A number of IETF documents(*) state that there are some service providers
that place a NAT box in front of their entire network, so all their
customers get private addresses rather than public address.
It is often stated that these are primarily cable-based providers.
I am trying to get a handle on how common this practice is.
No one that I have asked seems to know any provider that does this,
and a search of a few FAQs plus about an hour of Googling hasn't
turned up anything definite (but maybe I am using the wrong keywords ...).
Can anyone give me some names of providers that do this?
Can anyone point me at any documents that indicate how common
this practice is?
Rose.net, the municipal provider in Thomasville GA. They'll assign you
a fixed public address which can be gotten back through if you ask, for
extra money, but your interface address will still be in 1918 space.
Didn't some of the African ISPs claim that they were forced to do this by
ILEC/monopoly providers who would not give them the IP space they
needed, resulting in ARIN allowing a minimum ISP allocation of /24 for the
African region which is now AfriNIC?
A number of IETF documents(*) state that there are some
> service providers that place a NAT box in front of their
> entire network, so all their customers get private addresses
> rather than public address. It is often stated that these
> are primarily cable-based providers.
> I am trying to get a handle on how common this practice is.
> No one that I have asked seems to know any provider that does
> this,
fastweb.it in Italy, and the Direcway satellite system in the US are
the most obvious examples that I know of. I'm sure there are more.
A number of IETF documents(*) state that there are some service providers
that place a NAT box in front of their entire network, so all their
customers get private addresses rather than public address.
It is often stated that these are primarily cable-based providers.
I am trying to get a handle on how common this practice is.
No one that I have asked seems to know any provider that does this,
and a search of a few FAQs plus about an hour of Googling hasn't
turned up anything definite (but maybe I am using the wrong keywords ...).
We nat a portion of our residentail users -- not all of our network. As I
recall our current nat pools are comprised of a /21
There was a MA based provided that catered towards municipalities that
did this. I was a volunteer on our local IT comittee and was shocked
to see this in action
After a few requests they eventually did assign a public address to
the router, but I think it was SOP to NAT everything.
A number of IETF documents(*) state that there are some service providers
> that place a NAT box in front of their entire network, so all their
> customers get private addresses rather than public address.
> It is often stated that these are primarily cable-based providers.
> I am trying to get a handle on how common this practice is.
It's not uncommon among smaller providers in developing countries.
International transit providers, particularly those that use satellite for
"local loop" seem to be pretty miserly with IP addresses, leading their
customer-ISPs to use NAT more broadly than is healthy. Obviously this
makes it very difficult to multi-home, which reinforces the upstream's
position.
In my experience many cellular providers (at least in the US) do this as well. A GPRS connection to Cingular, even from a laptop device, will get a 1918 address. I don't mind since my phone runs linux with no root password (thanks motorola).
Must depend on the service. My CDPD and the 1X-RTT that replaced it,
both from Verizontal, had public addresses, though they grew incoming
filters around the Code Red days...
While not "big" by any sense of the word, we NAT [almost] all of our
internal network. It wasn't initially a matter of choice, but rather of
necessity. We had a sprinklings of small netblocks in the old legacy C
swamp, mostly in the old SURAnet/BBN allocation, and after the Genuity
takeover they yanked our routes on short notice (actually, our upstream
didn't notify us until the last minute). We had to NAT into a new
temporary allocation from an upstream, and later renumbered into a
portable block for multihoming.
There are still some old Genuity addresses in use inside (renumbering is
easier said than done) but we're slowly cleaning them up. NAT seemed to
be the best option at the time, especially since we had no portable
allocation.
Thanks to everyone who replied to my question about NAT usage
in service providers (see original posting below).
I got a lot of private replies, as well as those
who posted to the list.
To summarize:
It seems that there are quite a few providers who do this.
I was told of at least 24 providers in the U.S., as well as providers
in Canada, in Central America, in Europe, and in Africa which which
do this.
It was suggested by a number of people that this was quite common
on WiFi access and for data services on cell phones.
