Re: Service providers that NAT their whole network?
On Apr 22, 2005, at 1:14 PM, Chris Woodfield wrote: Apologies for the late reply, but T-Mobile's US GPRS network hands out RFC1918 space as well. Ah, that depends on if you're on WAP, T-Mobile Internet or T-Mobile VPN. The VPN service is exactly the same as the Internet one, except that it gives you non-NAT'd address space for VPN compatibility. (APN internet3.voicestream.com, everything else is the same). Note that you have to be provisioned on each APN now, you can't jump around like you used to be able to. -C On Fri, Apr 15, 2005 at 01:40:12PM -0700, Scott Call wrote: On Fri, 15 Apr 2005, Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. In my experience many cellular providers (at least in the US) do this as well. A GPRS connection to Cingular, even from a laptop device, will get a 1918 address. I don't mind since my phone runs linux with no root password (thanks motorola). -Scott
Re: Service providers that NAT their whole network?
Apologies for the late reply, but T-Mobile's US GPRS network hands out RFC1918 space as well. -C On Fri, Apr 15, 2005 at 01:40:12PM -0700, Scott Call wrote: On Fri, 15 Apr 2005, Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. In my experience many cellular providers (at least in the US) do this as well. A GPRS connection to Cingular, even from a laptop device, will get a 1918 address. I don't mind since my phone runs linux with no root password (thanks motorola). -Scott
Re: Service providers that NAT their whole network?
Thanks to everyone who replied to my question about NAT usage in service providers (see original posting below). I got a lot of private replies, as well as those who posted to the list. To summarize: It seems that there are quite a few providers who do this. I was told of at least 24 providers in the U.S., as well as providers in Canada, in Central America, in Europe, and in Africa which which do this. It was suggested by a number of people that this was quite common on WiFi access and for data services on cell phones. I also heard about a number of cable access providers that do this, and its use on DSL access was mentioned a couple of times. (Many people didn't say what access types were affected, so I don't feel I can derive any meaningful statistics). A number of smaller providers told me that they do it because they simply cannot get enough routable IP addresses from their upstream providers. If I was to speculate, I would guess that the practice might be more common amongst newer providers, and with newer access methods on more established providers. - Philip Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. I am trying to get a handle on how common this practice is. No one that I have asked seems to know any provider that does this, and a search of a few FAQs plus about an hour of Googling hasn't turned up anything definite (but maybe I am using the wrong keywords ...). Can anyone give me some names of providers that do this? Can anyone point me at any documents that indicate how common this practice is? - Philip (*) Some IETF documents that mention this practice: - RFC 3489 - draft-ietf-sipping-nat-scenarios-00.txt (now expired, but available at http://www.ietf.org/proceedings/02jul/I-D/draft-ietf-sipping-nat-scenarios-00.txt
Re: Service providers that NAT their whole network?
That makes very little sense to me since the smaller providers can get a /22 directly from ARIN. I, personaly, would never purchase service from a provider that insisted on sticking me behind NAT. SPRINT PCS does not NAT my cellphone. I receive a dynamic address at connection time, but, it is a real address. What they do that annoys me is they block UDP Port 53 to non-sprint nameservers, and, the phone browser is hard-coded to a particular sprint HTTP Proxy server. If the practice is becoming more common, that is very unfortunate. Owen --On Tuesday, April 19, 2005 9:09 AM -0400 Philip Matthews [EMAIL PROTECTED] wrote: Thanks to everyone who replied to my question about NAT usage in service providers (see original posting below). I got a lot of private replies, as well as those who posted to the list. To summarize: It seems that there are quite a few providers who do this. I was told of at least 24 providers in the U.S., as well as providers in Canada, in Central America, in Europe, and in Africa which which do this. It was suggested by a number of people that this was quite common on WiFi access and for data services on cell phones. I also heard about a number of cable access providers that do this, and its use on DSL access was mentioned a couple of times. (Many people didn't say what access types were affected, so I don't feel I can derive any meaningful statistics). A number of smaller providers told me that they do it because they simply cannot get enough routable IP addresses from their upstream providers. If I was to speculate, I would guess that the practice might be more common amongst newer providers, and with newer access methods on more established providers. - Philip Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. I am trying to get a handle on how common this practice is. No one that I have asked seems to know any provider that does this, and a search of a few FAQs plus about an hour of Googling hasn't turned up anything definite (but maybe I am using the wrong keywords ...). Can anyone give me some names of providers that do this? Can anyone point me at any documents that indicate how common this practice is? - Philip (*) Some IETF documents that mention this practice: - RFC 3489 - draft-ietf-sipping-nat-scenarios-00.txt (now expired, but available at http://www.ietf.org/proceedings/02jul/I-D/draft-ietf-sipping-nat-scenari os-00.txt -- If it wasn't crypto-signed, it probably didn't come from me. pgpgUevNwjiCE.pgp Description: PGP signature
Re: Service providers that NAT their whole network?
