Re: V6 still not supported
My apologies for expressing myself poorly. What I meant to say is that this is primarily a problem caused by Sony and the Sonys of the world. Less so a problem inherent to IPv4. A root cause fix would address Sony's hostile behavior. - Jared Jordi Palet wrote: No, isn't only a Sony problem, becomes a problem for every ISP that has customers using Sony PSN and have CGN (NAT444), their IP blocks are black-listed when they are detected as used CGN. This blocking is "forever" (I'm not aware of anyone that has been able to convince PSN to unblock them). Then the ISP will rotate the addresses that are in the CGN (which means some work renumbering other parts of the network). You do this with all your IPv4 blocks, and at some point, you don't have any "not black-listed" block. Then you need to transfer more addresses. So realistically, in many cases, for residential ISPs it makes a lot of sense to analyze if you have a relevant number of customers using PSN and make your numbers about if it makes sense or not to buy CGN vs transfer IPv4 addresses vs the real long term solution, which is IPv6 even if you need to invest in replacing the customer CPEs. Regards, Jordi @jordipalet El 30/3/22, 21:02, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de nanog-isp at mail.com> escribió: Not to necessarily disagree with you, but that is more of a Sony problem than an IPv4 problem. - Jared Jordi Palet wrote: It is not a fixed one-time cost ... because if your users are gamers behind PSP, Sony is blocking IPv4 ranges behind CGN. So, you keep rotating your addresses until all then are blocked, then you need to transfer more IPv4 addresses ... So under this perspective, in many cases it makes more sense to NOT invest in CGN, and use that money to transfer up-front more IPv4 addresses at once, you will get a better price than if you transfer them every few months. Regards, Jordi @jordipalet El 30/3/22, 18:38, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de nanog-isp at mail.com> escribió: Randy Carpenter wrote: > >> >> Owen DeLong via NANOG wrote: > >> >> When your ISP starts charging $X/Month for legacy protocol support > >> > > >> > Out of interest, how would this come about? > >> > >> ISPs are facing ever growing costs to continue providing IPv4 services. > > Could you please be more specific about which costs you are referring to? > > > > It's not like IP transit providers care if they deliver IPv4 or IPv6 bits to > > you. > > Have you priced blocks of IPv4 addresses lately? IPv4 address blocks have a fixed one-time cost, not an ongoing $X/month cost. - Jared
My guess is that fixing that means fixing tons of games/apps. They are somehow presuming that every user of the game has a different IP. Note that we are talking only about PSN because it is probably the most affected one, but I heard about other services with similar problems and similar blockings. I'm convinced that it will be cheaper and much easier to port to IPv6 those games/apps and at the same time be a long-term solution. Regards, Jordi @jordipalet El 4/4/22, 14:03, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de nanog-isp@mail.com> escribió: My apologies for expressing myself poorly. What I meant to say is that this is primarily a problem caused by Sony and the Sonys of the world. Less so a problem inherent to IPv4. A root cause fix would address Sony's hostile behavior. - Jared Jordi Palet wrote: No, isn't only a Sony problem, becomes a problem for every ISP that has customers using Sony PSN and have CGN (NAT444), their IP blocks are black-listed when they are detected as used CGN. This blocking is "forever" (I'm not aware of anyone that has been able to convince PSN to unblock them). Then the ISP will rotate the addresses that are in the CGN (which means some work renumbering other parts of the network). You do this with all your IPv4 blocks, and at some point, you don't have any "not black-listed" block. Then you need to transfer more addresses. So realistically, in many cases, for residential ISPs it makes a lot of sense to analyze if you have a relevant number of customers using PSN and make your numbers about if it makes sense or not to buy CGN vs transfer IPv4 addresses vs the real long term solution, which is IPv6 even if you need to invest in replacing the customer CPEs. Regards, Jordi @jordipalet El 30/3/22, 21:02, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de nanog-isp at mail.com> escribió: Not to necessarily disagree with you, but that is more of a Sony problem than an IPv4 problem. - Jared Jordi Palet