Re: Large ISPs doing NAT?

[Steven J. Sobol]

On Fri, 3 May 2002, Avleen Vig wrote:

> Ha! I've been in Burbank (in the Valley north of LA) for 7 months now, I
> moved here from London. I've looked and looked and looked for *ANYTHING*
> other than the odd gas station or supermarket open passed 9pm!

??

Plenty of gas stations around here open after 9, some all night long.
Same with groceries. Drugstores close pretty early though.

> Coming from a place where restaurants are regularly open until 3am, even
> far into the suburbs, this is a serious culture shock :-/
> 
> 

-- 
Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek)
JustThe.net LLC, Mentor On The Lake, OH  888.480.4NET   http://JustThe.net
"The Indians are unfolding into the 2002 season like a lethal lawn chair."
  (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)

Re: Large ISPs doing NAT?

[Steven J. Sobol]

On Fri, 3 May 2002, michael thomas guldan wrote:

> > > 
> > > It's prevalent elsewhere. I'd be surprised if there aren't more GSM 
> > > subscribers in the world than non-GSM subscribers.
> > 
> > GSM is *the* standard in Europe. Australia, Korea, Japan and a couple
> > other Pacific-Rim countries are primarily CDMA. South America is primarily 
> > TDMA. Most of the rest of the world is GSM, if I'm not mistaken.
> >
> 
> correct on all counts but japan..  no gsm in japan as of nov 2001 :-(

Read again, I said Japan is CDMA.
Although I think I was corrected on that.
 
> 3GSM is avalible tho... 
> 
> http://www.gsmworld.com/roaming/gsminfo/cou_jp.shtml
> 
> michael
> 
> 

-- 
Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek)
JustThe.net LLC, Mentor On The Lake, OH  888.480.4NET   http://JustThe.net
"The Indians are unfolding into the 2002 season like a lethal lawn chair."
  (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)

Re: Large ISPs doing NAT?

[michael thomas guldan]

On Thu, May 02, 2002 at 08:27:51PM -0400, Steven J. Sobol wrote:
> 
> > 
> > It's prevalent elsewhere. I'd be surprised if there aren't more GSM 
> > subscribers in the world than non-GSM subscribers.
> 
> GSM is *the* standard in Europe. Australia, Korea, Japan and a couple
> other Pacific-Rim countries are primarily CDMA. South America is primarily 
> TDMA. Most of the rest of the world is GSM, if I'm not mistaken.
>

correct on all counts but japan..  no gsm in japan as of nov 2001 :-(

3GSM is avalible tho... 

http://www.gsmworld.com/roaming/gsminfo/cou_jp.shtml

michael

-- 
e: [EMAIL PROTECTED]  c: +1.614.260.6716  u: www.ele-mental.org

 Wir fahr'n fahr'n fahr'n auf der Autobahn

Re: Large ISPs doing NAT?

[Avleen Vig]

On Fri, 3 May 2002, Scott Francis wrote:

> that is an excellent idea. I know one thing I would LOVE to have is a search
> engine that can answer my question, "Where can I find a coffee house
> {optionally: with 802.11b} open after midnight during the week in Los
> Angeles {optionally: the Valley}?"
>
> No good answers so far ... at least, none that involve driving less than 30
> minutes. :)

Ha! I've been in Burbank (in the Valley north of LA) for 7 months now, I
moved here from London. I've looked and looked and looked for *ANYTHING*
other than the odd gas station or supermarket open passed 9pm!

Coming from a place where restaurants are regularly open until 3am, even
far into the suburbs, this is a serious culture shock :-/

Re: Large ISPs doing NAT?

[Scott Francis]

On Fri, May 03, 2002 at 08:29:32AM -0400, [EMAIL PROTECTED] said:
> On Fri, 03 May 2002 00:12:34 PDT, Scott Francis said:
> 
> > Your phone can surf porn? Maybe the technology revolution has finally arriv=
> > ed
> > after all ...
> 
> No, it's still in the "dancing bear" stage.  There's the question of whether
> it's worth doing on that class display device
> 
> On the other hand, if somebody's looking for a *business* opportunity, I
> could see a *big* market for "Where do I find?" databases for GPS-capable
> phones - I think somebody already did a "public restrooms in Manhattan",
> and I know I've been in strange cities, known there was a specific restraunt
> or store somewhere within 10 blocks, and been willing to pay for a reliable
> hint for the parking garage nearest...

that is an excellent idea. I know one thing I would LOVE to have is a search
engine that can answer my question, "Where can I find a coffee house
{optionally: with 802.11b} open after midnight during the week in Los
Angeles {optionally: the Valley}?"

No good answers so far ... at least, none that involve driving less than 30
minutes. :)

-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg01444/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Valdis . Kletnieks]

On Fri, 03 May 2002 00:12:34 PDT, Scott Francis said:

> Your phone can surf porn? Maybe the technology revolution has finally arriv=
> ed
> after all ...

No, it's still in the "dancing bear" stage.  There's the question of whether
it's worth doing on that class display device

On the other hand, if somebody's looking for a *business* opportunity, I
could see a *big* market for "Where do I find?" databases for GPS-capable
phones - I think somebody already did a "public restrooms in Manhattan",
and I know I've been in strange cities, known there was a specific restraunt
or store somewhere within 10 blocks, and been willing to pay for a reliable
hint for the parking garage nearest...

-- 
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech




msg01437/pgp0.pgp
Description: PGP signature

RE: Large ISPs doing NAT?

[Daniska Tomas]

do you think fufme (http://www.fu-fme.com/) would work well over nat? :

--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.



> -Original Message-
> From: Scott Francis [mailto:[EMAIL PROTECTED]] 
> Sent: 3. mája 2002 9:13
> To: Dan Hollis
> Cc: [EMAIL PROTECTED]
> Subject: Re: Large ISPs doing NAT?
> 
> 
> On Thu, May 02, 2002 at 04:56:40PM -0700, [EMAIL PROTECTED] 
> said: [snip]
> > > I'm not buying a phone I can't run ssh from. End of story. My 
> > > current phone
> > > does all that and more. Why step back into the dark ages 
> of analog-type 
> > > services?
> > 
> > The average customer doesn't even know what telnet is, let 
> alone ssh. 
> > All they care about is browsing pr0n.
> 
> Your phone can surf porn? Maybe the technology revolution has 
> finally arrived after all ...
> 
> > -Dan
> > --
> > [-] Omae no subete no kichi wa ore no mono da. [-]
> 
> -- 
> Scott Francis   darkuncle@ [home:] d a r k u 
> n c l e . n e t
> Systems/Network Manager  sfrancis@ [work:] t 
> o n o s . c o m
> GPG public key 0xCB33CCA7  illum oportet crescere 
> me autem minui
> 

Re: Large ISPs doing NAT?

[Scott Francis]

On Thu, May 02, 2002 at 04:56:40PM -0700, [EMAIL PROTECTED] said:
[snip]
> > I'm not buying a phone I can't run ssh from. End of story. My current phone 
> > does all that and more. Why step back into the dark ages of analog-type 
> > services?
> 
> The average customer doesn't even know what telnet is, let alone ssh.
> All they care about is browsing pr0n.

Your phone can surf porn? Maybe the technology revolution has finally arrived
after all ...

> -Dan
> -- 
> [-] Omae no subete no kichi wa ore no mono da. [-]

-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg01434/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Scott Francis]

On Thu, May 02, 2002 at 04:44:28PM -0700, [EMAIL PROTECTED] said:
> At 01:20 AM 5/2/2002 -0700, Scott Francis wrote:
> 
> >The average customer buying a "web-enabled" phone doesn't need a
> >publicly-routeable IP. I challenge anybody to demonstrate why a cell phone
> >needs a public IP. It's a PHONE, not a server.
> 
> I'm not buying a phone I can't run ssh from. End of story. My current phone 
> does all that and more. Why step back into the dark ages of analog-type 
> services?

