Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[snadge]

Admin Note
This topic has been split and merged from a couple of other posts to form a new thread in its own right for the discussion of IPv6 and CGNAT

Are u suggesting that sky may start letting us use our own routers?

I read today that BT are starting to use some type of NAT so that customers share ipv4 addresses in an attempt to delay ipv6 and customers are already complaining... Do you think sky will employ anything similar? And is their potential for performance hit?

Sent from my Sony Xperia Miro on Tapatalk

[c6em]

OTT - CGNAT
Well the more excitable BT customers are complaining from what I've just read.
All thinking that hell and damnation will be visited upon them.
Clearly not realizing that CGNAT is already used for mobile phone internet access.
Nor that the number currently venting themselves on TBB forums are not exactly representative of BT's subscriber base as a whole.

Plunet trialled this some time ago so I'd guess those applications which won't work with it are known about.
Yes, I accept there will be some inconvenienced and will need to take appropriate steps.
But for the majority of BT's 5 million subscribers I reckon it's a non issue.

Online purchasing/banking groups may not be too chuffed as currently they can log the user's IP address.  But now all they will get is the ISP's CGNAT address(s) for a large number of their customers - possibly all at the same time!   So fraud prevention may be impacted. But I expect BT will have had high level meetings with the Financial Services Authority to discuss such things.

Should BT have told everyone - ideally yes, but in reality what good would that have done.
The majority of end users would have no idea what on earth BT were on about and would simply clog up the call centre phone lines asking lots of "silly" questions about why BT were "changing their broadband".

[snadge]

@ c6em - sounds like you're 'championing' this change?... dont you think they should be concentrating on switching to IPv6 instead of doing this?

can this cause any performance issues? ..even if its just latency?

from Wikipedia:

Critics of carrier-grade NAT argue the following aspects:

Like any form of NAT, it breaks the end-to-end principle.
It has significant security, scalability and reliability problems, by virtue of being stateful.
It makes record keeping for law-enforcement operations more difficult.
It makes it impossible to host services.
It does not solve the IPv4 address exhaustion problem when a routable IP address is needed, such as in web hosting.

maybe should start another thread for this discussion

# EDIT: I have done so here -> http://forum.kitz.co.uk/index.php/topic,12478.0.html

[snadge]

BT is testing a system that would see broadband customers share IP addresses to avoid the looming IPv4 shortage.

The current IPv4 system is running out of space, and many ISPs and users aren't yet ready to switch to its successor, IPv6.

As a solution, BT is testing a technology called Carrier Grade NAT (CGNAT), which has already been trialed by Plusnet, an ISP owned by BT.

BT said its CGNAT trial would see a single IP address shared between up to 10 customers. "This is the same as the standard practice for mobile broadband connections, using smartphones and tablets today," BT added.

However, CGNAT means you can't set up port forwarding on your router, causing problems for anyone hosting a website or online game. The trial will be tested with customers on BT's "Option 1 Total Broadband" - it's lowest tier, "who on average use the internet the least", the company said.

"We believe they are the least likely group of customers to experience any issues or disruptions due to CGNAT, which can interfere with complex online activities like hosting servers at home," BT said. "We do not think these customers will notice any difference at all in their broadband performance, but if any of these customers did have any resulting issues, we would be happy to restore their connection to an individual IP address."

However, it appears users are already noticing problems. "It's causing me a real headache, for a start none of my home servers are now accessible via the web, remote access to my PC is also blocked, and XBox Live requires NAT to be open to work correctly so has reduced multiplayer ability," said one user on the BT forums. "If BT has decided to roll out this solution I really hope that it realises the issues it'll cause its customers."

BT didn't say how many users would be affected or how long the CGNAT trial would run.

BT stressed that it's working to move to IPv6 this year, but said customers will need both IPv4 and IPv6 addresses "for the forseeable future".
(Thanks to PC Pro reader Richard Samson for the tip-off)

http://www.pcpro.co.uk/news/broadband/381646/customers-fume-as-bt-introduces-ip-sharing

as long as it doesnt impact on performance or security then Iam not bothered, and as long as customers can 'opt-out' for whatever reason then great... but I do think they should be concentrating on moving to IPv6 instead of trying to buy more time to do so...

what about Anti-Piracy measures on CGNAT?

[guest]

The SR101 costs Sky around £12-15 per user, possibly a little more on delivery. Lets assume that the SR101 is fully capable of IPv6 firewalling/etc for a second (which it isn't with that build of Busybox)

Sky have 4,870,000 BB users. At £12 per user that is £58.5 million to replace the routers. Knowing Sky that isn't going to happen.

It is my understanding that PPPoA is now available on ALL Sky LLU connections - MER is no longer forced - so make of that what you will.

I got no sympathy for any of the major ISPs, this should have been planned for at least 5 years ago so its entirely their own problem.

