LinkBack URL
About LinkBacksI don't know whether they do or not, but my point was that you don't have to have BT.
I don't know whether they do or not, but my point was that you don't have to have BT.
I have to say I'm kind of with Jim on the whole server issue. If you're running publicly available servers at home why don't you have a static IP address already? Plusnet provide them for a one off payment of a fiver, as well as being one of the better ISPs out there (IMNSHO, obviously). The whole point of the open broadband market is that you don't have to have BT broadband. Anyone with the ability to safely run a server should know the score on that one anyway. I was considering Infinity last year (I ended up plumping to stick with plusnet in the end), but if I'd known they didn't offer the option of a static IP I wouldn't even have considered them - that's a basic option on any ISP package, as far as I'm concerned.
One quote from the original article stood out to me: "XBox Live requires NAT to be open to work correctly so has reduced multiplayer ability". Now - again IMNSHO obviously - that's a WTF on the side of Xbox live. Any client software should work seamlessly regardless of the type of internet connection it's on. So if xbox live suddenly dies because of the type of NAT you're using, that's a problem with xbox live, not the ISP.
There's a lot more to it than not being able to run a public server. Besides, you still can with a dynamic address, dynamic DNS being one option. Not to mention dynamic IPs with some ISPs very rarely change (I've had IPs with VM for many months, even years - there's little point in rapidly changing them), so handing out your IP for some purposes is actually feasible. Dynamic vs static is a *completely* different story to public vs non-routable IP, you're comparing apples to oranges.
Sticking customers behind NAT will break more functionality than you probably realise - the Internet isn't one-way. You may not notice problems behind a home router because UPnP allows devices to configure port forwarding when they need it. Disable UPnP and you'll cause problems for a lot of things unless you manually forward ports. UPnP by its very nature can be a major security risk, so it's fair to assume ISPs will allow nothing of the sort (not to mention the technical challenges implementation could pose). Examples of affected services include many games, VoIP, torrent, IM, essentially anything with some P2P functionality.
Xbox Live is not just client software - it's a P2P system. Although some games like Battlefield 3 host dedicated servers, the vast majority select a host from the connected players, CoD is a notable example. There's no problem with doing that considering people should have public IPs, and there's no reason to blame it because some all-round daft move by a large ISP breaks it. Oh and before anyone keeps on blaming XBL, PSN and AFAIK the Nintendo network act similarly - it's nothing unique.
Masquerading NAT is just a bodge to allow more devices to connect using fewer public IPs, not an excuse to not give paying customers a proper IP address.
There may be other ISPs, but none as large as BT, and I'd expect such an ISP to behave competently overall. Their network is relatively well-managed, so it would be a shame to have to write them off because of a boneheaded move like this, and most other ISPs use tunnels through it to some extent.
Last edited by watercooled; 09-05-2013 at 05:00 PM.
*shrug* p2p should still work behind NAT - after all, the vast majority of people running P2P services are behind NAT already - torrents being the most obvious one. I have no open ports or port forwarding on my router (afaik, should check that really) and I'm pretty sure UPnP is disabled on my router (again though, do need to check
Surely the whole point of NAT is that it routes traffic from a publicly routable IP to a non-publicly routable IP. If the method used by the carrier to do that interferes with end-point NAT then fair enough, that's an issue, but the use of NAT itself shouldn't be. The p2p services should still get a routable IP address from the final NAT router in the chain, and packets should then be passed back transparently. And if it needs an open port on the publicly adressable end-point, it's running a server, which is (as you rightly say) a potential security risk. Gotta wonder how many devices do that, and how many people know about it...
Most of the time, they either still work because of UPnP (enabled by default an almost all common home routers), or because the other end of the connection is set up properly. If both are behind masquerading NAT, there's essentially no way to communicate without further bodges to keep connections alive.
XBL uses a simplified model, reporting either closed, moderate or open NAT - open can connect to anything, moderate can connect to moderate or open, and strict can only connect to open. E.g. if you're behind NAT with no port forwarding, you can only establish a connection with someone if they have 'open' NAT i.e. properly port-forwarded, port number not modified by the router, etc.
Skype, again, cannot communicate properly if you're behind NAT. It uses workarounds to still enable communication, using often unwitting clients without NAT as 'relays'.
NAT in this context routes traffic from *one* public IP to *many* non-routable IP, and that's where the problems arise. In theory, unless the program is configured poorly, 1:1 NAT generally shouldn't cause any problems, again if the port numbers aren't modified/randomised, but it's not terribly useful for this scenario.
It's not that simple. This system is sometimes referred to as port address translation, or NAT overload, for obvious reasons - port numbers have to be tampered with in order to share an IP address. Without going into the depths of how NAT functions, it breaks end-to-end connectivity, and connections must be established by the client behind the NAT to a listening service on a system with a routable IP (forwarded or otherwise). This isn't always possible. Then, the NAT device has to keep the connection alive and pass packets based on port numbers. If two devices wish to use the same port number, you're screwed.The p2p services should still get a routable IP address from the final NAT router in the chain, and packets should then be passed back transparently
I did not say running a service is a security risk, I said UPnP can be a security risk, if exploited. Not only does it allow port forwarding, it allows the firewall to be manipulated. NAT is not a security measure, and should not be relied upon as such.
Services are part and parcel of many networked applications, it's common to have plenty of listening services running on your system. Without listening connections, there would be no way (besides periodically polling a server) to for IM messages, or VoIP calls to make it through to your system. NAT does not know how to forward a random packet it receives on its public side unless it's already expecting it i.e. if the client has established a connection and a service is listening.
So, the use of NAT itself is indeed a problem in plenty of scenarios - were it not, we wouldn't be bothering with IPv6.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote