Re: Verizon DSL moving to CGN

[Rob Seastrom <rs () seastrom com>]

Jimmy Hess <mysidia () gmail com> writes:

> On 4/6/13, Matthew Kaufman <matthew () matthew at> wrote:
> > On 4/6/2013 6:24 PM, cb.list6 wrote:
> >
> > I'd love to see a CGN box that is cheaper than IPv4 addresses currently
> > are on the transfer market.
>
> You mean like a few linux servers running iptables  nat-masquerade?
>
> You think the "Carrier Grade"  in "Carrier Grade NAT"  isn't just a
> rhetorically constructed distraction,  from the fact that  simple NAT
> may  be implemented,  and yeah, end users are certain to experience
> annoyances, either way...

Forget about the "annoying users" part; the "carrier-grade" part of
CGN is all about not annoying the service provider.  As far as I'm
aware, iptables does not include deterministic port translation based
on source address, nor easy-to-configure hooks for CALEA [*].  It may
well turn out that once one factors in support your costs are higher
with large scale NAT-on-Linux than if you'd sucked it up and coughed
up a quarter mil for an appliance.

-r

[*] I'd love to hear that I'm wrong on this count, but a how-to
document that explains how one can lovingly handcraft such a thing as
opposed to a special refactored distro that's ready to plug-and-chug
appliance style will only serve to reinforce my assertion.