On 4/20/05, Tom Vest [EMAIL PROTECTED] wrote: On Apr 19, 2005, at 5:25 PM, Owen DeLong wrote: That makes very little sense to me since the smaller providers can get a /22 directly from ARIN. Sometimes resources that are come from a regional registry are not welcomed by a national operator. This can go for AS numbers as well as addresses. And sometimes a national operator is the only way out. Not welcomed as in, filtered out / these providers refuse to route them? Or do they kick up a fuss on the lines of you should approach only me, or failing that the LIR, for IPs, don't let me catch you running to the RIR next time srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Service providers that NAT their whole network?
On Apr 19, 2005, at 10:24 PM, Suresh Ramasubramanian wrote: On 4/20/05, Tom Vest [EMAIL PROTECTED] wrote: On Apr 19, 2005, at 5:25 PM, Owen DeLong wrote: That makes very little sense to me since the smaller providers can get a /22 directly from ARIN. Sometimes resources that come from a regional registry are not welcomed by a national operator. This can go for AS numbers as well as addresses. And sometimes a national operator is the only way out. Not welcomed as in, filtered out / these providers refuse to route them? Or do they kick up a fuss on the lines of you should approach only me, or failing that the LIR, for IPs, don't let me catch you running to the RIR next time As in, sometimes national operators will decline to speak bgp to (topologically) subnational operators, so that even when they present themselves with a regionally allocated public ASN and address space, these will not be accepted. I am not at liberty to identify specific cases, but if you look at recent-ish (RIR-era) ASN allocations that have never appeared in the routing table, you will come across (n) networks that fit this description. Another reason to approach with caution proposals to cede greater registry-like authority to national PTOs and regulatory authorities, IMHO. TV
Re: Service providers that NAT their whole network?
On 4/20/05, Tom Vest [EMAIL PROTECTED] wrote: As in, sometimes national operators will decline to speak bgp to (topologically) subnational operators, so that even when they present themselves with a regionally allocated public ASN and address space, these will not be accepted. I am not at liberty to identify specific cases, but if you look at recent-ish (RIR-era) ASN allocations that have never appeared in the routing table, you will come across (n) networks that fit this description. Ah, that. Finding places with large incumbent telcos that want to preserve their monopoly, and typically have the local telco regulator in their pocket, is not hard at all .. this happens all the time there One possible reason would be that quite often the people there are not very capable at bgp at all .. so someone who's selling them routers gives them a static route to their upstream, then they give their downstream customers a word doc with a template that assigns the downstreams yet another static route ... Attempts at adding BGP and sometimes, MPLS, to those networks tend to produce interesting looking results. Especially funny example - someone who was a senior admin at a certain large asian ISP decided to ask Philip what a route map is, in a sanog tutorial on advanced BGP last year. Another reason to approach with caution proposals to cede greater registry-like authority to national PTOs and regulatory authorities, IMHO. Any such authority is guaranteed to be heavily abused to further existing monopolies -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Service providers that NAT their whole network?
