Re: NAT444 or ?

[Geoff Huston <gih () apnic net>]

On 08/09/2011, at 2:41 AM, Leigh Porter wrote:

> > -----Original Message-----
> > From: Daniel Roesen [mailto:dr () cluenet de]
> > Sent: 07 September 2011 17:38
> > To: nanog () nanog org
> > Subject: Re: NAT444 or ?
> >
> > On Wed, Sep 07, 2011 at 12:16:28PM +0200, Randy Bush wrote:
> > > > I'm going to have to deploy NAT444 with dual-stack real soon now.
> > >
> > > you may want to review the presentations from last week's apnic
> > meeting
> > > in busan.  real mesurements.  sufficiently scary that people who were
> > > heavily pushing nat444 for the last two years suddenly started to say
> > > "it was not me who pushed nat444, it was him!"  as if none of us had
> > a
> > > memory.
> >
> > Hm, I fail to find relevant slides discussing that. Could you please
> > point us to those?
> >
> > I'm looking at http://meetings.apnic.net/32
>
> There is a lot in the IPv6 plenary sessions:
>
> http://meetings.apnic.net/32/program/ipv6
>
> This is what I am looking at right now. Randy makes some good comments in those sessions. I have not found anything 
> yet, but I am only on session 3, pertaining specifically to issues around NAT444.

It may not be what Randy was referring to above, but as part of that program at APNIC32 I reported on the failure rate 
I am measuring for Teredo. I'm not sure its all in the slides I was using, but what I was trying to say was that STUN 
is simply terrible at reliably negotiating a NAT. I was then wondering what pixie dust CGNs were going to use that 
would have any impact on the ~50% connection failure rate I'm observing in Teredo. And if there is no such thing as 
pixie dust (damn!) I was then wondering if NATs are effectively unuseable if you want anything fancier than 1:1 TCP 
connections (like multi-user games, for example). After all, a 50% connection failure rate for STUN is hardly 
encouraging news for a CGN deployer if your basic objective is not to annoy your customers.

regards,
Geoff