*grin* Mine runs ssh too. :) I just wish I had time/talent enough to hack it
to do key-based auth and ssh v2. Note my use of the phrase 'average customer'
though. Readers of this list probably do not qualify as such.

> Best Regards,
> 
> Simon

-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg01433/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Scott Francis]

On Thu, May 02, 2002 at 05:09:15PM -0700, [EMAIL PROTECTED] said:
[snip]
> Mobile-IP devices are all about bringing the Internet to your pocket. That
> doesn't mean just the web! The web is UI optimized for a desktop machine.
> Who knows what specific applications might be developed for a user
> accessing the Internet from a device the size of a bar of soap? What if I
> want to write CUSeeMe for mobile phones? Or a scavanger hunt game?
> Something that takes advantage of the mobility rarely found by a desktop
> user?
> 
> It is these _form factor specific_ applications that will drive the sales
> of devices that utilize this new network. Surfing the web is just the tip
> of the iceberg that everyone already understands. If that's the only
> application enabled by GPRS, then I don't forsee GPRS phones selling in
> leaps and bounds. It seems like providers would be spending a whole lot of
> money to upgrade their network for just one new application that only a few
> customers are asking for.

Good points here. I think sometimes we miss the future direction and
possibilities that technology may take in our focus on making things work in
the present.

> The presumption of the first several responders was that it was to conserve
> addresses, which they pointed out is not actually necessary. I'm hoping
> that was the case, and that maybe the choice of NAT can be revisited...

As I wrote to another poster, it's possible that I may have been too quick to
jump on the conservation bandwagon. I was directed to
http://www.caida.org/outreach/resources/learn/ipv4space/ which, although
possibly dated, shows that plenty of space is available. Whether or not this
is easily assigned/accessible space is something else. I think merely
reclaiming some of the legacy A blocks assigned years ago that are being used
sparsely, if at all, would eliminate any lingering doubts about space, at
least for the time being. The chances of companies giving up their unused
blocks, or trading for smaller ones, is probably pretty slim though.

> -pmb

-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg01432/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Steven J. Sobol]

On Thu, 2 May 2002, Jake Khuon wrote:
 
> Time to start thinking a little further down the line.  What if the phone
> actually becomes an wireless IP gateway router?

Yuck. Current WAP-based phones can't even do websites well.
I've not been privy to 3G tests, so I don't know if GPRS/CDMA 1x does 
better. 

Of course, some of that is phone-specific. My Verizon Wireless Qualcomm
860's web browser always responded much more quickly than my current VZW
Nokia 3285's, and both phones feature microbrowsers authored by the same
company (Phone.com/Openwave). 

-- 
Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek)
JustThe.net LLC, Mentor On The Lake, OH  888.480.4NET   http://JustThe.net
"The Indians are unfolding into the 2002 season like a lethal lawn chair."
  (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)

Re: Large ISPs doing NAT?

[Steven J. Sobol]

On Thu, 2 May 2002, Joe Abley wrote:
 
> The concern exists regardless of the specifics of the always-on, 
> cellular packet radio protocols being used, surely?

You're right, of course. I was focusing on the wrong thing when I replied.
 
> > [GSM coverage is patchy in the US]
> 
> It's prevalent elsewhere. I'd be surprised if there aren't more GSM 
> subscribers in the world than non-GSM subscribers.

GSM is *the* standard in Europe. Australia, Korea, Japan and a couple
other Pacific-Rim countries are primarily CDMA. South America is primarily 
TDMA. Most of the rest of the world is GSM, if I'm not mistaken.

-- 
Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek)
JustThe.net LLC, Mentor On The Lake, OH  888.480.4NET   http://JustThe.net
"The Indians are unfolding into the 2002 season like a lethal lawn chair."
  (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)

Re: Large ISPs doing NAT?

[Peter Bierman]

At 11:34 AM -0700 5/2/02, Scott Francis wrote:
>> And what if I want to invent the next big thing? A game, that people play
>> in real time, with their palm-sized gizmo. What if that game can't be made
>> scalable unless those devices have real IPs? What if that game is the
>> catalyst that causes a million more customers to go buy a gizmo from
>> Cingular?
>
>That's a lot of "if"s. As one other person wrote, IPv6 will probably be the
>answer here - the only question is, how long it will be before it becomes de
>facto (i.e. all standard networks support and transit it, by default), and
>how much pain we will have to endure before this is the case.

Well, I'm looking at it from Cingular's perspective. They want to roll out
a new service. They want to make more money off it than from the old
service. They're willing to invest a bunch of money in new equipment if it
means they'll get enough people to sign up to pay for it. This service is
called GPRS.

If IPv6 is the answer, and it isn't available until the _next_ itteration
of this process, then _this_ itteration isn't going to be as profitable as
it could be. Cingular isn't going to redesign their backend a year from now
just because IPv6 is suddenly usable.

Mobile-IP devices are all about bringing the Internet to your pocket. That
doesn't mean just the web! The web is UI optimized for a desktop machine.
Who knows what specific applications might be developed for a user
accessing the Internet from a device the size of a bar of soap? What if I
want to write CUSeeMe for mobile phones? Or a scavanger hunt game?
Something that takes advantage of the mobility rarely found by a desktop
user?

It is these _form factor specific_ applications that will drive the sales
of devices that utilize this new network. Surfing the web is just the tip
of the iceberg that everyone already understands. If that's the only
application enabled by GPRS, then I don't forsee GPRS phones selling in
leaps and bounds. It seems like providers would be spending a whole lot of
money to upgrade their network for just one new application that only a few
customers are asking for.


>> I have yet to see any good argument for why mobile-IP providers should use
>> NAT instead of routable space. And no, "because they might get rooted" is
>> not a good reason. That's the responsibility of the device designers, NOT
>> THE NETWORK.
>
>And I still have yet to hear a convincing argument for why _right now_, NAT
>is not, at the least, a workable solution to this issue. It can surely hold
>us for a year or three until IPv6 has become the standard. (that timeframe
>may be a bit optimistic ...) Given current devices and technology, why is NAT
>not a temporary solution?

A temporary solution to what problem?

Assuming the network can distribute NATed addresses, why can't it
distribute real ones?

Maybe I'm missing something. John Beckmeyer didn't say why they were
looking into using NAT, he only asked if anyone else was using it on this
scale.

The presumption of the first several responders was that it was to conserve
addresses, which they pointed out is not actually necessary. I'm hoping
that was the case, and that maybe the choice of NAT can be revisited...

-pmb

Re: Large ISPs doing NAT?

[Dan Hollis]

On Thu, 2 May 2002, Simon Higgs wrote:
> At 01:20 AM 5/2/2002 -0700, Scott Francis wrote:
> >The average customer buying a "web-enabled" phone doesn't need a
> >publicly-routeable IP. I challenge anybody to demonstrate why a cell phone
> >needs a public IP. It's a PHONE, not a server.
> I'm not buying a phone I can't run ssh from. End of story. My current phone 
> does all that and more. Why step back into the dark ages of analog-type 
> services?

The average customer doesn't even know what telnet is, let alone ssh.
All they care about is browsing pr0n.

-Dan
-- 
[-] Omae no subete no kichi wa ore no mono da. [-]

RE: Large ISPs doing NAT?

[Mansey, Jon]

Why do you need a public IP to do ssh?

jm

> -Original Message-
> From: Simon Higgs [mailto:[EMAIL PROTECTED]] 
> Sent: Thursday, May 02, 2002 4:44 PM
> To: Scott Francis
> Cc: Peter Bierman; [EMAIL PROTECTED]
> Subject: Re: Large ISPs doing NAT?
> 
> 
> 
> At 01:20 AM 5/2/2002 -0700, Scott Francis wrote:
> 
> >The average customer buying a "web-enabled" phone doesn't need a 
> >publicly-routeable IP. I challenge anybody to demonstrate why a cell 
> >phone needs a public IP. It's a PHONE, not a server.
> 
> I'm not buying a phone I can't run ssh from. End of story. My 
> current phone 
> does all that and more. Why step back into the dark ages of 
> analog-type 
> services?
> 
> 
> 
> Best Regards,
> 
> Simon
> 
> --
> ###
> 

Re: Large ISPs doing NAT?

