[arin-ppml] Why are ISPs allowed?

Kevin Loch kloch at kl.net
Sat Jan 3 16:58:16 EST 2009


Artur (eBoundHost) wrote:
> Is there a reason why ISP's such as Comcast/ATT, allowed to hand out 
> unique IP addresses, even not static ones, to end users? Why are they 
> not required to use NAT?

NAT breaks lots of things.  In addition to the obvious (p2p, services)
it breaks native IPSec and ipip tunnels (6to4 and static IPv6 tunnels).
There are many applications like FTP that break in various ways 
depending on how good/bad the hacks in the NAT box are.  There will be
applications that NAT vendors have never heard of.  Google "nat breaks"
for some other examples.

Operationally this would be a disaster for the ISPs:

o How do you identify which customer is responsible for what traffic?
   Instead of keeping a simple database of IP->customer you would have to
   keep  complete logs of ip/port->customer mappings.   This would be
   extraordinarily impractical.

o The public natted ips would be highly attractive DDOS targets as
   they would take out an entire neighborhood or ISP instead of
   an individual customer.

o If a user gets banned at a particular server an entire neighborhood
   or ISP of users would also be banned.

o IP based secondary access controls (for example only allowing ssh from
   a specific IP) would be less useful.

o Cable ISPs provide exactly zero customer support today.  How could
   possibly support all of the bugs that NAT would introduce or
   manage the static port or public ip mappings that would be required
   for the things that are broken.

> If ISPs were to switch to local address space, how many IP blocks would 
> be released back into the wild?

Zero?  What incentive would they have to return space they already have
if they know they can't ever go back for more?

- Kevin



More information about the ARIN-PPML mailing list