Interesting.
Very interesting indeed. Way to do the right thing here Verizon. This may be the first time I've been happy to be a Comcast customer.
Good to see that they are providing a way for users to opt out. I'm hoping
that other ISP's will do the same when they implement CGN.
Oliver
It would be nice to get an update from them regarding their IPv6 plans. Their IPv6 support page still says they will start deploying "3Q12" :(.
Interesting.
<blockquote>
What is CGN - and How to opt-out The number and types of devices using the Internet have increased dramatically in recent years and, as a result, address space for these devices is being rapidly exhausted. Today’s technology for IP addresses is referred to as IPv4 (Internet Protocol version 4). The IP addresses aligned with IPv4 are expected to be depleted at some point in the near future. The next generation of IP address space is IPv6, which will enable far more addresses to be assigned than IPv4. Unfortunately, most servers and other Internet devices will not be speaking IPv6 for a while, so IPv4 will remain standard for some time to come.
During this transitional period, in select areas for High Speed Internet residential customers, Verizon will be implementing Carrier Grade Network Address Translation (CGN or Carrier Grade NAT). Verizon FiOS and Verizon Business customers are not impacted at this time by the change. This transition will enable Verizon to continue serving customers with IPv4 internet addresses. CGN will not impact the access, reliability, speed, or security of Verizon’s broadband services. However, there are some applications such as online gaming, VPN access, FTP service, surveillance cameras, etc., that may not work when broadband service is provided via a CGN.
For our customers utilizing these types of applications, Verizon provides the ability to "opt out “of CGN. To "opt out" you must:
Be a Residential customer with High Speed Internet Service. There is no need to “opt-out” if you are a FiOS or Business customer.
Have already been transitioned to the Carrier Grade Network by Verizon. If you are a Residential High Speed Internet customer and are unable to opt-out, it is likely that you have not yet been transitioned to CGN.To "opt out" of CGN sign onto your My Verizon account and select "Opt out of Carrier Grade Network".
</blockquote>
I like how, according to the document, Verizon must first break your
connectivity, prior to you being able to opt-out. 
Also:
select "Opt out of Carrier Grade Network"
Smart wording.
Frankly, I'm surprised to see this news. I thought Verizon had better
things to do that plan any kind of upgrades or changes to something
that everyone thought they consider dead anyways.
C.
I'd love to see a CGN box that is cheaper than IPv4 addresses currently are on the transfer market.
Matthew Kaufman
What I find amusing is how they call it "Carrier Grade NAT" one time, and
then switch to calling it "Carrier Grade Network", thereby making it sound
all cool and better and stuff...
Cheers,
-- jra
That depends on what you think the prices are for IPv4 addresses and what you think the prices are for CGN boxes. At the prices I'm hearing, it's cheaper to CGN 50k users (or more) than to purchase IPv4 addresses.
Otoh, ARIN isn't exhausted yet so getting IPv4 addresses there should still be a lot cheaper than doing CGN?
I think Comcast is using CGN too!!! My IP address displayed on my MacBook is in the 10.0.0.0/8 range, and ARIN website can't determine my IP address either.
Joe
I'd love to see a CGN box that is cheaper than IPv4 addresses currently
are on the transfer market.
You mean like a few linux servers running iptables nat-masquerade?
You think the "Carrier Grade" in "Carrier Grade NAT" isn't just a
rhetorically constructed distraction, from the fact that simple NAT
may be implemented, and yeah, end users are certain to experience
annoyances, either way...
Interesting.
<blockquote>
...
...CGN will not impact the access,
reliability, speed, or security of Verizon’s broadband services. ...
...
</blockquote>
Good luck with that, pretty much by definition it has to do all four
(albeit at levels that shouldn't be detectable to the end user)
I like how, according to the document, Verizon must first break your
connectivity, prior to you being able to opt-out.
If you look at it from their side this makes a lot of sense, helps to
ensure that only those who actually get breakage from the CGN opt out,
otherwise you'd never know to request it.
I wonder how much more painful just upgrading the dsl plant to support v6
would be vs deploying the cgn equipment and funneling users through that 
The answer depends on whether the person making the decision thinks they'll
have left the company before the IPv6 birds come home to roost. 
IPv6 deployment is not a short term solution to IPv4 address depletion. Would you be less upset if there was IPv6 access and CPE based DS Lite (ie your IPv4 is still CGN:ed, just in a different way)?
CGN is here to stay for IPv4. The solution for long term Internet growth is IPv6.
CGN is just a solution to save time, it is not a transition mechanism through IPv6
At the end (IPv6 at home) you will need at list :
Dual stack or NAT64/ DNS64
My 2 cents
CGN doesn't stop anyone deploying dual stack. NAT64/DNS64 is dead in the water without other mechanisms (464XLAT or alike).