[Simon Higgs]

At 01:20 AM 5/2/2002 -0700, Scott Francis wrote:

>The average customer buying a "web-enabled" phone doesn't need a
>publicly-routeable IP. I challenge anybody to demonstrate why a cell phone
>needs a public IP. It's a PHONE, not a server.

I'm not buying a phone I can't run ssh from. End of story. My current phone 
does all that and more. Why step back into the dark ages of analog-type 
services?



Best Regards,

Simon

--
###

Re: Large ISPs doing NAT?

[John Kristoff]

On Wed, 1 May 2002 11:00:01 -0400 (EDT)
mike harrison <[EMAIL PROTECTED]> wrote:

> Almost? I'd say it's hands down an EXCELLENT reason. In some configs
> though, the NAT'd people can still see each other and cause problems, 
> but it still cuts down the exposure. 

As well as perpetuates the neglect for fixing the real problem.

John

Re: Large ISPs doing NAT?

[Scott Francis]

On Thu, May 02, 2002 at 02:22:40AM -0700, [EMAIL PROTECTED] said:
[snip]
> >> You've got to be kidding. Do you think it's clear to the average consumer
> >> buying a GPRS phone what NAT is, and why they might or might not want it?
> >
> >The average customer buying a "web-enabled" phone doesn't need a
> >publicly-routeable IP. I challenge anybody to demonstrate why a cell phone
> >needs a public IP. It's a PHONE, not a server.
> 
> And what if I want to invent the next big thing? A game, that people play
> in real time, with their palm-sized gizmo. What if that game can't be made
> scalable unless those devices have real IPs? What if that game is the
> catalyst that causes a million more customers to go buy a gizmo from
> Cingular?

That's a lot of "if"s. As one other person wrote, IPv6 will probably be the
answer here - the only question is, how long it will be before it becomes de
facto (i.e. all standard networks support and transit it, by default), and
how much pain we will have to endure before this is the case.

> If providers assume that GPRS devices are all just "web-enabled phones",
> then that's all they will _ever_ be, and no one will care, and no one will
> buy them. If all I want is a PHONE, not a server, I can buy that today (and
> Cingular doesn't have to spend millions to deply a whole new backend.)

*nod* I'm as much a fan of new gizmos and new features as anybody (heck, my
cell phone does ssh! (it's a VisorPhone running TGssh)), but I think until we
get an infrastructure that can scale to support assigning a routeable IP to
even the _current_ number of cell phones, we need a stopgap measure in the
meantime. NAT is a good contender for that measure. IPv6 is, IMHO, the
ultimate solution, but I'm not sure we're there yet.

> IMHO, the attitude of "we already know what services you want" is at odds
> with the intent of the Internet, and exactly the BS that Telcos have been
> feeding customers for years.

I apologize if that was the attitude that I conveyed; it is most assuredly
_not_ the attitude I hold. I merely meant to convey that a workable solution
now is better than the perfect solution 5 years from now. No reason why we
can't have both, though.

> I have yet to see any good argument for why mobile-IP providers should use
> NAT instead of routable space. And no, "because they might get rooted" is
> not a good reason. That's the responsibility of the device designers, NOT
> THE NETWORK.

And I still have yet to hear a convincing argument for why _right now_, NAT
is not, at the least, a workable solution to this issue. It can surely hold
us for a year or three until IPv6 has become the standard. (that timeframe
may be a bit optimistic ...) Given current devices and technology, why is NAT
not a temporary solution?

> -pmb

-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg01416/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Valdis . Kletnieks]

On Thu, 02 May 2002 01:50:50 PDT, Jake Khuon <[EMAIL PROTECTED]>  said:

> God forbid!  We might have a network on our hands!

That's called "wearable computing".  And it goes in your pocket so your
hands are free, ;)



msg01377/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Jake Khuon]

### On Thu, 2 May 2002 11:15:00 +0200, "Daniska Tomas" <[EMAIL PROTECTED]>
### casually decided to expound upon <[EMAIL PROTECTED]> the following
### thoughts about "RE: Large ISPs doing NAT? ":

DT> you will end up with exactly two exactly specified services... not that
DT> bad, is it?

Nope... and that was my point.  I was simply trying to address a statement
that might pidgeonhole the role of a 3G/GPRS device.  I think we all should
know better than to assume something will never happen.


--
/*===[ Jake Khuon <[EMAIL PROTECTED]> ]==+
 | Packet Plumber, Network Engineers /| / [~ [~ |) | | --- |
 | for Effective Bandwidth Utilisation  / |/  [_ [_ |) |_| N E T W O R K S |
 +=*/

RE: Large ISPs doing NAT?

[Peter Bierman]

At 11:15 AM +0200 5/2/02, Daniska Tomas wrote:
>
>no eye-shutting. it's just about considering HOW MANY (or WHAT PART) of
>your users will need the 'full' service. if you have 95% of bfu's with
>web+mail phones or pda's then nat is completely ok for them. and those 5%
>(if so many ever) phreaks - give them an opportunity to have public ip
>with no nat for a few bucks more
>
>you will end up with exactly two exactly specified services... not that
>bad, is it?


If no applications need the "few bucks more" service, no one will pay for it.
If no one pays for it, no one will write applications that need it.


Chicken or Egg? You decide.

-pmb

Re: Large ISPs doing NAT?

[Peter Bierman]

At 1:20 AM -0700 5/2/02, Scott Francis wrote:
>On Wed, May 01, 2002 at 04:07:34PM -0700, [EMAIL PROTECTED] said:
>>
>> You've got to be kidding. Do you think it's clear to the average consumer
>> buying a GPRS phone what NAT is, and why they might or might not want it?
>
>The average customer buying a "web-enabled" phone doesn't need a
>publicly-routeable IP. I challenge anybody to demonstrate why a cell phone
>needs a public IP. It's a PHONE, not a server.

And what if I want to invent the next big thing? A game, that people play
in real time, with their palm-sized gizmo. What if that game can't be made
scalable unless those devices have real IPs? What if that game is the
catalyst that causes a million more customers to go buy a gizmo from
Cingular?

If providers assume that GPRS devices are all just "web-enabled phones",
then that's all they will _ever_ be, and no one will care, and no one will
buy them. If all I want is a PHONE, not a server, I can buy that today (and
Cingular doesn't have to spend millions to deply a whole new backend.)

IMHO, the attitude of "we already know what services you want" is at odds
with the intent of the Internet, and exactly the BS that Telcos have been
feeding customers for years.

I have yet to see any good argument for why mobile-IP providers should use
NAT instead of routable space. And no, "because they might get rooted" is
not a good reason. That's the responsibility of the device designers, NOT
THE NETWORK.

-pmb

RE: Large ISPs doing NAT?

[Daniska Tomas]

> -Original Message-
> From: Jake Khuon [mailto:[EMAIL PROTECTED]] 
> Sent: 2. mája 2002 10:51
> To: [EMAIL PROTECTED]
> Subject: Re: Large ISPs doing NAT? 
> 
> 
> DT> and what if one of the devices behind that phone would also be a 
> DT> personal "ip gateway router" (or how you call that)... you could 
> DT> recursively iterate as deep as your mail size allows you to...
> 
> It's possible.  Could it get ugly?  Yes.  Do we just want to 
> shut our eyes and say "let's not go there."... well... maybe. 
>  I just don't think the solution is to say, "this can never 
> happen... we must limit all handheld devices to sitting 
> behind a NAT gateway."
> 
 
no eye-shutting. it's just about considering HOW MANY (or WHAT PART) of your users 
will need the 'full' service. if you have 95% of bfu's with web+mail phones or pda's 
then nat is completely ok for them. and those 5% (if so many ever) phreaks - give them 
an opportunity to have public ip with no nat for a few bucks more

you will end up with exactly two exactly specified services... not that bad, is it?