wrote: It is not a fixed one-time cost ... because if your users are gamers behind PSP, Sony is blocking IPv4 ranges behind CGN. So, you keep rotating your addresses until all then are blocked, then you need to transfer more IPv4 addresses ... So under this perspective, in many cases it makes more sense to NOT invest in CGN, and use that money to transfer up-front more IPv4 addresses at once, you will get a better price than if you transfer them every few months. Regards, Jordi @jordipalet El 30/3/22, 18:38, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de nanog-isp at mail.com> escribió: Randy Carpenter wrote: > >> >> Owen DeLong via NANOG wrote: > >> >> When your ISP starts charging $X/Month for legacy protocol support > >> > > >> > Out of interest, how would this come about? > >> > >> ISPs are facing ever growing costs to continue providing IPv4 services. > > Could you please be more specific about which costs you are referring to? > > > > It's not like IP transit providers care if they deliver IPv4 or IPv6 bits to > > you. > > Have you priced blocks of IPv4 addresses lately? IPv4 address blocks have a fixed one-time cost, not an ongoing $X/month cost. - Jared ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
There are other problematic examples out there for CGN as well… For example, Philips Hue assumes that if you are presenting the same public IP to the internet, you must be in the same household. Yes, this means that an opportunistic neighbor behind the same CGNAT address as you can gain control of your lighting products if you are not careful and they time their attack right. Owen
On Apr 4, 2022, at 06:03 , JORDI PALET MARTINEZ via NANOG <nanog@nanog.org> wrote:
My guess is that fixing that means fixing tons of games/apps. They are somehow presuming that every user of the game has a different IP.
Note that we are talking only about PSN because it is probably the most affected one, but I heard about other services with similar problems and similar blockings.
I'm convinced that it will be cheaper and much easier to port to IPv6 those games/apps and at the same time be a long-term solution.
Regards, Jordi @jordipalet
El 4/4/22, 14:03, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de nanog-isp@mail.com> escribió:
My apologies for expressing myself poorly.
What I meant to say is that this is primarily a problem caused by Sony and the Sonys of the world. Less so a problem inherent to IPv4. A root cause fix would address Sony's hostile behavior.
- Jared
Jordi Palet wrote:
No, isn't only a Sony problem, becomes a problem for every ISP that has customers using Sony PSN and have CGN (NAT444), their IP blocks are black-listed when they are detected as used CGN. This blocking is "forever" (I'm not aware of anyone that has been able to convince PSN to unblock them). Then the ISP will rotate the addresses that are in the CGN (which means some work renumbering other parts of the network).
You do this with all your IPv4 blocks, and at some point, you don't have any "not black-listed" block. Then you need to transfer more addresses.
So realistically, in many cases, for residential ISPs it makes a lot of sense to analyze if you have a relevant number of customers using PSN and make your numbers about if it makes sense or not to buy CGN vs transfer IPv4 addresses vs the real long term solution, which is IPv6 even if you need to invest in replacing the customer CPEs.
Regards, Jordi @jordipalet
El 30/3/22, 21:02, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de nanog-isp at mail.com> escribió:
Not to necessarily disagree with you, but that is more of a Sony problem than an IPv4 problem.
- Jared
Jordi Palet wrote:
It is not a fixed one-time cost ... because if your users are gamers behind PSP, Sony is blocking IPv4 ranges behind CGN. So, you keep rotating your addresses until all then are blocked, then you need to transfer more IPv4 addresses ...
So under this perspective, in many cases it makes more sense to NOT invest in CGN, and use that money to transfer up-front more IPv4 addresses at once, you will get a better price than if you transfer them every few months.
Regards, Jordi @jordipalet
El 30/3/22, 18:38, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de nanog-isp at mail.com> escribió:
Randy Carpenter wrote:
Owen DeLong via NANOG wrote: When your ISP starts charging $X/Month for legacy protocol support
Out of interest, how would this come about?
ISPs are facing ever growing costs to continue providing IPv4 services. Could you please be more specific about which costs you are referring to?
