[ale] {Disarmed} Re: IPv4 devices on IPv6 network

Sun Jul 1 10:07:19 EDT 2012

Certain IPsec VPN tunnels won't work over CGNAT? Hmmm, maybe now the
ipv6 naysayers will give up their ranting (you know, the ones that say
that there's no point to ipv6 other than more IP addresses). Maybe now
they'll see NAT for the kludgy hack that it is and how it violates the
end-to-end principle.

On 6/30/12, Michael H. Warfield <mhw at wittsend.com> wrote:
> On Sat, 2012-06-30 at 12:44 -0400, Michael Campbell wrote:
>> On Sat, Jun 30, 2012 at 1:10 AM, Alex Carver
>> <agcarver+ale at acarver.net>wrote:
>>
>> > Hi everyone,
>> >
>> > Got a "plan ahead" question for you.  I've got a handful of
>> > firmware-based devices that are IPv4-only never to be made IPv6 capable
>> > (PLCs, some print servers, data loggers, etc.)
>
>> This may not affect you, and just an FYI, but...you mention AT&T later,
>> so
>> be aware that at least with U-Verse, they have said that LANs (on uVerse)
>> can no longer use the 10.0.0.0/8 addresses.  There is rumor that this is
>> due to AT&T moving to a corporate wide NAT where their whole network is
>> going to be behind a NAT, and that your AT&T modem/router is going to be
>> given a 10.*.*.* address in that space.   This is supposed to happen
>> 6-Jul.
>
> I saw one message about that couple of months ago, with no confirmation
> and which others are saying that AT&T people are denying.  What you are
> talking about is CGNAT (which I referred to in my previous message) or
> NAT444 and they are NOT support to use 10./8 for that!  There is an IETF
> RFC specified block of addresses for Carrier Grade NAT (CGNAT).
>
>> The other rumor is that you can have an externally visible IP4 IP for an
>> additional $15/mo.  I don't know how this works with existing static IP
>> users, and personally I've subscribed to a third party VPN provider
>> through
>> which I can forward ports back to my machine so I can have an externally
>> visible machine, since I do run services that I need to get to from
>> outside
>> AT&T's network.
>
> Be aware that not all VPNs will work through CGNAT.  IPSec NAT-T will.
> OpenVPN will.  Cisco AnyConnect / OpenConnect will.  VPNC will.  Most
> SSL / DTLS ones will.  Other proprietary ones are a crap shoot.
>
>> So, now we wait.  I'm not a network guy, so I assume there's a way to
>> segregate your LAN from theirs even if they do this, but people here
>> smarter than I can debate the feasibility and wisdom of doing so =)
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>

-- 
Looking for better conference calls? Try Uberconference:

http://uberconference.com/zevcxTpX