--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.

Re: Large ISPs doing NAT?

[Scott Francis]

On Thu, May 02, 2002 at 01:32:16AM -0700, [EMAIL PROTECTED] said:
> 
> ### On Thu, 2 May 2002 01:20:40 -0700, Scott Francis
> ### <[EMAIL PROTECTED]> casually decided to expound upon Peter Bierman
> ### <[EMAIL PROTECTED]> the following thoughts about "Re: Large ISPs
> ### doing NAT?":
> 
> SF> The average customer buying a "web-enabled" phone doesn't need a
> SF> publicly-routeable IP. I challenge anybody to demonstrate why a cell phone
> SF> needs a public IP. It's a PHONE, not a server.
> 
> Time to start thinking a little further down the line.  What if the phone
> actually becomes an wireless IP gateway router?  It routes packets from a
> PAN (personal area network) riding on top of Bluetooth or 802.11{a,b} to the
> 3G network for transit.  NAT would certainly become very messy.

*nod* NAT is a solution for current problems, in some situations. It may or
may not create more problems in the future than it solves in the present
(sign me up for one of those gateway router phones though - mmm...)

Again, while I'm not predicting what kind of network landscape we may see in
the future, NAT _does_ appear to solve problems in the present under certain
situations, and IMHO should not be dismissed out of hand just because it's
not "pure IP."

Forward thinking is critical - but those who do it at the expense of current
issues are called researchers and scientists, and generally are not running
production networks. :)

-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg01361/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Jake Khuon]

### On Thu, 2 May 2002 10:42:01 +0200, "Daniska Tomas" <[EMAIL PROTECTED]>
### casually decided to expound upon <[EMAIL PROTECTED]> the following
### thoughts about "RE: Large ISPs doing NAT? ":

DT> and what if one of the devices behind that phone would also be a personal
DT> "ip gateway router" (or how you call that)... you could recursively iterate
DT> as deep as your mail size allows you to... 

It's possible.  Could it get ugly?  Yes.  Do we just want to shut our eyes
and say "let's not go there."... well... maybe.  I just don't think the
solution is to say, "this can never happen... we must limit all handheld
devices to sitting behind a NAT gateway."


DT> hope this thread will not end in a router behind a router that serves as a
DT> router seving as a router to another router which has some other routers
DT> connected... 

God forbid!  We might have a network on our hands!


--
/*===[ Jake Khuon <[EMAIL PROTECTED]> ]==+
 | Packet Plumber, Network Engineers /| / [~ [~ |) | | --- |
 | for Effective Bandwidth Utilisation  / |/  [_ [_ |) |_| N E T W O R K S |
 +=*/

RE: Large ISPs doing NAT?

[Daniska Tomas]

> -Original Message-
> From: Jake Khuon [mailto:[EMAIL PROTECTED]] 
> Sent: 2. mája 2002 10:32
> To: [EMAIL PROTECTED]
> Subject: Re: Large ISPs doing NAT? 
> 
> 
> 
> 
> Time to start thinking a little further down the line.  What 
> if the phone actually becomes an wireless IP gateway router?  
> It routes packets from a PAN (personal area network) riding 
> on top of Bluetooth or 802.11{a,b} to the 3G network for 
> transit.  NAT would certainly become very messy.
> 

grat

and what if one of the devices behind that phone would also be a personal "ip gateway 
router" (or how you call that)... you could recursively iterate as deep as your mail 
size allows you to... 

hope this thread will not end in a router behind a router that serves as a router 
seving as a router to another router which has some other routers connected... 

> 
> --
> /*===[ Jake Khuon <[EMAIL PROTECTED]> 
> ]==+
>  | Packet Plumber, Network Engineers /| / [~ [~ |) | | 
> --- |
>  | for Effective Bandwidth Utilisation  / |/  [_ [_ |) |_| N 
> E T W O R K S |  
> +=
> */
> 



--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.

Re: Large ISPs doing NAT?

[Jake Khuon]

### On Thu, 2 May 2002 01:20:40 -0700, Scott Francis
### <[EMAIL PROTECTED]> casually decided to expound upon Peter Bierman
### <[EMAIL PROTECTED]> the following thoughts about "Re: Large ISPs
### doing NAT?":

SF> The average customer buying a "web-enabled" phone doesn't need a
SF> publicly-routeable IP. I challenge anybody to demonstrate why a cell phone
SF> needs a public IP. It's a PHONE, not a server.

Time to start thinking a little further down the line.  What if the phone
actually becomes an wireless IP gateway router?  It routes packets from a
PAN (personal area network) riding on top of Bluetooth or 802.11{a,b} to the
3G network for transit.  NAT would certainly become very messy.


--
/*===[ Jake Khuon <[EMAIL PROTECTED]> ]==+
 | Packet Plumber, Network Engineers /| / [~ [~ |) | | --- |
 | for Effective Bandwidth Utilisation  / |/  [_ [_ |) |_| N E T W O R K S |
 +=*/

Re: Large ISPs doing NAT?

[Scott Francis]

On Wed, May 01, 2002 at 04:07:34PM -0700, [EMAIL PROTECTED] said:
[snip]
> >As long as it is _clear_ from the get-go that customers behind NAT are
> >getting that service, and not publicly-routable IP space, I don't see the
> >problem. If they don't like it, they don't have to sign up to begin with - as
> >long as there is no doubt as to what kind of service they're getting, there
> >shouldn't be a problem (legally, at any rate).
> 
> You've got to be kidding. Do you think it's clear to the average consumer
> buying a GPRS phone what NAT is, and why they might or might not want it?

The average customer buying a "web-enabled" phone doesn't need a
publicly-routeable IP. I challenge anybody to demonstrate why a cell phone
needs a public IP. It's a PHONE, not a server.

> Do you think the use of NAT will be explained to these customers? Or
> clearly stated in 5pt text on page 17 of the service agreement?

There's enough other fine print that adding this in somewhere should not be
an issue.

> IMHO, as one of the people who will likely be using Cingular's GPRS network
> with a Danger HipTop, I _strongly_ hope they choose to use routable address
> space instead of NAT. I would hate for NAT to be an impediment to some cool
> new app no one has thought of yet because these gizmos aren't in widespread
> use yet.

I am totally in favor of public IPs being an _option_ for use with PDAs,
phones and the like - but for the average user, I do not see it being a
necessity, or even really a benefit.

> >This is not to say that if, as Eliot posits, the next Big Thing on the market
> >requires public IPs that your customer base won't all jump ship. That's a
> >risk that providers will have to weigh against the benefits of NAT.
> 
> I'm more concerned that if the major metropolitan markets deploying GPRS
> all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
> Customers won't jump ship if they have no where to jump to. That might
> sound attractive to the bean counters, but think of the customers you might
> never get in the first place. Also, I don't see how deploying NAT could be
> a cost savings over requesting real IP space.

I'm not saying it's the best course of action necessarily; I was trying to
make the "best tool for the job" argument. There are cases where NAT is a
definite advantage, or where having a public IP offers no clear benefits, if
not any obvious risks. Until the model changes drastically, I just don't see
the average phone/wireless PDA user needing a public IP for every device
she/he has. But it should definitely remain an option - just like static IPs
on DSL is an option with most providers.

> -pmb

-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg01353/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Joe Abley]

On Wednesday, May 1, 2002, at 10:33 , Steven J. Sobol wrote:

>
> On Wed, 1 May 2002, Deepak Jain wrote:
>
>> I'm more concerned that if the major metropolitan markets deploying 
>> GPRS
>> all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
>> Customers won't jump ship if they have no where to jump to.
>
> The only people who'd be deploying GPRS are GSM cellular providers, no?