It's not like IP transit providers care if they deliver IPv4 or IPv6 bits to you.
Have you priced blocks of IPv4 addresses lately? IPv4 address blocks have a fixed one-time cost, not an ongoing $X/month cost.
- Jared
********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
I think you’re jumping to conclusions that Sony is doing this purely from the darkness in their hearts. The same thing could be said about Netflix and Hulu blocking traffic from addresses that appear as proxies/VPNs. Like it or not we had many years where the primary expectation of the Internet was that you could map a single ISP customer back to an IP address and MANY services still cling to this belief. https://news.slashdot.org/story/21/05/22/0151220/6th-grader-expelled-after-z... This is why we have situations like this where even law enforcement agencies can’t seem to wrap their heads around multiple customers all sharing the same IP address. You have to remember that a majority of people do not see all this behind the scenes stuff so as far as they are concerned the Internet will continue working as it always has and any deviation in that is a problem with the ISP when all of their friends can connect fine except for them.
On Apr 4, 2022, at 8:00 AM, Jared Brown <nanog-isp@mail.com> wrote:
A root cause fix would address Sony's hostile behavior.
Related to the LEA agencies and CGN: https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same... Regards, Jordi @jordipalet El 4/4/22, 16:12, "NANOG en nombre de Francis Booth via NANOG" <nanog-bounces+jordi.palet=consulintel.es@nanog.org en nombre de nanog@nanog.org> escribió: I think you’re jumping to conclusions that Sony is doing this purely from the darkness in their hearts. The same thing could be said about Netflix and Hulu blocking traffic from addresses that appear as proxies/VPNs. Like it or not we had many years where the primary expectation of the Internet was that you could map a single ISP customer back to an IP address and MANY services still cling to this belief. https://news.slashdot.org/story/21/05/22/0151220/6th-grader-expelled-after-z... This is why we have situations like this where even law enforcement agencies can’t seem to wrap their heads around multiple customers all sharing the same IP address. You have to remember that a majority of people do not see all this behind the scenes stuff so as far as they are concerned the Internet will continue working as it always has and any deviation in that is a problem with the ISP when all of their friends can connect fine except for them. > On > Apr 4, 2022, at 8:00 AM, Jared Brown <nanog-isp@mail.com> wrote: > > A root cause fix would address Sony's hostile behavior. ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
On Mon, Apr 04, 2022 at 04:24:49PM +0200, JORDI PALET MARTINEZ via NANOG wrote:
Related to the LEA agencies and CGN:
https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same...
And how is this really horribly different than all the Napster crap where the "owner" of an ISP account got blamed for the activities of a family member or guest? Maybe the LEA agencies need some better clue. I'm fine with them advocating for IPv6, but I have a suspicion that IPv6 is just another can of worms, because when you have "an IPv4 internets worth of internets" (64 bits) available as the host portion of an IPv6 address, and stuff like RFC 4941, they're going to continue to mistarget the account owner even in the absence of CG-NAT. Finding a law enforcement compatible method of who generated traffic currently ends up being an exercise in keeping detailed logs. Which could be done with CG-NAT. Which makes the referenced article an example of a failure to understand the true (and horrifying) nature of the problem of traffic attribution. Doesn't even begin to touch on pwnage issues. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
It appears that JORDI PALET MARTINEZ via NANOG <jordi.palet@consulintel.es> said:
Related to the LEA agencies and CGN:
https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same...
Before we freak out too much, you might note that this page is dated 17 Oct 2017. I'm pretty sure that CGNs didn't disappear four years ago. R's, John
On Apr 4, 2022, at 11:56 , John Levine <johnl@iecc.com> wrote:
It appears that JORDI PALET MARTINEZ via NANOG <jordi.palet@consulintel.es> said:
Related to the LEA agencies and CGN:
https://www.europol.europa.eu/media-press/newsroom/news/are-you-sharing-same...
Before we freak out too much, you might note that this page is dated 17 Oct 2017.
I'm pretty sure that CGNs didn't disappear four years ago.