My point is that people seem to scoff at CGN. There is nothing stopping anyone putting in CGN for IPv4 (that has to be done to handle IPv4 address exhaustion), then giving dual stack for end users can be done at any time.
Face it, we're running out of IPv4 addresses. For basic Internet subscriptions the IPv4 connectivity is going to be behind CGN. IPv6 is a completely different problem that has little bearing on CGN or not for IPv4. DS-Lite is also CGN, it just happens to be done over IPv6 access. MAP is also CGN.
I'm ok with people complaining about lack of IPv6 deployment, but I don't understand people complaining about CGN. What's the alternative?
* Mikael Abrahamsson
My point is that people seem to scoff at CGN. There is nothing stopping
anyone putting in CGN for IPv4 (that has to be done to handle IPv4
address exhaustion), then giving dual stack for end users can be done at
any time.Face it, we're running out of IPv4 addresses. For basic Internet
subscriptions the IPv4 connectivity is going to be behind CGN. IPv6 is a
completely different problem that has little bearing on CGN or not for
IPv4. DS-Lite is also CGN, it just happens to be done over IPv6 access.
MAP is also CGN.I'm ok with people complaining about lack of IPv6 deployment, but I
don't understand people complaining about CGN. What's the alternative?
Technically I agree with all of the above. However, going for the NAT444
flavour of CGN might well delay or lower the perceived importance of
IPv6 deployment within an ISP. The immediate problem is IPv4 service
continuity, and if that is to be accomplished without IPv6 being part of
it, it's easy to postpone doing anything about IPv6.
I went to an interesting presentation from Kabel Deutschland last month,
who have deployed DS-Lite to their residential subscribers. One of the
messages was that once the decision was made to implement DS-Lite to
deal with IPv4 exhaustion, there was no problem getting the necessary
support to deploy IPv6 - it was no longer a separate and
non-revenue-generating problem, but an essential building block needed
for their IPv4 service continuity. (MAP and 464XLAT would yield the same
effect, of course.)
To answer your earlier question - yes, I'd very much prefer to have
DS-Lite over NAT444, because only the former will ensure that I get
native IPv6 once my native IPv4 gets taken away. With NAT444, I'm no
closer to having IPv6 than I was before NAT444.
That said, there are of course some things that may make anything except
NAT444 undeployable. Verizon might have old DSLAMs that cannot deal with
IPv6, or customer-controlled/owned (layer-3) HGWs. If so, their hands
are tied.
* Mikael Abrahamsson
Otoh, ARIN isn't exhausted yet so getting IPv4 addresses there should
still be a lot cheaper than doing CGN?
From what I hear several ISPs in the ARIN region prefer to obtain
second-hand IPv4 addresses (or deploy CGN boxes) over requesting
addresses directly from ARIN, and the reason is that ARIN, per policy,
will only give its members addresses to cover three months' worth of
consumption, and that this period is simply too short for the allocation
to be operationally useful, especially for large organisations.
I have an anecdote to share here: A while back, a techie from a large
organisation in the RIPE region told me that from their point of view,
the RIPE NCC was effectively depleted once they implemented the
three-month period for allocations on the 1st of July 2011, because they
needed more than three months to actually put a new allocation in
production - hence they couldn't justify anything any longer.
When transferring, on the other hand, ARIN's policies allows for
obtaining up to 24 months' worth of space. This gives longer-term
operational predictability, which may easily justify the cost of the
addresses themselves. Same thing goes for deploying CGNs instead - the
organisation is then free to plan as far ahead as it feels like, without
being constrained by ARIN policies. That has a value, possibly more than
the cost of the CGN boxes themselves.
Tore
Well if the RFCs would just be set in stone already like Moses's 10 commandments
and if the programmers would actually start writing code for v6
and if the web site hosting servers would at least have dual stack enabled on them
it would be great.
But till then we just change a RFC here, band-aid IPv4 there and wait till everything reaches critical mass and comes crashing on our heads.
Jimmy Hess <mysidia@gmail.com> writes:
I'd love to see a CGN box that is cheaper than IPv4 addresses currently
are on the transfer market.You mean like a few linux servers running iptables nat-masquerade?
You think the "Carrier Grade" in "Carrier Grade NAT" isn't just a
rhetorically constructed distraction, from the fact that simple NAT
may be implemented, and yeah, end users are certain to experience
annoyances, either way...
Forget about the "annoying users" part; the "carrier-grade" part of
CGN is all about not annoying the service provider. As far as I'm
aware, iptables does not include deterministic port translation based
on source address, nor easy-to-configure hooks for CALEA [*]. It may
well turn out that once one factors in support your costs are higher
with large scale NAT-on-Linux than if you'd sucked it up and coughed
up a quarter mil for an appliance.
-r
[*] I'd love to hear that I'm wrong on this count, but a how-to
document that explains how one can lovingly handcraft such a thing as
opposed to a special refactored distro that's ready to plug-and-chug
appliance style will only serve to reinforce my assertion.