The concern exists regardless of the specifics of the always-on, 
cellular packet radio protocols being used, surely?

> [GSM coverage is patchy in the US]

It's prevalent elsewhere. I'd be surprised if there aren't more GSM 
subscribers in the world than non-GSM subscribers.


Joe

RE: Large ISPs doing NAT?

[Steven J. Sobol]

On Wed, 1 May 2002, Deepak Jain wrote:

> I'm more concerned that if the major metropolitan markets deploying GPRS
> all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
> Customers won't jump ship if they have no where to jump to.

The only people who'd be deploying GPRS are GSM cellular providers, no?

Verizon and Sprint PCS, in particular, are not using GPRS, but migrating
to CDMA-based 3G cellular technologies. I don't know that those 
technologies use CDMA.

And of course, there are still markets like my very own hometown (2nd
largest city in Ohio) that don't have GSM yet (even though #1 and #3 do).
VoiceStream is supposedly launching their GSM network in Cleveland 
(*snort* I've heard that before). But they're not here yet, AT&T is 
nowhere near doing GSM here as far as I know, and Cingular's network here 
(former AmeriBlech Cellular) is TDMA. 

I could be completely off base, of course. Being a customer of Sprint PCS
and Verizon, and a former customer of Alltel and Northcoast PCS, I've not
had much reason to follow GSM developments; every one of the companies 
I've used runs CDMA. Feel free to correct me if I am wrong.

-- 
Steve Sobol, CTO (Server Guru, Network Janitor and Head Geek)
JustThe.net LLC, Mentor On The Lake, OH  888.480.4NET   http://JustThe.net
"The Indians are unfolding into the 2002 season like a lethal lawn chair."
  (_News-Herald_ Indians Columnist Jim Ingraham, April 11, 2002)

Re: Large ISPs doing NAT?

[Michael Painter]

Roland, 

I have a static IP w/DirecPC and I haven't noticed any problems running ICS on Win2K.  
Have things changed?

--Michael


- Original Message - 
From: "Roland Dobbins" <[EMAIL PROTECTED]>
To: "Peter Bierman" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; "Beckmeyer" <[EMAIL PROTECTED]>
Sent: Wednesday, May 01, 2002 1:26 PM
Subject: Re: Large ISPs doing NAT?


> 
> I think a lot of the GRPS stuff is heading towards IPv6 w/IPv4
> gatewaying.
> 
> The NAT issue has certainly resulted in a quite a few disgruntled
> satellite customers (I'm thinking here primarily of direcpc.com) who're
> willing to put up with the large latencies, but get really irate when
> their apps won't work via NAT, or who want to run RFC1918 space for a
> LAN at home, then find out that lots of stuff can't stand being NATted
> twice.
> 
> -- 
> 
> Roland Dobbins <[EMAIL PROTECTED]> // 650.776.1024 voice
> 
> "Central databases already exist. Privacy is already gone." 
> 
>  -- Larry Ellison, CEO of Oracle Corporation
> 
> On Wed, 2002-05-01 at 16:07, Peter Bierman wrote:
> > 
> > At 3:03 PM -0700 5/1/02, Scott Francis wrote:
> > >On Wed, May 01, 2002 at 02:55:02PM -0700, [EMAIL PROTECTED] said:
> > >>
> > >> I don't know if this is an annual argument yet, but the frog is in the
> > >> pot, and the flame is on.  Guess who's playing the part of the frog?
> > >> Answer: ISPs who do this sort of thing.  Value added security is a nice
> > >> thing.  Crippling Internet connections will turn the Internet into the
> > >> phone company, where only the ISP gets to say what services are good and
> > >> which ones are bad.  While an ISP might view it appealing to be a baby
> > >> bell, remember from whence we all come: the notion that the middle should
> > >> not inhibit the endpoints from doing what they want.  You find this to be
> > >> a support headache?  Offer a deal on Norton Internet Security or some
> > >> such.  Offer to do rules merges.  Even offer a provisioning interface to
> > >> some access-lists.  Just make sure that when that next really fun game is
> > >> delivered on a play station that speaka de IP your customers can play it,
> > >> and that you haven't built a business model around them not being able to
> > >> play it.
> > >
> > >As long as it is _clear_ from the get-go that customers behind NAT are
> > >getting that service, and not publicly-routable IP space, I don't see the
> > >problem. If they don't like it, they don't have to sign up to begin with - as
> > >long as there is no doubt as to what kind of service they're getting, there
> > >shouldn't be a problem (legally, at any rate).
> > 
> > 
> > You've got to be kidding. Do you think it's clear to the average consumer
> > buying a GPRS phone what NAT is, and why they might or might not want it?
> > Do you think the use of NAT will be explained to these customers? Or
> > clearly stated in 5pt text on page 17 of the service agreement?
> > 
> > IMHO, as one of the people who will likely be using Cingular's GPRS network
> > with a Danger HipTop, I _strongly_ hope they choose to use routable address
> > space instead of NAT. I would hate for NAT to be an impediment to some cool
> > new app no one has thought of yet because these gizmos aren't in widespread
> > use yet.
> > 
> > >This is not to say that if, as Eliot posits, the next Big Thing on the market
> > >requires public IPs that your customer base won't all jump ship. That's a
> > >risk that providers will have to weigh against the benefits of NAT.
> > 
> > I'm more concerned that if the major metropolitan markets deploying GPRS
> > all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
> > Customers won't jump ship if they have no where to jump to. That might
> > sound attractive to the bean counters, but think of the customers you might
> > never get in the first place. Also, I don't see how deploying NAT could be
> > a cost savings over requesting real IP space.
> > 
> > -pmb
> > 
> > --
> > Ring around the Internet, | Peter Bierman <[EMAIL PROTECTED]>
> > Packet with a bit not set | http://www.sfgoth.com/pmb/
> > SYN ACK SYN ACK,  |"Nobody realizes that some people expend
> > We all go down. -A. Stern | tremendous energy merely to be normal."-Al Camus
> > 
> 
> 

Re: Large ISPs doing NAT?

[Eliot Lear]

Deepak Jain wrote:
> MY question is -- How do you know if a justification for _public_ space
> handling a large NAT'd pool is the proper size and not an over/under
> allocation based on the customer in question?

Why is the answer to this question any different than it has been since 
BCP-12?  The answer is that we don't, but we guard against the problem 
with methods such as slow start allocations.

Eliot

RE: Large ISPs doing NAT?

[Deepak Jain]

I'm more concerned that if the major metropolitan markets deploying GPRS
all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
Customers won't jump ship if they have no where to jump to. That might
sound attractive to the bean counters, but think of the customers you might
never get in the first place. Also, I don't see how deploying NAT could be
a cost savings over requesting real IP space.

-pmb




It certainly allows sloppy/generous/obtuse internal delegations. Some may
say that
saves time/management headache/whatever.

MY question is -- How do you know if a justification for _public_ space
handling a large NAT'd pool is the proper size and not an over/under
allocation based on the customer in question?

Deepak Jain
AiNET

Re: Large ISPs doing NAT?

[Roland Dobbins]

I think a lot of the GRPS stuff is heading towards IPv6 w/IPv4
gatewaying.

The NAT issue has certainly resulted in a quite a few disgruntled
satellite customers (I'm thinking here primarily of direcpc.com) who're
willing to put up with the large latencies, but get really irate when
their apps won't work via NAT, or who want to run RFC1918 space for a
LAN at home, then find out that lots of stuff can't stand being NATted
twice.

-- 

Roland Dobbins <[EMAIL PROTECTED]> // 650.776.1024 voice

"Central databases already exist. Privacy is already gone." 