Yeah, the would be very wishful thinking. It would be nice if they did, but I doubt they are going anywhere any time soon, unfortunately. Owen
Francis Booth wrote:
I think you’re jumping to conclusions that Sony is doing this purely from the darkness in their hearts. I confess to being momentously surprised if this wasn't the driving reason :)
The same thing could be said about Netflix and Hulu blocking traffic from addresses that appear as proxies/VPNs. This is not quite the same. Netflix and Hulu have contractual reasons for not allowing out of market access, as they do not have distribution rights to content in all markets. Then there is also the question of password sharing, which is a legitimate reason to restrict access.
IIRC Netflix will still let you watch Netflix originals even if they think you are using a proxy or VPN. They will even occasionally fix misdesignated IP space.
Like it or not we had many years where the primary expectation of the Internet was that you could map a single ISP customer back to an IP address and MANY services still cling to this belief. Even the courts are coming around to the fact that an IP address does not equal a person. When even ultraprogressive instances like these are starting to get it, maybe it's time for all the other neanderthals to get with the times?
- Jared
. Less so a problem inherent to IPv4. A root cause fix would address Sony's hostile behavior.
Disagree, to a point. The problem isn't technically with IPv4 itself, but with the lack of availability of V4 addresses. This tends to force things like CGNAT, which then compounds the problem when companies rely too heavily on 'reputation' services that put a scarlet letter on entire subnets, sometimes forcing providers to spent money to buy a new range on the open market that hopefully isn't 'tainted', and tossing the old subnet back out to make it someone else's problem. IPv6 itself doesn't solve that ; these reputation providers could still mark /64s as 'bad', but it wouldn't impact entire ISPs worth of users when they did. ( Of course, the better solution is really on the service end to have a better system to associate bad activity to specific users, or other methods that aren't reliant on reputation services , but that won't happen unless they start seeing revenue loss from people who want to pay them for a service but can't because of too much reputation blocking, and I think that's a long way away, if it ever gets there.) On Mon, Apr 4, 2022 at 8:02 AM Jared Brown <nanog-isp@mail.com> wrote:
My apologies for expressing myself poorly.
What I meant to say is that this is primarily a problem caused by Sony and the Sonys of the world. Less so a problem inherent to IPv4. A root cause fix would address Sony's hostile behavior.
- Jared
Jordi Palet wrote:
No, isn't only a Sony problem, becomes a problem for every ISP that has customers using Sony PSN and have CGN (NAT444), their IP blocks are black-listed when they are detected as used CGN. This blocking is "forever" (I'm not aware of anyone that has been able to convince PSN to unblock them). Then the ISP will rotate the addresses that are in the CGN (which means some work renumbering other parts of the network).
You do this with all your IPv4 blocks, and at some point, you don't have any "not black-listed" block. Then you need to transfer more addresses.
So realistically, in many cases, for residential ISPs it makes a lot of sense to analyze if you have a relevant number of customers using PSN and make your numbers about if it makes sense or not to buy CGN vs transfer IPv4 addresses vs the real long term solution, which is IPv6 even if you need to invest in replacing the customer CPEs.
Regards, Jordi @jordipalet
El 30/3/22, 21:02, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de nanog-isp at mail.com> escribió:
Not to necessarily disagree with you, but that is more of a Sony problem than an IPv4 problem.
- Jared
Jordi Palet wrote:
It is not a fixed one-time cost ... because if your users are gamers behind PSP, Sony is blocking IPv4 ranges behind CGN. So, you keep rotating your addresses until all then are blocked, then you need to transfer more IPv4 addresses ...
So under this perspective, in many cases it makes more sense to NOT invest in CGN, and use that money to transfer up-front more IPv4 addresses at once, you will get a better price than if you transfer them every few months.
