On 12 June 2015 at 07:14, Tore Anderson <tore@fud.no> wrote:
Hi Baldur,
MAP is *not* NAT; that's what's so neat about it. The users do get a public IPv4 address (or prefix!) routed to their CPE's WAN interface, towards which they can accept inbound unsolicited connections.
True if you are only doing MAP because you do not like pesky IPv4 packets in your backbone (ie. do not like dual stack backbone). But for us that are in the "have to buy IPv4 addresses" boat, the interesting thing about MAP is that it can be used instead of carrier NAT. You will have multiple users sharing the same IP address. Each user has a port range routed to him. While he does get the public IP directly on his CPE, he is restricted from using it freely. He will not be able to run ssh on port 22 or a webserver on port 80/443. In this sense it is carrier NAT implemented on the CPEs. And with it comes some of the evil of carrier NAT. If I ever go down the carrier NAT route I would like a MAP solution. It is clever. The only problem is that I do not know of any equipment that will actually do MAP (besides possible Cisco which is outside my price range). The RFC is not even done yet. Regards, Baldur