 -- Larry Ellison, CEO of Oracle Corporation

On Wed, 2002-05-01 at 16:07, Peter Bierman wrote:
> 
> At 3:03 PM -0700 5/1/02, Scott Francis wrote:
> >On Wed, May 01, 2002 at 02:55:02PM -0700, [EMAIL PROTECTED] said:
> >>
> >> I don't know if this is an annual argument yet, but the frog is in the
> >> pot, and the flame is on.  Guess who's playing the part of the frog?
> >> Answer: ISPs who do this sort of thing.  Value added security is a nice
> >> thing.  Crippling Internet connections will turn the Internet into the
> >> phone company, where only the ISP gets to say what services are good and
> >> which ones are bad.  While an ISP might view it appealing to be a baby
> >> bell, remember from whence we all come: the notion that the middle should
> >> not inhibit the endpoints from doing what they want.  You find this to be
> >> a support headache?  Offer a deal on Norton Internet Security or some
> >> such.  Offer to do rules merges.  Even offer a provisioning interface to
> >> some access-lists.  Just make sure that when that next really fun game is
> >> delivered on a play station that speaka de IP your customers can play it,
> >> and that you haven't built a business model around them not being able to
> >> play it.
> >
> >As long as it is _clear_ from the get-go that customers behind NAT are
> >getting that service, and not publicly-routable IP space, I don't see the
> >problem. If they don't like it, they don't have to sign up to begin with - as
> >long as there is no doubt as to what kind of service they're getting, there
> >shouldn't be a problem (legally, at any rate).
> 
> 
> You've got to be kidding. Do you think it's clear to the average consumer
> buying a GPRS phone what NAT is, and why they might or might not want it?
> Do you think the use of NAT will be explained to these customers? Or
> clearly stated in 5pt text on page 17 of the service agreement?
> 
> IMHO, as one of the people who will likely be using Cingular's GPRS network
> with a Danger HipTop, I _strongly_ hope they choose to use routable address
> space instead of NAT. I would hate for NAT to be an impediment to some cool
> new app no one has thought of yet because these gizmos aren't in widespread
> use yet.
> 
> >This is not to say that if, as Eliot posits, the next Big Thing on the market
> >requires public IPs that your customer base won't all jump ship. That's a
> >risk that providers will have to weigh against the benefits of NAT.
> 
> I'm more concerned that if the major metropolitan markets deploying GPRS
> all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
> Customers won't jump ship if they have no where to jump to. That might
> sound attractive to the bean counters, but think of the customers you might
> never get in the first place. Also, I don't see how deploying NAT could be
> a cost savings over requesting real IP space.
> 
> -pmb
> 
> --
> Ring around the Internet, | Peter Bierman <[EMAIL PROTECTED]>
> Packet with a bit not set | http://www.sfgoth.com/pmb/
> SYN ACK SYN ACK,  |"Nobody realizes that some people expend
> We all go down. -A. Stern | tremendous energy merely to be normal."-Al Camus
> 

Re: Large ISPs doing NAT?

[Peter Bierman]

At 3:03 PM -0700 5/1/02, Scott Francis wrote:
>On Wed, May 01, 2002 at 02:55:02PM -0700, [EMAIL PROTECTED] said:
>>
>> I don't know if this is an annual argument yet, but the frog is in the
>> pot, and the flame is on.  Guess who's playing the part of the frog?
>> Answer: ISPs who do this sort of thing.  Value added security is a nice
>> thing.  Crippling Internet connections will turn the Internet into the
>> phone company, where only the ISP gets to say what services are good and
>> which ones are bad.  While an ISP might view it appealing to be a baby
>> bell, remember from whence we all come: the notion that the middle should
>> not inhibit the endpoints from doing what they want.  You find this to be
>> a support headache?  Offer a deal on Norton Internet Security or some
>> such.  Offer to do rules merges.  Even offer a provisioning interface to
>> some access-lists.  Just make sure that when that next really fun game is
>> delivered on a play station that speaka de IP your customers can play it,
>> and that you haven't built a business model around them not being able to
>> play it.
>
>As long as it is _clear_ from the get-go that customers behind NAT are
>getting that service, and not publicly-routable IP space, I don't see the
>problem. If they don't like it, they don't have to sign up to begin with - as
>long as there is no doubt as to what kind of service they're getting, there
>shouldn't be a problem (legally, at any rate).


You've got to be kidding. Do you think it's clear to the average consumer
buying a GPRS phone what NAT is, and why they might or might not want it?
Do you think the use of NAT will be explained to these customers? Or
clearly stated in 5pt text on page 17 of the service agreement?

IMHO, as one of the people who will likely be using Cingular's GPRS network
with a Danger HipTop, I _strongly_ hope they choose to use routable address
space instead of NAT. I would hate for NAT to be an impediment to some cool
new app no one has thought of yet because these gizmos aren't in widespread
use yet.

>This is not to say that if, as Eliot posits, the next Big Thing on the market
>requires public IPs that your customer base won't all jump ship. That's a
>risk that providers will have to weigh against the benefits of NAT.

I'm more concerned that if the major metropolitan markets deploying GPRS
all use NAT, then the Next Big Thing won't ever happen on GPRS devices.
Customers won't jump ship if they have no where to jump to. That might
sound attractive to the bean counters, but think of the customers you might
never get in the first place. Also, I don't see how deploying NAT could be
a cost savings over requesting real IP space.

-pmb

--
Ring around the Internet, | Peter Bierman <[EMAIL PROTECTED]>
Packet with a bit not set | http://www.sfgoth.com/pmb/
SYN ACK SYN ACK,  |"Nobody realizes that some people expend
We all go down. -A. Stern | tremendous energy merely to be normal."-Al Camus

Re: Large ISPs doing NAT?

[Valdis . Kletnieks]

On Wed, 01 May 2002 14:55:02 PDT, Eliot Lear said:
> some access-lists.  Just make sure that when that next really fun game is 
> delivered on a play station that speaka de IP your customers can play it, 
> and that you haven't built a business model around them not being able to 
> play it.

There was a reason I said *ALMOST*. ;)  Thanks, Eliot. 



msg01308/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Scott Francis]

On Wed, May 01, 2002 at 02:55:02PM -0700, [EMAIL PROTECTED] said:
> 
> I don't know if this is an annual argument yet, but the frog is in the 
> pot, and the flame is on.  Guess who's playing the part of the frog? 
> Answer: ISPs who do this sort of thing.  Value added security is a nice 
> thing.  Crippling Internet connections will turn the Internet into the 
> phone company, where only the ISP gets to say what services are good and 
> which ones are bad.  While an ISP might view it appealing to be a baby 
> bell, remember from whence we all come: the notion that the middle should 
> not inhibit the endpoints from doing what they want.  You find this to be 
> a support headache?  Offer a deal on Norton Internet Security or some 
> such.  Offer to do rules merges.  Even offer a provisioning interface to 
> some access-lists.  Just make sure that when that next really fun game is 
> delivered on a play station that speaka de IP your customers can play it, 
> and that you haven't built a business model around them not being able to 
> play it.

As long as it is _clear_ from the get-go that customers behind NAT are
getting that service, and not publicly-routable IP space, I don't see the
problem. If they don't like it, they don't have to sign up to begin with - as
long as there is no doubt as to what kind of service they're getting, there
shouldn't be a problem (legally, at any rate).

This is not to say that if, as Eliot posits, the next Big Thing on the market
requires public IPs that your customer base won't all jump ship. That's a
risk that providers will have to weigh against the benefits of NAT.