Regards, Jordi @jordipalet
El 30/3/22, 18:38, "NANOG en nombre de Jared Brown" <nanog-bounces+jordi.palet=consulintel.es at nanog.org en nombre de nanog-isp at mail.com> escribió:
Randy Carpenter wrote: > >> >> Owen DeLong via NANOG wrote: > >> >> When your ISP starts charging $X/Month for legacy protocol support > >> > > >> > Out of interest, how would this come about? > >> > >> ISPs are facing ever growing costs to continue providing IPv4 services. > > Could you please be more specific about which costs you are referring to? > > > > It's not like IP transit providers care if they deliver IPv4 or IPv6 bits to > > you. > > Have you priced blocks of IPv4 addresses lately? IPv4 address blocks have a fixed one-time cost, not an ongoing $X/month cost.
- Jared
On 4/4/22 8:00 AM, Tom Beecher wrote:
( Of course, the better solution is really on the service end to have a better system to associate bad activity to specific users, or other methods that aren't reliant on reputation services , but that won't happen unless they start seeing revenue loss from people who want to pay them for a service but can't because of too much reputation blocking, and I think that's a long way away, if it ever gets there.)
This is the actual solution. It was always a terrible hack to rely on IP addresses as an identifier and that's especially true for gaming consoles where they can use some pre-built identifier burned into the box. With browser fingerprinting it would be silly to incorporate IP addresses into the mix as DHCP from providers changes up the IP address reducing its fidelity. This is clearly a Sony et al problem. Providers should point the finger at them to make them fix it. Mike, not that I think cgnat isn't a gross hack
JORDI PALET MARTINEZ via NANOG wrote:
If I'm a gamer, and one of my possible ISPs is using CGN, and from time to time stops working, and another ISP is providing me a public and/or static IPv4 address, always working, and there is not too much price difference, what I will do?
Changing providers only works in a competitive market, but even there a little bit of market segmentation isn't necessarily a bad thing. The main thing is that ISPs should not be so accommodating to these malfeasants, who via their practices make a bad situation worse. Sony et al. are externalizing costs and that shouldn't be accepted. - Jared
Jared Brown wrote:
JORDI PALET MARTINEZ via NANOG wrote:
If I'm a gamer, and one of my possible ISPs is using CGN, and from time to time stops working, and another ISP is providing me a public and/or static IPv4 address, always working, and there is not too much price difference, what I will do? Changing providers only works in a competitive market, but even there a little bit of market segmentation isn't necessarily a bad thing.
The main thing is that ISPs should not be so accommodating to these malfeasants, who via their practices make a bad situation worse. Sony et al. are externalizing costs and that shouldn't be accepted.
- Jared
Like most things of this nature, there is a tipping point. Where exactly it is, either individually or communally, and whether it is ever reached is typically only viewable via hindsight. Service providers tend to be on the "make it work" side of things, whether due to historical reasons or their users expectations or the nature of any technology centered business. Usually its more efficient and even cost effective to just fix it if you can. And yes, that is a self-reinforcing cycle. But everything has its limits. Increasing NAT, IPv4 re-use, IPv6 is likely to push the point away from Network-Address-as-Customer-Identity from being the service provider's responsibility. Joe
Worse yet, this ship sailed anyway even farther with a ton of devices using private/dynamic MAC addresses ... FWIW, large-ish ISP here, originally an ipv4-only shop. A few years back we overhauled everything and naively tried to go all ipv6, since we owned the data/voice terminals and set top boxes. Didn´t quite work out that way, and wound up spending gobs of money on CGNAT ... but our most demanding customers really appreciate the reduction in latency they get when using ipv6 and skipping that extra processing layer. As usual, YMMV... jlr On Tue, Apr 5, 2022 at 8:35 AM Joe Maimon <jmaimon@jmaimon.com> wrote: (snip)
Increasing NAT, IPv4 re-use, IPv6 is likely to push the point away from Network-Address-as-Customer-Identity from being the service provider's responsibility.
Joe
participants (10)
-
Francis Booth -
Jared Brown -
Joe Greco -
Joe Maimon -
John Levine -
JORDI PALET MARTINEZ -
Jose Luis Rodriguez -
Michael Thomas -
Owen DeLong -
Tom Beecher