[guest]

maybe should start another thread for this discussion

Why? The time for discussion was years ago, no point in discussing anything now. IPv6 outside the ARIN/RIPE regions is the de-facto standard. ARIN/RIPE for historical reasons have had most of the IPv4 allocations so they didn't bother. Time to bite the bullet and stop the nonsense frankly.

Long long past the time if we're being brutally honest.

[snadge]

@ Rizla - a discussion on BT's CGNAT implementation I mean but I see your point about it all being a bit too late hehe

cant IPv6 not be rolled out as a fw update to routers?

I cant speak for all Sky connections but since I was connected as of April 2012 I could use either MER or PPPoA, sky routers would default too MER and my routers would use PPPoA (as you know this is no longer the case) , was it the case that some ISAM's were forcing the use of MER regardless?

someone has also mentioned about how CGNAT may affect anti-piracy measures??

[guest]

In general IPv6 works on any router but only via a tunnel over IPv4 and that will bypass the firewall.

Its possible to make IPv6 work on current routers but best of luck with making that happen - manufacturers aren't interested in f/w updates as they can't monetise it effectively. They want to sell you new hardware.

CGNAT is a pile of crap perched on top of an obsolete system (IPv4). Anyone who thinks its an option to go that way is utterly delusional - or more likely a beancounter defending the next 2-3 years revenue.

CGNAT is an appalling proposal, there is no good reason for it other than protecting ARIN/RIPE teleco's profit margins. Outside Europe and the USA IPv6 is more the norm than the exception.

[ColinS]

The SR101 costs Sky around £12-15 per user, possibly a little more on delivery. Lets assume that the SR101 is fully capable of IPv6 firewalling/etc for a second (which it isn't with that build of Busybox)
Sky have 4,870,000 BB users. At £12 per user that is £58.5 million to replace the routers. Knowing Sky that isn't going to happen.

So then, presumably buying 02/Be in order to steal their IPv4 static addresses to add to Sky's dynamic pool, is their version of CGNAT and cost them less than £58.5M (or will do once they've started to push all their other packages at them)?

[kitz]

I will try split this thread in a bit if its possible to do so without interrupting the conversation flow, because this is an interesting topic in its own right.

----

I too am not sure if CGNAT is an ideal solution.   

Yes it probably does work well on mobile devices because you are hardly likely to be running services from a mobile phone are you?  durrgh! 

I can see the thinking behind applying it to the lower end accounts.  There are probably a lot of internet users out there who do only connect to check mail or browse the net.   I know lots of people who seldom use their connection yet their routers stay on 24/7. 

The introduction of IP profiles and DLM systems and such mean that people are more loathe to switch their router off.  Im afraid BTw and the other ISPs havent helped themselves in the slightest because of the DLM...  and this includes Sky (Yes I still need to sort my dads stupid profile out but I cba to deal with sky CS right now).

Talking of Sky and them routinely dropping connections in an attempt to reclaim IP addresses?  Can anyone else recall the outcry back in about 2006 when Plusnet would drop the PPP session on the basic Broadband Plus account in an attempt to reduce and rebalance the number of 'sessions' on the old BT Centrals... and the huge outcry that ensued.

Do I detect a slight hint of IPv6 snobbery...  because it can be complicated.. hell I cant even get my head around it properly so what chance does the average user have.

TBH if we need to go IPv6 then the interwebs should...  its been skirting around the IPv6 issue for more than 10 years.   
The ISPs should be well aware of this and plans should have been put in place way before now.  So £60m to Sky for replacing routers..  sorry no sympathy, theyve been in the game long enough and had numerous router upgrades since that are shipped out to customers.

It also slightly cracks me up when I recall some of the 'umm discussions' in the likes of Zen and PN sections of TBB back in about 2003 when certain customers would rant that they 4/8 IPBlocks stating that the shortage of IP addresses was a load of b0ll0cks and it wouldnt happen.. it was simply an excuse used by the ISPs.

------

Just for a bit of fun.... Brownie Point to the first person that can guess when I wrote the following

The majority of today’s internet users use IPv4, which is now [number removed as it gives it away] years old. IPv4 has been remarkably resilient in spite of its age, but it is beginning to have problems. Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet.

Although newer technologies such as CIDR and NAT (see section 7) have provided a temporary solution to the shortage of IP addresses, it is still envisioned that IPv4 addresses will be depleted in the next few years.

../snip/.... one of the biggest changes with IPv6 is the allocation of 32 bit addresses which will allow some 340 trillion, trillion, trillion nodes to be connected to the Internet (IPv4 allows 4 billion nodes to connect to the internet.)

IPv6 can be installed as a normal software upgrade in internet devices and is interoperable with the current IPv4. Its deployment strategy was designed to not have any one particular conversion or “change over day”.

Has anything changed?  Including the privacy concerns over how IPv6 discloses and can easily identify machine information.

[guest]

The SR101 costs Sky around £12-15 per user, possibly a little more on delivery. Lets assume that the SR101 is fully capable of IPv6 firewalling/etc for a second (which it isn't with that build of Busybox)
Sky have 4,870,000 BB users. At £12 per user that is £58.5 million to replace the routers. Knowing Sky that isn't going to happen.