> Eliot

-- 
Scott Francis   darkuncle@ [home:] d a r k u n c l e . n e t
Systems/Network Manager  sfrancis@ [work:] t o n o s . c o m
GPG public key 0xCB33CCA7  illum oportet crescere me autem minui



msg01307/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[Eliot Lear]

I don't know if this is an annual argument yet, but the frog is in the 
pot, and the flame is on.  Guess who's playing the part of the frog? 
Answer: ISPs who do this sort of thing.  Value added security is a nice 
thing.  Crippling Internet connections will turn the Internet into the 
phone company, where only the ISP gets to say what services are good and 
which ones are bad.  While an ISP might view it appealing to be a baby 
bell, remember from whence we all come: the notion that the middle should 
not inhibit the endpoints from doing what they want.  You find this to be 
a support headache?  Offer a deal on Norton Internet Security or some 
such.  Offer to do rules merges.  Even offer a provisioning interface to 
some access-lists.  Just make sure that when that next really fun game is 
delivered on a play station that speaka de IP your customers can play it, 
and that you haven't built a business model around them not being able to 
play it.

Eliot



mike harrison wrote:
>>On Monday, 2002-04-29 at 08:43 MST, Beckmeyer <[EMAIL PROTECTED]> wrote:
>>
>>>Is anybody here doing NAT for their customers?
>>
> 
> Tony Rall: 
> 
>>If you're NATing your customers you're no longer an ISP.  You're a
>>sort-of-tcp-service-provider (maybe a little udp too).  NAT (PAT even more
> 
> 
> Depends on scale and application. We have lots of customers
> that we NAT, one way or another. And a lot more that we don't. 
> Some customers WANT to 'just see out' and they like all the 'weird stuff
> turned off'. Sometimes it's a box at the customers end, sometimes
> it's nat'd IP's on the dial-up/ISDN/FracT1/T1/Wireless connection itself. 
> 
> Saying we are not an ISP because we do some NAT is a little harsh. 
> Giving the customer options and making things work (when done right, 
> and explained properly we have no sales droids) is good business
> and I think good for the 'net. It gives the clueless (and sometimes
> cluefull) just a little more isolation. 
> 
> What is wrong is NAT'ing when you should not. 
> 
> 
> 
> 

RE: Large ISPs doing NAT?

[kevin graham]

On Wed, 1 May 2002, Deepak Jain wrote:

> Almost? I'd say it's hands down an EXCELLENT reason. In some configs
> though, the NAT'd people can still see each other and cause problems,
> but it still cuts down the exposure.

I've received a couple off-list replies about containment within the
NAT'ed area, but I don't see this being a significant issue, as in order
to make this at all scalable, it would need to be done at a relatively
granular level, ie. directly at customer aggregation router, which would
limit scope a fair deal.

Support-staff debugging may also end up simpler, if for no other reason
that it forces them to go to the edge router to reach the customer
directly, eliminating ill-concieved 'shortcuts'. The benefits to core
engineering teams would be interesting as well, given that public space
becomes genuinely dynamic, even at the edge.

...and as has been mentioned, nothing precludes offering non-NAT as a
premium service, just as the DSL providers have done already w/ offering
/29's or static addresses.

..kg..

RE: Large ISPs doing NAT?

[Deepak Jain]

Almost? I'd say it's hands down an EXCELLENT reason. In some configs
though, the NAT'd people can still see each other and cause problems,
but it still cuts down the exposure.




Presumably, the people it would cause problems for would be the customers of
someone getting paid to care about them. :)

Deepak Jain
AiNET

Re: Large ISPs doing NAT?

[mike harrison]

> > of unadministered, always-on boxes that aren't supposed to be running
> > inbound services in unrouted space would save all of us headaches.
> 
> That's almost a better justification for NAT than address-space conservation. ;)

Almost? I'd say it's hands down an EXCELLENT reason. In some configs
though, the NAT'd people can still see each other and cause problems, 
but it still cuts down the exposure. 

Re: Large ISPs doing NAT?

[Valdis . Kletnieks]

On Tue, 30 Apr 2002 12:13:11 PDT, kevin graham said:
> Given the bellowing over some of the allocations in 24/8 that have been
> heard here before, it would seem to be welcome. Sticking large numbers
> of unadministered, always-on boxes that aren't supposed to be running
> inbound services in unrouted space would save all of us headaches.

That's almost a better justification for NAT than address-space conservation. ;)



msg01291/pgp0.pgp
Description: PGP signature

Re: Large ISPs doing NAT?

[mike harrison]

> On Monday, 2002-04-29 at 08:43 MST, Beckmeyer <[EMAIL PROTECTED]> wrote:
> > Is anybody here doing NAT for their customers?

Tony Rall: 
> If you're NATing your customers you're no longer an ISP.  You're a
> sort-of-tcp-service-provider (maybe a little udp too).  NAT (PAT even more

Depends on scale and application. We have lots of customers
that we NAT, one way or another. And a lot more that we don't. 
Some customers WANT to 'just see out' and they like all the 'weird stuff
turned off'. Sometimes it's a box at the customers end, sometimes
it's nat'd IP's on the dial-up/ISDN/FracT1/T1/Wireless connection itself. 

Saying we are not an ISP because we do some NAT is a little harsh. 
Giving the customer options and making things work (when done right, 
and explained properly we have no sales droids) is good business
and I think good for the 'net. It gives the clueless (and sometimes
cluefull) just a little more isolation. 

What is wrong is NAT'ing when you should not. 

Re: Large ISPs doing NAT?

[Jun-ichiro itojun Hagino]

>On Monday, 2002-04-29 at 08:43 MST, Beckmeyer <[EMAIL PROTECTED]> wrote:
>> Is anybody here doing NAT for their customers?
>I hope not.

there are a lot of them in Japan.  including large ISP, small ISP,
CATV connectivity and apartment connectivity.  I really hope the
situation to change.  not sure why it is happening here - are there
any difference between JPNIC and APNIC policy/operation?

itojun

RE: Large ISPs doing NAT?

[kevin graham]

> and then you have those 'pdp-contexts' or how they call it. it's just
> another acronym for a vpn... if a corporate user requires full ip
> connectivity then why not give him a vpn uplink directly to their hq

This is probably impractical -- just try to (consistently) get your DSL
provider to provision multiple PVC's. Technology that's there, been there,
and makes alot of sense, but convincing someone to sell it is still
difficiult.

> > An Internet Service Provider gives the customer a full
> > connection to the Internet.  All IP protocols should work.
>
> you also may give the [common] user an opportunity to have 'limited'
> service set (so you can use private addresses + nat/pat) for lower price
> or pay a bit more for 'full' service.

Given the fairly common broadband SLA's that deny running any servers, it
almost seems prudent _to_ use NAT for these users. Going NAT rather than
NAPT takes care of almost all cases (AFAIK even more troublesome protocols
such as h323 are commonly accomodated). Besides, it gives vendor C an
excuse to push bigger and bigger PXF platforms.

Given the bellowing over some of the allocations in 24/8 that have been
heard here before, it would seem to be welcome. Sticking large numbers
of unadministered, always-on boxes that aren't supposed to be running
inbound services in unrouted space would save all of us headaches.

> do you think they will download mp3's and avi's via gprs? how? :))

Unless I've fallen for marketing ambiguities, even current GPRS handsets
are including PC connectivity for GPRS data, so applications are a given;
though "would you want to" still remains (wouldn't imagine wireless
carriers are rushing to provide scads of connectivity while still nursing
WAP burns).

..kg..

RE: Large ISPs doing NAT?

