Thursday, 16 September 2010

NAT hell

OK, can't give details, but I have recently spent a few days in NAT hell.

I saw all three RFC1918 blocks. It's like the internet had never had the principle of globally routed unique addresses. Every link I was dealing with was separate mapped or NATed blocks mapped to other blocks over VPNs and firewalls. And the mappings were nearly consistent in some places but not quite. I feel sorry for thge guys I was with, it was not all their fault and they started to really get the same appreciation of NAT as I do by the end of it.

I felt I was in a maze of twisty turny IP addresses all starting 192.168. Lamp On.

Anyway, the job in hand was sorted and went well. The final solution will use real addresses thankfully, this was a sandbox proof of concept.

I feel somehow cleaner being back home, with a real IPv4 and IPv6 on my machine here, and my laptop, and my iPad. Though I am coming down with a cold - I must be alergic to RFC1918.

[non-techies: don't even try and ask me to explain]


  1. I see APNIC have been making some large allocations recently, meaning that IANA is expected to run out of IPv4 addresses next April-ish rather than June-ish. I can't help wondering if this is a deliberate strategy: there won't be addresses available tomorrow, so they allocate them today.

    Will the other RIRs be tempted to join in the game? I hope so. It will be painful when the IPv4 addresses run out, but we can't put it off forever, and a shift to IPv6 will bring a lot of other benefits.

  2. The world will become a hell of NAT and mappings and stuff not working before people actually start using IPv6. Sadly.

  3. I think this is a "Tragedy of the Commons" thing. If everyone plays nicely, it will be better for all, but as soon as one breaks ranks and tries a grab, others will too and it all falls apart (in this case earlier than it would otherwise).
    It's human nature in a situation when nobody is in overall control of a restricted resource...

  4. /me wants all the gory details !!!!

  5. I'd love to, but that would be a tad unprofessional as I was being a consultant.

  6. I'm saddened by the number of people who still think that NAT is a security feature.

  7. I am saddened by how many people just don't understand how networks work. It is not surprising - every technology goes through stages like this. More and more people are able to just work at a very high level. It's the same with software development. The number of people who actually understand things dwindles. Even cars are a mystery to mechanics now, with the EMU being a black box. This is turning in to a totally new rant isn't it :-)