco doesn't support it. But no, although
as usual they're to polite to have an official page about it they
announced IPv4/v6 for mobile in 2016*. But it doesn't work, and
there's only so far to dig with that because there aren't many
cofiguration changes involved. Plus the error condition is "hmm,
it's been a couple of minutes and it's _still_ 'connecting', guess
that doesn't work either" (an all too familiar error condition, I
might add).
So it should have worked just by ticking a box or something but you never actually managed to make it work.
On the other hand I know most households here in Australia with
wired internet are now using modems/routers with IPv6 enabled,
because that's the default for most/all the new hardware they got
when the 'National Broadband Network' rolled out in Australia. So
they didn't need to take any explicit steps.
Yes , that would have been my guess for all "sufficiently technologically advanced" countries. I don't know if my router has IPv6 enabled and I'm
not inclined to find out because I resent the fact that its interface requires a browser with javascript. But my guess is that IPv6 is enabled.
Pretty much. I'm using OpenWRT so the instructions are to tick a
box and edit the chat script that initialises the modem, but I'm
not using the web interface so I edited the config file and the
chat script manually. The chat script edit just replaces "IP" with
"IPV4V6" on one line, but doing that (or I tried "IPV6" as well)
prevents the phone network from letting it connect. I followed
their instructions to check that it supports PDPv6 and PDPv4v6
(though their wiki page seems to be the only bit of the internet
that uses those terms), and it does, so I have to figure it's a
problem with my ISP/telco. My ISP/telco is the company that
actually sold the modem that I'm using though.
https://openwrt.org/docs/guide-user/network/wan/wwan/3gdongle#obtaining_ipv6_address
On what grounds do they discourage it ?
CG-NAT is no way around it, you can't run any servers, you can't use
SIP at all. CG-NAT and DS-Lite is just really nasty.
CG-NAT is just fine for the typical end user "surfing thuh web".
Spiros Bousbouras <spibou@gmail.com> wrote:
Yes , that would have been my guess for all "sufficiently technologically advanced" countries. I don't know if my router has IPv6 enabled and I'm
not inclined to find out because I resent the fact that its interface requires a browser with javascript. But my guess is that IPv6 is enabled.
You can check easily whether your computer can access IPv6.
This command on Linux or whatever you have with recent-ish wget
installed:
wget -6 --spider https://www.wikipedia.org/
Should state that the "Remote file exists" along with a lot of other
stuff. If not, then if it works without the "-6" option that means
something is stopping IPv6 connections.
The "-6" option also works with ping on Linux.
CG-NAT is just fine for the typical end user "surfing thuh web".
On 2022-06-12, Marco Moock <mo01@posteo.de> wrote:
CG-NAT is no way around it, you can't run any servers, you can't use
SIP at all. CG-NAT and DS-Lite is just really nasty.
I've run SIP through NAT many times. I see no reason why CG-NAT would
make any difference.
But this is very annoying, people can't rund their own server and haveThese are the type of people that need to "be on the Internet". There
their freedom. They must store files they want to remotely access on
foreign servers.
Mostly it's the dual-NAT nature of CGNAT (public IP -> Carrier 100.64/10
your RFC1918), coupled with things like the carrier not able (orwilling) to force the forward to your router, etc.
It's certainly fine for residential "access the internet" type
connections, but it seems the trend is that people (somewhat) want to be
"on the internet" -- maybe not running "very public" websites or
whatever; but still be able to "get home" while they're out for some
reason or other.
I think that it's mostly a lack of willingness and maybe a lack of
capability (as in the vendor doesn't provide an option to the ISP)
that prevents this public IP -> Carrier 100.64/10 -> RFC1918
forwarding.
It's certainly fine for residential "access the internet" type
connections, but it seems the trend is that people (somewhat) want
to be "on the internet" -- maybe not running "very public" websites
or whatever; but still be able to "get home" while they're out for
some reason or other.
There are options that people with "access to the Internet" can use
to get home via things like some VPNs and / or a VPS that's "on the
Internet" with a connection with the home.
Is is a problem of NAT itself. SIP isn't intended to run behind
NAT/CG-NAT.
I know, but this is really, really annoying, so I like to avoid that
whenever possible.
On 2022-06-11, Marco Moock <mo01@posteo.de> wrote:
Ok, can you calculate 2³²?
This is the maximum amount of possible IPv4 addresses. Even this isn't
enough and many areas of that space can't be used for global
addressing. This is the reason for IPv6 and there is no way around it.
