[arin-ppml] Why are ISPs allowed?
kloch at kl.net
Sat Jan 3 16:58:16 EST 2009
Artur (eBoundHost) wrote:
> Is there a reason why ISP's such as Comcast/ATT, allowed to hand out
> unique IP addresses, even not static ones, to end users? Why are they
> not required to use NAT?
NAT breaks lots of things. In addition to the obvious (p2p, services)
it breaks native IPSec and ipip tunnels (6to4 and static IPv6 tunnels).
There are many applications like FTP that break in various ways
depending on how good/bad the hacks in the NAT box are. There will be
applications that NAT vendors have never heard of. Google "nat breaks"
for some other examples.
Operationally this would be a disaster for the ISPs:
o How do you identify which customer is responsible for what traffic?
Instead of keeping a simple database of IP->customer you would have to
keep complete logs of ip/port->customer mappings. This would be
o The public natted ips would be highly attractive DDOS targets as
they would take out an entire neighborhood or ISP instead of
an individual customer.
o If a user gets banned at a particular server an entire neighborhood
or ISP of users would also be banned.
o IP based secondary access controls (for example only allowing ssh from
a specific IP) would be less useful.
o Cable ISPs provide exactly zero customer support today. How could
possibly support all of the bugs that NAT would introduce or
manage the static port or public ip mappings that would be required
for the things that are broken.
> If ISPs were to switch to local address space, how many IP blocks would
> be released back into the wild?
Zero? What incentive would they have to return space they already have
if they know they can't ever go back for more?
More information about the ARIN-PPML