[GTALUG] NAT [was Re: Linux hardening question]

James Knott james.knott at rogers.com
Mon Jul 3 07:18:06 EDT 2017


On 07/03/2017 01:44 AM, D. Hugh Redelmeier via talk wrote:
> In any case, neither Bell nor Rogers know how to route my IP addresses
> into my home so I have to use a third party ISP that uses Bell's last
> mile.  (I want two connections but only one routes my IPs.)
>
> | > My IPv4 /24 is globally assigned.  That's not going to happen with
> | > IPv6.
> | 
> | Actually it does.  I have no problem reaching computers on my LAN when
> | I'm elsewhere.  With Rogers you can have a /64 to /56 all to yourself
> | and they are all globally unique and reachable from anywhere in the world.
>
> By "Globally assigned" I meant "Assigned to me directly by (the
> precursor to) ARIN".  That makes it portable: I can keep the IP
> addresses when I move between service providers.
>
> Globally Routable addresses are now assigned by a process like
> feudalism: IANA gives addresses to RIPE, ARIN, etc.
> Internet companies on the backbone get addresses from RIPE, ARIN, etc
> (depending on their geographic location).
> ISPs get subassignments from their upstream providers.  Apply this
> last rule recursively.
>
> So if you, an edge user, gets IP addresses, they are not yours but are
> merely loaned to you by upstream.
That's correct.  My /56 is part of Rogers' block.  I don't know why you
need your own block these days.  With IPv6 it's very easy to change
address blocks, when you change providers.  Just start up the new
connection and make it primary. Then update DNS and after a while
disconnect the old service.

> merely loaned to you by upstream.
>
> If your system has multiple internet connections and your upstreams
> are willing to support this, perhaps you can get your own addresses
> assigned (and an ASN -- something I don't have).

Then you'd need a provider that's willing to talk some routing protocol,
such as OSPF with you .  I don't know that Bell or Rogers would, at
least not at the consumer level.
>
> The smallest global assignment of IPv4 addresses is /24 (256
> addresses).  This is to reduce the size of the routing tables in core
> routers.  They even grumble about /24 being too small and
> burdensome.

Yep, I remember that crash a few years ago, when the routing tables got
too big.  With IPv6, the address blocks are handed out in a hierarchical
manner geographically to reduce the size of routing tables.


> | Back in the early days, it wasn't hard to get multiple addresses.
>
> Do you mean /24 from ARIN or something smaller from your upstream?

No, I meant they were easy to get because there weren't a lot of users,
so no shortage.
>
> | addresses.  Back in the dial up days, I originally had a static address,
> | but one of the reasons for ISPs moving to dynamic addresses was to free
> | them up, when someone disconnected.
>
> Having a static IP address for an intermittent connection wasn't too
> important.

Also, I don't think SLIP supported automatic address assignment, so
static only.
>
> Broadband for the masses, from Bell and Rogers, was meant for
> consumers.  Static IP addresses were used for price discrimination:
> organizations that wanted static IP addresses had to pay a lot more
> even though it cost Bell and Rogers almost nothing.  Remember: since
> broadband connections were essentially always on, they always used one
> IP address.
And that means some people a forced to live behind carrier grade NAT.

Incidentally, an excellent book is "IPv6 Essentials" from O'Reilly.





More information about the talk mailing list