There are ways around it, such as carrier-grade NAT.
that ultimately relies on having a routable address somewhere.
On 6/13/22 12:48 PM, Marco Moock wrote:
Is is a problem of NAT itself. SIP isn't intended to run behind
NAT/CG-NAT.
I think we're talking horses and oranges.
I was stating that -- I think -- CGNAT /could/ support port forwarding
if people wanted it to.
On 6/13/22 6:33 AM, Dan Purgert wrote:
Mostly it's the dual-NAT nature of CGNAT (public IP -> Carrier 100.64/10
your RFC1918), coupled with things like the carrier not able (orwilling) to force the forward to your router, etc.
I think that it's mostly a lack of willingness and maybe a lack of
capability (as in the vendor doesn't provide an option to the ISP) that prevents this public IP -> Carrier 100.64/10 -> RFC1918 forwarding.
It's certainly fine for residential "access the internet" type
connections, but it seems the trend is that people (somewhat) want to be
"on the internet" -- maybe not running "very public" websites or
whatever; but still be able to "get home" while they're out for some
reason or other.
There are options that people with "access to the Internet" can use to
get home via things like some VPNs and / or a VPS that's "on the
Internet" with a connection with the home.
It does. But what incentive do I as a carrier have to setup the
necessary DNAT rule(s) for you?
Am Dienstag, 14. Juni 2022, um 09:35:40 Uhr schrieb Dan Purgert:
It does. But what incentive do I as a carrier have to setup the
necessary DNAT rule(s) for you?
Nothing. Most customers are satisfied with CG-NAT/DS-Lite and those who
are not use another ISP/pay extra for native IPv4.
It does. But what incentive do I as a carrier have to setup the
necessary DNAT rule(s) for you?
Which "vendor" are you thinking of here? Cisco/Aruba/Juniper?
They totally can do DNAT over the CGNAT range.
There's honestly nothing special about CGNAT -- it's just a new
range that definitely won't collide with RFC1918, because modern
small carriers can't get their hands on a publicly routed /24 easily
(if at all).
Of course. Or they could pressure their provider for v6, and be
"on the internet" that way (IME with various WISPs, that's their M.O.)
On 6/14/22 3:33 AM, Dan Purgert wrote:
Which "vendor" are you thinking of here? Cisco/Aruba/Juniper?
They totally can do DNAT over the CGNAT range.
I was mostly focusing on "lack of willingness" more than "capability".
Your response to my previous email make me think you probably fall into
the "lack of willingness" group.
[...]
Of course. Or they could pressure their provider for v6, and be
"on the internet" that way (IME with various WISPs, that's their M.O.)
Except IPv6 is not the same as IPv4. It's not even really feature
parity. It's definitely not the same set of endpoints.
On 6/14/22 3:35 AM, Dan Purgert wrote:
It does. But what incentive do I as a carrier have to setup the
necessary DNAT rule(s) for you?
I would hope that a ((reasonable) monthly) monetary incentive might work.
It's a mix of both -- remember that the "small carrier" who is forced
into using CGNAT may only have a /28's worth of actual public IPv4
addresses for their customers to share. Maybe even less.
Things get messy when you've got multiple households hitting the
internet from the same public IP address.
What, exactly, do you mean here by "same set of endpoints" ?
I suppose it depends on the carrier, and the setup / future plans.
The ones I've worked with are pretty universally "no", outside of the reserved / business accounts (as would I be, if I lived somewhere where
I could actually compete as a carrier).
Long story short is that they have NAT pools from their CGN-space
to the public internet, in order to avoid issues where popular websites/services will reject the customer for "too many
connections". That being said, they do offer ipv6 options.
On 6/15/22 3:57 AM, Dan Purgert wrote:
It's a mix of both -- remember that the "small carrier" who is forced
into using CGNAT may only have a /28's worth of actual public IPv4
addresses for their customers to share. Maybe even less.
I am surprised by the carrier only having a /28. I was naively thinking
that just about all small ISPs would have at least one /24 and be participating in BGP with one (or more) upstream providers.
So, they get a contract with a transit carrier, who hands off a slice
of something they own. I mean, you gotta start somewhere ...
Is is a problem of NAT itself. SIP isn't intended to run behind
NAT/CG-NAT.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 388 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 05:14:31 |
| Calls: | 8,219 |
| Calls today: | 17 |
| Files: | 13,122 |
| Messages: | 5,872,259 |
| Posted today: | 1 |