So then, presumably buying 02/Be in order to steal their IPv4 static addresses to add to Sky's dynamic pool, is their version of CGNAT and cost them less than £58.5M (or will do once they've started to push all their other packages at them)?

Its a holding action from Sky - acquires some more customers and puts off the inevitable really. Bear in mind that had Sky ANY plans for IPv6 then they wouldn't have released a "new" router late last year based on a Busybox build with no IPv6 stack.

Oh and CGNAT on mobiles has a lot more to do with censorship/monitoring traffic than anything else. Do bear in mind that mobile companies have had to block "adult" content from under-18s for the best part of a decade. The same mobile devices in Asia run on IPv6, not IPv4 and they are still CGNAT'd.

[guest]

Just for a bit of fun.... Brownie Point to the first person that can guess when I wrote the following

The majority of today’s internet users use IPv4, which is now [number removed as it gives it away] years old. IPv4 has been remarkably resilient in spite of its age, but it is beginning to have problems. Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet.

Although newer technologies such as CIDR and NAT (see section 7) have provided a temporary solution to the shortage of IP addresses, it is still envisioned that IPv4 addresses will be depleted in the next few years.

../snip/.... one of the biggest changes with IPv6 is the allocation of 32 bit addresses which will allow some 340 trillion, trillion, trillion nodes to be connected to the Internet (IPv4 allows 4 billion nodes to connect to the internet.)

IPv6 can be installed as a normal software upgrade in internet devices and is interoperable with the current IPv4. Its deployment strategy was designed to not have any one particular conversion or “change over day”.

Has anything changed?  Including the privacy concerns over how IPv6 discloses and can easily identify machine information.

2005 or thereabouts would be my bet. I did a seminar for Pipex on IPv6/encryption/IPSec in 2003 - they were planning for it then but obviously got sold and that was kicked down the road.

The only ISP in the UK who have genuinely had a long-term plan on this is AAISP. They've been offering IPv6 allocations for more than a decade now and all their network infrastructure has been dual-stack for the same timescale. RevK knows his stuff, just a shame that the packages he offers aren't practical for families with teenage kids.

[guest]

"Do I detect a slight hint of IPv6 snobbery...  because it can be complicated.. hell I cant even get my head around it properly so what chance does the average user have."

Get the snail book - O'Reilly IPv6 Essentials 

[kitz]

>>> 2005 or thereabouts would be my bet.

A wee bit earlier 2001/2002 - would be nearer the mark.

>>> Get the snail book - O'Reilly IPv6 Essentials

I guess thats the problem, atm I really dont want to have to read circa 500 pages to get my head around it.  I must be getting old because my days of bedtime reading being a techie book are now in the past. 
I guess I kinda limped along knowing enough about it to get a 1st in a degree module on TCP/IP and IP addressing for Netwoking.  NAT and CIDR was easier (for me) to understand as I could at least put it to some practical use.  At the time IPv6 seemed quite alien and Ive never felt the need to look further into it since - hell Ive probably forgotten most of the stuff anyhow.

But if colleges and universities have been lecturing since at least 2000 about the shortages of IP addresses fully well knowing that NAT and CIDR was only a stop-gap...  here we are 13yrs later still not much further along the line.  You would have thought that by now there's enough techies gone through uni knowing that something has to be done, yet it hasnt.

Interesting that you mention RevK because you are correct.  Possibly what has happened in the ISP industry over the past 8 yrs or so has had a big impact.   10yrs ago the guy in charge of an ISP at least had knowledge of how things worked.   These days ISPs like Sky and TalkTalk, they dont come from an ISP background..  they are owned by big conglomerates who have swallowed up the ISPs of old and they done give the slightest indication of wanting to be in the forefront of technology and only interesting in grabbing market share. 

I totally agree with you in that the major ISPs should be implementing it. I think I read something last year, -maybe longer ago - about how an influx of request for IPs had come from the likes of India (Pakistan?) and Japan as more devices were being bought from these countries and used in them, yet ironically these same countries were the most loathe to consider IPv6.

Anyhow moving on..  yes the interwebs will have to move on to IPv6 and I really cant see CGNAT being any sort of solution at all.  The fact that last year less than 1% of the internet used IPv6 is quite scary.
I havent looked but maybe you know if IPv6 is more secure than it was back then..  its ability to disclose and identify each machine I recall was a major bug-bear with some..  ie those who see NAT as an added layer of protection - particularly more so now that most home routers use it. 

[guest]

Been a while since I did pen testing but its not rocket science to be able to uniquely identify devices behind NAT. You can normally persuade some s/w on the device to cough up info along those lines.

IPv6 is more logical than IPv4 really. Its generally just a case of getting your head around suffixes and stuff like link-local and site-local.

* rizla remembers dealing with networks prior to CIDR, must be getting old