On Apr 19, 2005, at 10:57 PM, Suresh Ramasubramanian wrote: One possible reason would be that quite often the people there are not very capable at bgp at all .. so someone who's selling them routers gives them a static route to their upstream, then they give their downstream customers a word doc with a template that assigns the downstreams yet another static route ... I think (or at least I hope) that folks that fit your description are identified by the registries and routed to the education track before their applications are approved. I am not (entirely) naive -- and am quite pleased to have the opportunity to contribute to ongoing education efforts through APRICOT -- so I am sure that some share of allocated-but-never-routed ASNs could be explained away as you suggest. That said, the cases I am obliquely referring to are established, fully clue-embued enterprises -- some even service providers -- with competent engineers on staff. I.e., operators that applied for, met the criteria, and received a public ASN plus IP allocation from an RIR. TV
Re: Service providers that NAT their whole network?
A lot of european mobile providers do this, as they're evolving from addressing their own network and GPRS into 3G and proper internet access, if you will. Internet [EMAIL PROTECTED]@merit.edu - 15/04/2005 20:43 Sent by:[EMAIL PROTECTED] To:nanog cc: Subject:Re: Service providers that NAT their whole network? On Fri, Apr 15, 2005 at 03:39:56PM -0400, Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. I am trying to get a handle on how common this practice is. No one that I have asked seems to know any provider that does this, and a search of a few FAQs plus about an hour of Googling hasn't turned up anything definite (but maybe I am using the wrong keywords ...). Can anyone give me some names of providers that do this? Rose.net, the municipal provider in Thomasville GA. They'll assign you a fixed public address which can be gotten back through if you ask, for extra money, but your interface address will still be in 1918 space. Cheers, -- jra -- Jay R. Ashworth [EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me This message and any attachments (the message) is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. ** BNP Paribas Private Bank London Branch is authorised by CECEI AMF and is regulated by the Financial Services Authority for the conduct of its investment business in the United Kingdom. BNP Paribas Securities Services London Branch is authorised by CECEI AMF and is regulated by the Financial Services Authority for the conduct of its investment business in the United Kingdom. BNP Paribas Fund Services UK Limited is authorised and regulated by the Financial Services Authority.
Service providers that NAT their whole network?
A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. I am trying to get a handle on how common this practice is. No one that I have asked seems to know any provider that does this, and a search of a few FAQs plus about an hour of Googling hasn't turned up anything definite (but maybe I am using the wrong keywords ...). Can anyone give me some names of providers that do this? Can anyone point me at any documents that indicate how common this practice is? - Philip (*) Some IETF documents that mention this practice: - RFC 3489 - draft-ietf-sipping-nat-scenarios-00.txt (now expired, but available at http://www.ietf.org/proceedings/02jul/I-D/draft-ietf-sipping-nat-scenarios-00.txt
Re: Service providers that NAT their whole network?
On Fri, Apr 15, 2005 at 03:39:56PM -0400, Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. I am trying to get a handle on how common this practice is. No one that I have asked seems to know any provider that does this, and a search of a few FAQs plus about an hour of Googling hasn't turned up anything definite (but maybe I am using the wrong keywords ...). Can anyone give me some names of providers that do this? Rose.net, the municipal provider in Thomasville GA. They'll assign you a fixed public address which can be gotten back through if you ask, for extra money, but your interface address will still be in 1918 space. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: Service providers that NAT their whole network?
On Fri, 15 Apr 2005, Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. Didn't some of the African ISPs claim that they were forced to do this by ILEC/monopoly providers who would not give them the IP space they needed, resulting in ARIN allowing a minimum ISP allocation of /24 for the African region which is now AfriNIC? http://www.arin.net/policy/proposals/2003_15.html http://archives.afnog.org/msg02339.html goes into much more detail -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Service providers that NAT their whole network?
Philip == Philip Matthews [EMAIL PROTECTED] writes: Philip A number of IETF documents(*) state that there are some Philip service providers that place a NAT box in front of their Philip entire network, so all their customers get private addresses Philip rather than public address. It is often stated that these Philip are primarily cable-based providers. Philip I am trying to get a handle on how common this practice is. Philip No one that I have asked seems to know any provider that does Philip this, fastweb.it in Italy, and the Direcway satellite system in the US are the most obvious examples that I know of. I'm sure there are more. -- Andrew, Supernews http://www.supernews.com
Re: Service providers that NAT their whole network?