I also heard about a number of cable access providers that do this,
and its use on DSL access was mentioned a couple of times.
(Many people didn't say what access types were affected, so I don't
feel I can derive any meaningful statistics).
A number of smaller providers told me that they do it because they
simply cannot get enough routable IP addresses from their upstream
providers.
If I was to speculate, I would guess that the practice might be more
common amongst newer providers, and with newer access methods on
more established providers.
That makes very little sense to me since the smaller providers can get
a /22 directly from ARIN.
I, personaly, would never purchase service from a provider that insisted
on sticking me behind NAT.
SPRINT PCS does not NAT my cellphone. I receive a dynamic address at
connection time, but, it is a real address. What they do that annoys
me is they block UDP Port 53 to non-sprint nameservers, and, the phone
browser is hard-coded to a particular sprint HTTP Proxy server.
If the practice is becoming more common, that is very unfortunate.
That makes very little sense to me since the smaller providers can get
a /22 directly from ARIN.
Sometimes resources that are come from a regional registry are not welcomed by a national operator. This can go for AS numbers as well as addresses. And sometimes a national operator is the only way out.
I doubt that this becoming more common; sadly, it's probably not becoming less common either.
Not welcomed as in, filtered out / these providers refuse to route them?
Or do they kick up a fuss on the lines of "you should approach only
me, or failing that the LIR, for IPs, don't let me catch you running
to the RIR next time"
As in, sometimes national operators will decline to speak bgp to (topologically) subnational operators, so that even when they present themselves with a regionally allocated public ASN and address space, these will not be accepted. I am not at liberty to identify specific cases, but if you look at recent-ish (RIR-era) ASN allocations that have never appeared in the routing table, you will come across (n) networks that fit this description.
Another reason to approach with caution proposals to cede greater registry-like authority to national PTOs and regulatory authorities, IMHO.
As in, sometimes national operators will decline to speak bgp to
(topologically) subnational operators, so that even when they present
themselves with a regionally allocated public ASN and address space,
these will not be accepted. I am not at liberty to identify specific
cases, but if you look at recent-ish (RIR-era) ASN allocations that
have never appeared in the routing table, you will come across (n)
networks that fit this description.
Ah, that. Finding places with large incumbent telcos that want to
preserve their monopoly, and typically have the local telco regulator
in their pocket, is not hard at all .. this happens all the time there
One possible reason would be that quite often the people there are not
very capable at bgp at all .. so someone who's selling them routers
gives them a static route to their upstream, then they give their
downstream customers a word doc with a template that assigns the
downstreams yet another static route ...
Attempts at adding BGP and sometimes, MPLS, to those networks tend to
produce interesting looking results. Especially funny example -
someone who was a "senior admin" at a certain large asian ISP decided
to ask Philip what a route map is, in a sanog tutorial on advanced BGP
last year.
Another reason to approach with caution proposals to cede greater
registry-like authority to national PTOs and regulatory authorities,
IMHO.
Any such authority is guaranteed to be heavily abused to further
existing monopolies
I think (or at least I hope) that folks that fit your description are identified by the registries and routed to the education track before their applications are approved. I am not (entirely) naive -- and am quite pleased to have the opportunity to contribute to ongoing education efforts through APRICOT -- so I am sure that some share of allocated-but-never-routed ASNs could be explained away as you suggest. That said, the cases I am obliquely referring to are established, fully clue-embued enterprises -- some even service providers -- with competent engineers on staff. I.e., operators that applied for, met the criteria, and received a public ASN plus IP allocation from an RIR.
Apologies for the late reply, but T-Mobile's US GPRS network hands out
RFC1918 space as well.
Ah, that depends on if you're on WAP, T-Mobile Internet or T-Mobile VPN.
The VPN service is exactly the same as the Internet one, except that it gives you non-NAT'd address space for VPN compatibility. (APN internet3.voicestream.com, everything else is the same). Note that you have to be provisioned on each APN now, you can't jump around like you used to be able to.