[Daniska Tomas]

> -Original Message-
> From: Tony Rall [mailto:[EMAIL PROTECTED]] 
> Sent: 30. apríla 2002 19:59
> To: [EMAIL PROTECTED]
> Subject: Re: Large ISPs doing NAT?
> 
> 
> 
> 
> On Monday, 2002-04-29 at 08:43 MST, Beckmeyer 
> <[EMAIL PROTECTED]> wrote:
> > Is anybody here doing NAT for their customers?
> 
> I hope not.
> 
> If you're NATing your customers you're no longer an ISP.  
> You're a sort-of-tcp-service-provider (maybe a little udp 
> too).  NAT (PAT even more
> so) breaks so many things that it would be unconscionable to 
> advertise as an ISP.  Even some tcp apps fail under NAT.  The 
> NAT box may include a number of "fix-ups" but such will never 
> be equivalent to giving the customer a public address.

well.. yes and no.
depends on definition and how you set the services. i don't know how you treat this in 
u.s. but in europe gprs is mostly considered being a value-added service to gsm 
instead of a real internet connectivity replacement.

if you think of gprs a bit it will never have enough capabilities to serve as a 
full-time inet service. it's a great solution for accessing your data remotely but 
it's very limited in means of capacity

and then you have those 'pdp-contexts' or how they call it. it's just another acronym 
for a vpn... if a corporate user requires full ip connectivity then why not give him a 
vpn uplink directly to their hq and the users can safely use private addresses 
according to corporate policy. in this way gprs is very similar to mpls. i have worked 
on gprs-mpls vpn integration and it works just fine.

 
> An Internet Service Provider gives the customer a full 
> connection to the Internet.  All IP protocols should work.

you also may give the [common] user an opportunity to have 'limited' service set (so 
you can use private addresses + nat/pat) for lower price or pay a bit more for 'full' 
service. i think the 'limited' in real life can safely cover requirements of 95% of 
the customers. do you think they will download mp3's and avi's via gprs? how? :)) from 
my point of view if you cover http, e-mail and various similar services you will 
provide most user with more than they ever would expect, wouldn't you?

> I'm in favor of using NAT only where there is a good argument 
> for it and the customers are given the straight story about 
> what they're buying and what it won't be able to do.  Don't 
> call yourself an ISP.

... 

> Tony Rall
> 
> 

deejay




--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.

Re: Large ISPs doing NAT?

[Tony Rall]

On Monday, 2002-04-29 at 08:43 MST, Beckmeyer <[EMAIL PROTECTED]> wrote:
> Is anybody here doing NAT for their customers?

I hope not.

If you're NATing your customers you're no longer an ISP.  You're a
sort-of-tcp-service-provider (maybe a little udp too).  NAT (PAT even more
so) breaks so many things that it would be unconscionable to advertise as
an ISP.  Even some tcp apps fail under NAT.  The NAT box may include a
number of "fix-ups" but such will never be equivalent to giving the
customer a public address.

An Internet Service Provider gives the customer a full connection to the
Internet.  All IP protocols should work.

I'm in favor of using NAT only where there is a good argument for it and
the customers are given the straight story about what they're buying and
what it won't be able to do.  Don't call yourself an ISP.

Tony Rall

Re: Large ISPs doing NAT?

[Bill Woodcock]

> It's a lack of IP Address Space - and the numbers I gave - 10's of
> thousands are probably a bit on the small side - in short order it will
> be multiples of 100,000 IP addresses.

That's a small quantity.  Just fill our your RIR's form, and if you need
the space, you'll get it.  There's no lack.

-Bill

Re: Large ISPs doing NAT?

[David Conrad]

On 4/29/02 9:08 AM, "Beckmeyer" <[EMAIL PROTECTED]> wrote:
> Marshall et al,
> 
> It's a lack of IP Address Space

Last I looked there was plenty of address space.

> - and the numbers I gave - 10's of
> thousands are probably a bit on the small side - in short order it will
> be multiples of 100,000 IP addresses.  To start with, I'm willing to
> think in terms of 10's of thousands spread over a handful of "POPs".

All you need do is document usage according to your RIR's allocation
policies and you'll get the address space you justify.

> The application is GPRS (aka 2.5/3G cellular) and each Internet
> connected user or some major subset of them will likely wind up with an
> address on their mobile device.

There have already been numerous discussions between the RIRs and the GSM
association(s) regarding address allocations for GPRS.

Have you asked your RIR about this?

Rgds,
-drc

RE: Large ISPs doing NAT?

[Daniska Tomas]

jb,

i've seen this as a part of turnkey solution by one of gprs vendors. they made two 
service classes - generic (10.0.0.0/8-based with nat) and 'privileged' - with 
registered addresses. and it was not only a slideware but a real installation

but then you have many other large-scale issues like access acceleration, content 
optimization etc...

--
 
Tomas Daniska
systems engineer
Tronet Computer Networks
Plynarenska 5, 829 75 Bratislava, Slovakia
tel: +421 2 58224111, fax: +421 2 58224199
 
A transistor protected by a fast-acting fuse will protect the fuse by blowing first.



> -Original Message-
> From: Beckmeyer [mailto:[EMAIL PROTECTED]] 
> Sent: 29. apríla 2002 18:08
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: Large ISPs doing NAT?
> 
> 
> 
> Marshall et al,
> 
> It's a lack of IP Address Space - and the numbers I gave - 10's of 
> thousands are probably a bit on the small side - in short 
> order it will 
> be multiples of 100,000 IP addresses.  To start with, I'm willing to 
> think in terms of 10's of thousands spread over a handful of "POPs".
> 
> The application is GPRS (aka 2.5/3G cellular) and each Internet 
> connected user or some major subset of them will likely wind 
> up with an 
> address on their mobile device.  
> 
> - JB
> 
> 

Re: Large ISPs doing NAT?

[Marshall Eubanks]

On Mon, 29 Apr 2002 09:08:16 -0700
 Beckmeyer <[EMAIL PROTECTED]> wrote:
> 
> Marshall et al,
> 

Dear JB;

1.) Dare I suggest that you use IPv6 ? It should make a
great NAT.

2.) If you are interested in having content put on your
wireless devices I would like to talk off line.

Regards
Marshall Eubanks


> It's a lack of IP Address Space - and the numbers I gave
> - 10's of 
> thousands are probably a bit on the small side - in short
> order it will 
> be multiples of 100,000 IP addresses.  To start with, I'm
> willing to 
> think in terms of 10's of thousands spread over a handful
> of "POPs".
> 
> The application is GPRS (aka 2.5/3G cellular) and each
> Internet 
> connected user or some major subset of them will likely
> wind up with an 
> address on their mobile device.  
> 
> - JB
> 

Re: Large ISPs doing NAT?

[Beckmeyer]

Marshall et al,

It's a lack of IP Address Space - and the numbers I gave - 10's of 
thousands are probably a bit on the small side - in short order it will 
be multiples of 100,000 IP addresses.  To start with, I'm willing to 
think in terms of 10's of thousands spread over a handful of "POPs".

The application is GPRS (aka 2.5/3G cellular) and each Internet 
connected user or some major subset of them will likely wind up with an 
address on their mobile device.  

- JB

Re: Large ISPs doing NAT?

[Marshall Eubanks]

On Mon, 29 Apr 2002 08:43:11 -0700
 Beckmeyer <[EMAIL PROTECTED]> wrote:
> 
> Is anybody here doing NAT for their customers?
> 
> I'm looking at a situation where I may have to provide
> NAPT for tens of 
> thousands of users and am curious as to what hardware is
> being used, how 
> well it scales, what kind of loads it takes such as:
> 
> throughput,
> max simultaneous sessions experienced,
> session establishment rates,
> avg # of sessions per user,
> ALGs you've found necessary,
> number of sessions supported per public realm IP in
> reality.  
> 
> I've done a survey of firewall, switch, and router
> companies so I have 
> their reported numbers and I've done a bit of testing in
> my lab and have 
> found that reported numbers do not necessarily translate
> into what the 
> box will experience in something resembling a production
> network.  This 
> is why I'm asking this group - reality can bite!
> 
> A second area of concern I have is how to enforce AUPs
> when your users 
> "appearance" can be *very* transitive making tracking
> back the offender 
> nearly impossible.
> 
> Any small piece of help, advice, or pointer would be most
> appreciated.
> 
> Thanks most much.
> 

Is the whole problem just a lack of address space, or
is there something more you are trying to do ?

Regards
Marshall Eubanks

> John Beckmeyer
> [EMAIL PROTECTED]
>