-----Original Message----- From: Seth Mos [mailto:seth.mos@dds.nl] Sent: 08 September 2011 06:43 To: NANOG Subject: Re: NAT444 or ?
Op 8 sep 2011, om 07:26 heeft Geoff Huston het volgende geschreven:
On 08/09/2011, at 2:41 AM, Leigh Porter wrote:
It may not be what Randy was referring to above, but as part of that
program at APNIC32 I reported on the failure rate I am measuring for Teredo. I'm not sure its all in the slides I was using, but what I was trying to say was that STUN is simply terrible at reliably negotiating a NAT. I was then wondering what pixie dust CGNs were going to use that would have any impact on the ~50% connection failure rate I'm observing in Teredo. And if there is no such thing as pixie dust (damn!) I was then wondering if NATs are effectively unuseable if you want anything fancier than 1:1 TCP connections (like multi-user games, for example). After all, a 50% connection failure rate for STUN is hardly encouraging news for a CGN deployer if your basic objective is not to annoy your customers.
I have a concern about some weird and wonderful VPN solutions that people may be using. I am quite sure that some of them will just not work through NAT444, though I have no evidence of this. People have problems with some VPN solutions with single NAT (especially with no ALGs). NAT444 will just be a mess.
The striking thing I picked up is that NTT considers the CGN equipment a big black hole where money goes into. Because it won't solve their problem now or in the future and it becomes effectively a piece of equipment they need to buy and then scrap "soon" after.
Well if you buy the 'right' solution then you can re-use it elsewhere. Many solutions use multi-purpose processing cards to deliver NAT functionality which can be used for other stuff such as firewalling or some other manor of traffic mangling.
They acknowledge the need, but they'd rather not buy one. That and they (the isp) get called for anything which doesn't work.
Well at least these little problems that pop up keep people in jobs ;-) If everything just worked (tm) there would be nothing to do.. -- Leigh ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________