A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. I am trying to get a handle on how common this practice is. No one that I have asked seems to know any provider that does this, and a search of a few FAQs plus about an hour of Googling hasn't turned up anything definite (but maybe I am using the wrong keywords ...). We nat a portion of our residentail users -- not all of our network. As I recall our current nat pools are comprised of a /21 --sjk
Re: Service providers that NAT their whole network?
On 4/15/05, Philip Matthews [EMAIL PROTECTED] wrote: I am trying to get a handle on how common this practice is. No one that I have asked seems to know any provider that does this, and a search of a few FAQs plus about an hour of Googling hasn't turned up anything definite (but maybe I am using the wrong keywords ...). There was a MA based provided that catered towards municipalities that did this. I was a volunteer on our local IT comittee and was shocked to see this in action :) After a few requests they eventually did assign a public address to the router, but I think it was SOP to NAT everything. -Steve
Re: Service providers that NAT their whole network?
A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. I am trying to get a handle on how common this practice is. It's not uncommon among smaller providers in developing countries. International transit providers, particularly those that use satellite for local loop seem to be pretty miserly with IP addresses, leading their customer-ISPs to use NAT more broadly than is healthy. Obviously this makes it very difficult to multi-home, which reinforces the upstream's position. -Bill
Re: Service providers that NAT their whole network?
On Fri, 15 Apr 2005, Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. In my experience many cellular providers (at least in the US) do this as well. A GPRS connection to Cingular, even from a laptop device, will get a 1918 address. I don't mind since my phone runs linux with no root password (thanks motorola). -Scott
RE: Service providers that NAT their whole network?
Back when I worked at RCN in 1999, they had begun putting cable modem customers behind NAT using 10/8 addresses. This occasionally drew complaints from customers who were expecting a public IP (probably wanted to host a server), but they weren't given much choice. Whether or not they're still NATing, I have no idea. I can see the benefits for residential services like cable modem or even dial-up when there will never be a need for multihoming. Practically unlimited IP pool, and I assume it's easier to control things like worm propogation (correct me if I'm wrong). However, I'm sure there's several compromises you'd have to make in order to operate this way. -Rob -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip Matthews Sent: Friday, April 15, 2005 3:40 PM To: nanog@merit.edu Subject: Service providers that NAT their whole network? A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. I am trying to get a handle on how common this practice is. No one that I have asked seems to know any provider that does this, and a search of a few FAQs plus about an hour of Googling hasn't turned up anything definite (but maybe I am using the wrong keywords ...). Can anyone give me some names of providers that do this? Can anyone point me at any documents that indicate how common this practice is? - Philip (*) Some IETF documents that mention this practice: - RFC 3489 - draft-ietf-sipping-nat-scenarios-00.txt (now expired, but available at http://www.ietf.org/proceedings/02jul/I-D/draft-ietf-sipping-nat-scenari os-00.txt
Re: Service providers that NAT their whole network?
On Fri, Apr 15, 2005 at 01:40:12PM -0700, Scott Call wrote: On Fri, 15 Apr 2005, Philip Matthews wrote: A number of IETF documents(*) state that there are some service providers that place a NAT box in front of their entire network, so all their customers get private addresses rather than public address. It is often stated that these are primarily cable-based providers. In my experience many cellular providers (at least in the US) do this as well. A GPRS connection to Cingular, even from a laptop device, will get a 1918 address. I don't mind since my phone runs linux with no root password (thanks motorola). Must depend on the service. My CDPD and the 1X-RTT that replaced it, both from Verizontal, had public addresses, though they grew incoming filters around the Code Red days... Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: Service providers that NAT their whole network?
While not big by any sense of the word, we NAT [almost] all of our internal network. It wasn't initially a matter of choice, but rather of necessity. We had a sprinklings of small netblocks in the old legacy C swamp, mostly in the old SURAnet/BBN allocation, and after the Genuity takeover they yanked our routes on short notice (actually, our upstream didn't notify us until the last minute). We had to NAT into a new temporary allocation from an upstream, and later renumbered into a portable block for multihoming. There are still some old Genuity addresses in use inside (renumbering is easier said than done) but we're slowly cleaning them up. NAT seemed to be the best option at the time, especially since we had no portable allocation. We used to overload, but talk about overhead... Jeff