Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)What do I need to know about CG-NAT ?
xlinknz

1141 posts

Uber Geek
+1 received by user: 168

Trusted

#157345 28-Nov-2014 08:29
Send private message

I'm considering joining but I see it was mentioned they use CG-NAT ? [unless I get a static IP]

What do I need to know about, what does that mean for me ?

What can't I do ?

I assume this will  be an issue for them when they go IPv6 ?

Create new topic
pohutukawa
197 posts

Master Geek
+1 received by user: 9


  #1184615 28-Nov-2014 08:34
Send private message

http://en.wikipedia.org/wiki/Carrier-grade_NAT

Alternatively, you can specify you require a standard, fixed IPv4 address for a one-off fee of $20.





pohutukawa ... turning with the seasons ... 



Whinery
104 posts

Master Geek
+1 received by user: 65

Trusted

  #1184711 28-Nov-2014 09:48
Send private message

Why would CG-NAT be an issue for IPv6?

If no public V4 addresses are being handed out, then there's no need to hand out any private V4 address on the CPE/RGW, is there?

The RFC1918 address currently used between the CPE and CG-NAT is a placeholder that doesn't "do" anything or "go" anywhere, other than get the CPE to the CG-NAT.  So, if you aren't getting a static V4 IP, then you don't need a V4 IP at all.  You can use the V6 on the CPE WAN for that.

If someone gets a static V4 and a static V6 address, they'll be dual-stack on the CPE WAN, and no CG-NAT.  If the person selected V6 only, they'll get static V6, but wouldn't need any V4 for connectivity to the outside world.  Access to the V4 Internet would be through DNS64, which would point the V6 address to the CG-NAT (running as NAT64 in this example), and the CG-NAT would enable access to the V4 Internet.

Of course, that doesn't cover the LAN.  Skype requires a V4 address, or the application will crash.  So anyone wishing to run Skype will need a V4 LAN range.  They *could* run V4 only on the LAN and V6 only on the WAN.  Or they could run dual stack on the LAN, or V6 only on the LAN.

Someone running V4 (or dual stack) on the LAN with V6 on the WAN would end up using 464XLAT to access the V4-only Internet from a V4-only application (like Skype).

CG-NAT is required for practical IPv6 implementation today.  So having one of the required components in place and running doesn't seem to be an issue, but is a preparation for V6.

But as for CG-NAT breaking things, I've seen some other Geekzone threads with people reporting very specific problems, but in general, it's not a huge issue.  Lots of carriers around the world use it, and have for years.  I'd be interested in whether the CG-NAT issues reported by others are related to all CG-NAT or specific implementations of CG-NAT.  It might be that different vendor's implementations of the same thing may give different results.  


------------Above is general technical discussion, not MyRepublic's views, below is the "official" answer--------------------


I can only recommend that you try it under the free trial period, and come back here and share your experiences.  We've not received complaints of any services not working under CG-NAT that shouldn't be (incoming servers).

xlinknz

1141 posts

Uber Geek
+1 received by user: 168

Trusted

  #1185010 28-Nov-2014 16:21
Send private message

Whinery: Why would CG-NAT be an issue for IPv6?

If no public V4 addresses are being handed out, then there's no need to hand out any private V4 address on the CPE/RGW, is there?

The RFC1918 address currently used between the CPE and CG-NAT is a placeholder that doesn't "do" anything or "go" anywhere, other than get the CPE to the CG-NAT.  So, if you aren't getting a static V4 IP, then you don't need a V4 IP at all.  You can use the V6 on the CPE WAN for that.

If someone gets a static V4 and a static V6 address, they'll be dual-stack on the CPE WAN, and no CG-NAT.  If the person selected V6 only, they'll get static V6, but wouldn't need any V4 for connectivity to the outside world.  Access to the V4 Internet would be through DNS64, which would point the V6 address to the CG-NAT (running as NAT64 in this example), and the CG-NAT would enable access to the V4 Internet.

Of course, that doesn't cover the LAN.  Skype requires a V4 address, or the application will crash.  So anyone wishing to run Skype will need a V4 LAN range.  They *could* run V4 only on the LAN and V6 only on the WAN.  Or they could run dual stack on the LAN, or V6 only on the LAN.

Someone running V4 (or dual stack) on the LAN with V6 on the WAN would end up using 464XLAT to access the V4-only Internet from a V4-only application (like Skype).

CG-NAT is required for practical IPv6 implementation today.  So having one of the required components in place and running doesn't seem to be an issue, but is a preparation for V6.

But as for CG-NAT breaking things, I've seen some other Geekzone threads with people reporting very specific problems, but in general, it's not a huge issue.  Lots of carriers around the world use it, and have for years.  I'd be interested in whether the CG-NAT issues reported by others are related to all CG-NAT or specific implementations of CG-NAT.  It might be that different vendor's implementations of the same thing may give different results.  


------------Above is general technical discussion, not MyRepublic's views, below is the "official" answer--------------------


I can only recommend that you try it under the free trial period, and come back here and share your experiences.  We've not received complaints of any services not working under CG-NAT that shouldn't be (incoming servers).




Thank you for the detailed reply esp for a prospective customer 

My comment about IPv6 and cg-nat was that imho cg-nat is not the preferred way in my view to provide ipv6 Dual Stack is, but obviously you don't want to [or can't] provide public IPv4 via dhcp by default - understandable with the public IPv4 address space availability constraint

ok so I have this right

If I don't pay $20 for a static v4 address a rfc1918 address is used between my cpe and the cg-nat, I have no doubt that works

Questions

So with your solution  can I access IPv6 only sites e.g. ipv6.google.com, if I access a dual stack site would my source address on the dual stack host show my source as IPv4 or IPv6 ?

Why not provide the IPv6 to the customer so I can access IPv6 hosts with no translation mechanism, obviously IPv6 does not have the address space availability constraint ?

If I want an IPv6 addresss [or network] does that cost me ?

ps: happy to take this off line if you prefer

 



Dairyxox
1595 posts

Uber Geek
+1 received by user: 455


  #1185030 28-Nov-2014 16:50
Send private message

My understanding is that CG-NAT effectively takes control of the firewall away from the user.
This doesn't mean it cant be configured, but you have to ask the provider to configure the firewall rules you want, and you are at their mercy as to weather they will allow such changes.

Am I wrong?

pohutukawa
197 posts

Master Geek
+1 received by user: 9


  #1185053 28-Nov-2014 17:27
Send private message

Dairyxox: My understanding is that CG-NAT effectively takes control of the firewall away from the user.
This doesn't mean it cant be configured, but you have to ask the provider to configure the firewall rules you want, and you are at their mercy as to weather they will allow such changes.

Am I wrong?


Read the article I posted a link to.





pohutukawa ... turning with the seasons ... 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright