Home page logo

nanog logo nanog mailing list archives

Re: couple of questions regarding 'lifeline' and large scale nat...
From: Leo Bicknell <bicknell () ufp org>
Date: Fri, 10 Feb 2012 17:00:36 -0800

In a message written on Sat, Feb 11, 2012 at 09:19:46AM +0900, Masataka Ohta wrote:
The applications can simply be debugged to use socket option

"Simple" is subjective.  Keep in mind many users will have a home
gateway which also does NAT.  And indeed double NAT in the home (router
doing NAT, third party device doing NAT) is depressingly common.  That
means some of the troubleshooting will be via a triple-NAT if the
carrier is performing the conversion.

Are you saying we MUST record all the IP addresses and
port numbers of all peers of your customers to prevent
illegal things?

If the carrier NAT's, maybe.

Today port information need not be stored, because an IP is assigned
to a customer.  Law enforcement can come request who was using an
IP, and be given the customer information.  It's what everyone has
come to expect.

It's also not just what is legally required, but what is administratively
friendly.  Will the law say you have to track ports with carrier
grade NAT, probably not.  Will law enforcement spend a lot more
time with your staff trying to track down bad people costing you
time and money if you don't, probably.

Large operations tend to find that having a cost effective and staff
time effective way to deal with law enforcement is very important.

IPv6 means considerably more amount of headache and
support costs than using NAT cleverly and simply.

When IPv4 addresses are selling for $100 an address that equation
changes quickly.  That day may be only a few months or years off.

       Leo Bicknell - bicknell () ufp org - CCIE 3440
        PGP keys at http://www.ufp.org/~bicknell/

Attachment: _bin

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]