[arin-ppml] inevitability of NAT?

Owen DeLong owen at delong.com
Thu Feb 10 16:04:25 EST 2011


On Feb 10, 2011, at 8:05 AM, Jack Bates wrote:

> 
> 
> On 2/10/2011 9:42 AM, Benson Schliesser wrote:
>> In the meantime, until PCP is available, users should consider
>> turning off UPNP support in their gateway to make sure apps don't
>> rely on it when they're behind a CGN.
> 
> User got a faulty DSL modem a few months back. uPNP wasn't enabled per the norm. User was unable to use some xbox functionality.
> 
> The degree at which things are depending on uPNP has grown to making it almost mandatory. Turning it off is likely to lead to things breaking. In addition, no protocol is going to fix LSN well. I don't think any studies have really been done to see at what scale applications are currently using uPNP to (port forward, open firewall). This places practical limits on the number of people doing a certain thing while behind a single IP.
> 

This is more true than even I would have suspected. Indeed, there are actually applications that break in the absence of uPNP even in a situation where the host doesn't have a stateful firewall or NAT in front of it.

Apple's "Back to my Mac" service will not discover or display a workstation to someone if that workstation is not behind a uPNP capable firewall.

Yes, I can get to my systems using Apple's VNC client. However, I do find it interesting that I can't use their MobileMe based service with my
systems that have public addresses and no stateful firewall in front of them.

Owen




More information about the ARIN-PPML mailing list