What do I need to know about CG-NAT ?

Forums › 2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus) › What do I need to know about CG-NAT ?

xlinknz

1127 posts

Uber Geek

Trusted

#157345 28-Nov-2014 08:29

I'm considering joining but I see it was mentioned they use CG-NAT ? [unless I get a static IP]

What do I need to know about, what does that mean for me ?

What can't I do ?

I assume this will be an issue for them when they go IPv6 ?

pohutukawa

197 posts

Master Geek

#1184615 28-Nov-2014 08:34

http://en.wikipedia.org/wiki/Carrier-grade_NAT

Alternatively, you can specify you require a standard, fixed IPv4 address for a one-off fee of $20.

Whinery

104 posts

Master Geek

Trusted

#1184711 28-Nov-2014 09:48

Why would CG-NAT be an issue for IPv6?

If no public V4 addresses are being handed out, then there's no need to hand out any private V4 address on the CPE/RGW, is there?

The RFC1918 address currently used between the CPE and CG-NAT is a placeholder that doesn't "do" anything or "go" anywhere, other than get the CPE to the CG-NAT. So, if you aren't getting a static V4 IP, then you don't need a V4 IP at all. You can use the V6 on the CPE WAN for that.

If someone gets a static V4 and a static V6 address, they'll be dual-stack on the CPE WAN, and no CG-NAT. If the person selected V6 only, they'll get static V6, but wouldn't need any V4 for connectivity to the outside world. Access to the V4 Internet would be through DNS64, which would point the V6 address to the CG-NAT (running as NAT64 in this example), and the CG-NAT would enable access to the V4 Internet.

Of course, that doesn't cover the LAN. Skype requires a V4 address, or the application will crash. So anyone wishing to run Skype will need a V4 LAN range. They *could* run V4 only on the LAN and V6 only on the WAN. Or they could run dual stack on the LAN, or V6 only on the LAN.

Someone running V4 (or dual stack) on the LAN with V6 on the WAN would end up using 464XLAT to access the V4-only Internet from a V4-only application (like Skype).

CG-NAT is required for practical IPv6 implementation today. So having one of the required components in place and running doesn't seem to be an issue, but is a preparation for V6.

But as for CG-NAT breaking things, I've seen some other Geekzone threads with people reporting very specific problems, but in general, it's not a huge issue. Lots of carriers around the world use it, and have for years. I'd be interested in whether the CG-NAT issues reported by others are related to all CG-NAT or specific implementations of CG-NAT. It might be that different vendor's implementations of the same thing may give different results.

------------Above is general technical discussion, not MyRepublic's views, below is the "official" answer--------------------

I can only recommend that you try it under the free trial period, and come back here and share your experiences. We've not received complaints of any services not working under CG-NAT that shouldn't be (incoming servers).

xlinknz

1127 posts

Uber Geek

Trusted

#1185010 28-Nov-2014 16:21

Whinery: Why would CG-NAT be an issue for IPv6?

If no public V4 addresses are being handed out, then there's no need to hand out any private V4 address on the CPE/RGW, is there?

The RFC1918 address currently used between the CPE and CG-NAT is a placeholder that doesn't "do" anything or "go" anywhere, other than get the CPE to the CG-NAT. So, if you aren't getting a static V4 IP, then you don't need a V4 IP at all. You can use the V6 on the CPE WAN for that.

If someone gets a static V4 and a static V6 address, they'll be dual-stack on the CPE WAN, and no CG-NAT. If the person selected V6 only, they'll get static V6, but wouldn't need any V4 for connectivity to the outside world. Access to the V4 Internet would be through DNS64, which would point the V6 address to the CG-NAT (running as NAT64 in this example), and the CG-NAT would enable access to the V4 Internet.

Of course, that doesn't cover the LAN. Skype requires a V4 address, or the application will crash. So anyone wishing to run Skype will need a V4 LAN range. They *could* run V4 only on the LAN and V6 only on the WAN. Or they could run dual stack on the LAN, or V6 only on the LAN.

Someone running V4 (or dual stack) on the LAN with V6 on the WAN would end up using 464XLAT to access the V4-only Internet from a V4-only application (like Skype).

CG-NAT is required for practical IPv6 implementation today. So having one of the required components in place and running doesn't seem to be an issue, but is a preparation for V6.

But as for CG-NAT breaking things, I've seen some other Geekzone threads with people reporting very specific problems, but in general, it's not a huge issue. Lots of carriers around the world use it, and have for years. I'd be interested in whether the CG-NAT issues reported by others are related to all CG-NAT or specific implementations of CG-NAT. It might be that different vendor's implementations of the same thing may give different results.

------------Above is general technical discussion, not MyRepublic's views, below is the "official" answer--------------------

I can only recommend that you try it under the free trial period, and come back here and share your experiences. We've not received complaints of any services not working under CG-NAT that shouldn't be (incoming servers).

Thank you for the detailed reply esp for a prospective customer

My comment about IPv6 and cg-nat was that imho cg-nat is not the preferred way in my view to provide ipv6 Dual Stack is, but obviously you don't want to [or can't] provide public IPv4 via dhcp by default - understandable with the public IPv4 address space availability constraint

ok so I have this right

If I don't pay $20 for a static v4 address a rfc1918 address is used between my cpe and the cg-nat, I have no doubt that works

Questions

So with your solution can I access IPv6 only sites e.g. ipv6.google.com, if I access a dual stack site would my source address on the dual stack host show my source as IPv4 or IPv6 ?

Why not provide the IPv6 to the customer so I can access IPv6 hosts with no translation mechanism, obviously IPv6 does not have the address space availability constraint ?

If I want an IPv6 addresss [or network] does that cost me ?

ps: happy to take this off line if you prefer

Dairyxox

1594 posts

Uber Geek

#1185030 28-Nov-2014 16:50

My understanding is that CG-NAT effectively takes control of the firewall away from the user.
This doesn't mean it cant be configured, but you have to ask the provider to configure the firewall rules you want, and you are at their mercy as to weather they will allow such changes.

Am I wrong?

pohutukawa

197 posts

Master Geek

#1185053 28-Nov-2014 17:27

Dairyxox: My understanding is that CG-NAT effectively takes control of the firewall away from the user.
This doesn't mean it cant be configured, but you have to ask the provider to configure the firewall rules you want, and you are at their mercy as to weather they will allow such changes.

Am I wrong?

Read the article I posted a link to.