Home » Editorial Article »

UPD ISPs React to the Dangers of Adopting IPv4 Internet Address Sharing

Posted Tuesday, January 22nd, 2013 (9:15 am) by Mark Jackson (Score 8,261)
internet information technology

Internet providers from around the United Kingdom have given a decidedly mixed response after we asked a group of them whether IPv4 address sharing (Carrier Grade NAT) was the future of fixed line broadband (i.e. until full IPv6 adoption). CGNAT allows a single IP address to be shared between several users but this can introduce serious problems.

So why should you care? Everybody needs an Internet Protocol (IP) address to go online and your ISP usually assigns one to your connection (it’s the internet equivalent of a phone number). At present we call these IPv4 (e.g. 84.22.17.54) addresses but those are running out and its replacement, IPv6 (e.g. 2001:cdba::2257:9652), is not directly compatible with the old standard (UK ISPs Explain IPv6 Readiness Fears).

Most ISPs can get around this problem by installing a dual-stack network, which allows IPv4 and IPv6 addresses to communicate, but it will take some years before IPv6 is completely ready to take-over. In the meantime IPv4 addresses will still be needed and are likely to become an increasingly rare commodity.

The internet’s phone number system is essentially being split between two standards and in order to continue adding new connections some ISPs will need to ration their remaining IPv4’s and or share one address between several users (CGNAT). The situation arose because the wider internet industry (modem makers, software developers and big ISPs alike etc.) effectively left it until the last minute to adapt.

What’s the problem with CGNAT?

The problem is that a large number of advanced internet services and configurations don’t work well when IP’s are shared and likewise there are some serious security considerations. The situation partly arises because most of these services assume that everybody will have a unique address (the end-to-end principal), which is broken by CGNAT.

Axel Pawlik, MD of RIPE NCC (EU Internet Registry), told ISPreview.co.uk:

Carrier Grade NAT (CGNAT) has a number of limitations which need to be considered. Most importantly, it goes against the open spirit of the Internet and the principles which have generated such incredible innovation over the years. There is also a potential for compromised functionality for the end user – relying on just one IP address that is then split into many can be an issue because if there is a problem it will impact many people, instead of just one.

It is good that [PlusNet are running a trial] because that will give everyone a chance to evaluate the wider implications and whether there is any long term benefit to CGNAT versus speeding up the deployment of IPv6.”

Thankfully most home users just need the internet for basic web browsing, video streaming and email services, which should be fine (note: some video services like Netflix may still have problems). Sadly the millions who also enjoy multiplayer gaming (e.g. XBox Live, PlayStation Network or game server hosting), use legitimate P2P based services, require the ability to forward ports on their broadband router, host FTPs and web servers (hosting any online server would be extremely difficult) could experience connection or performance problems.

On top of that we have the security considerations, which are numerous. For example, if somebody else with your now “shared” IP is banned from sending email or accessing a particular website then you too could be affected by the same block. Likewise some bank accounts need a unique IP for access and having shared users would be a potential risk and could, in extreme cases, result in you being blocked entirely.

CGNAT also makes it harder and more expensive, but not impossible, to keep accurate track of user activity for law-enforcement purposes. So, generally speaking, few ISPs would consciously choose to do CGNAT unless it was truly necessary but that’s exactly the situation we now find ourselves approaching.

It’s similarly worth remembering that some of the services most likely to be affected are also those used by many of the online world’s most vocal communities (e.g. gamers and IT folk). ISPs that fail to show respect for this could risk a bruising backlash and many businesses could suffer if their related services are no longer usable.

What do ISPs say?

Some ISPs believe that they have enough spare IPv4 addresses to avoid ever needing to go down the path towards CGNAT, although most appear to be far less certain.

PlusNet kicked things off last week when it revealed plans to conduct a three week trial of the solution, which drew a lot of attention because until recently many people had assumed that the ISPs parent, BT, would have enough spare IPv4 addresses to last for several years. But PlusNet should be commended for being brave enough to launch the first trial and thus open this debate.

Please head to Page 2 for more ISP responses and our conclusion..

Page 1 of 212
Delicious
Add to Diigo
Add to Slashdot
Tags:
Leave a Comment
13 Responses
  1. Andrew Bower

    The real disappointment is not that they are trialling CGNAT, but that progress has been so terribly slow at making IPv6 available to subscribers. All the major ISPs are guilty, often in the face of predictions, e.g. of rolling it out by 2012. A little more transparency with their plans would be nice. The current excuse is lack of CPE but there is some capable CPE out there – at least the lack of devices would help them to be able to introduce an IPv6-by-default feature gradually as customers get new routers, saving them from the flag day they fear.

  2. zemadeiran

    It’s not only a case of customer CPE’s supporting ipv6.

    Datacenters, servers, and sites all have to shift towards ipv4/ipv6 support.

    We are talking about everyone in the world shifting to ipv6 which incidentally does not need NAT.

    • Andrew Bower

      zemadeiran, the point is that CPE support is one of the ISP excuses and it is a poor one. They mostly claim to have made good progress on their infrastructure already. They do not need to wait for anyone else before starting to put subscribers onto IPv6: it really is a case of “just do it!”

  3. I am a host and already offer IPv4 and IPv6, where as we charge for IPv4 addresses we do not charge for IPv6 so getting the addresses out to our client’s is not the issue the problem has to do with the likes of cpanel/plesk not yet supporting IPv6 even through its been mentioned many times as being around the corner I have seen very few sites running of IPv6 the hardware in terms of server/routers can already do this, in most cases it is down to the software used not being ready.

  4. Mark Jones

    I suspect the majority of problems with IPV4 shortage is the number of network engineers who still thinks in terms of Class A, B and C subnet masks instead of CIDR. The numbers of wasted /24’s I have seen allocated just for actually using just 30 or so IP addresses is unbelievable. I suspect that if Plusnet have employed somebody to do an audit of their address space armed with a decent IPAM instead of a spreadsheet, a spare /16 or two will have been recovered.

    • zemadeiran

      Good point,

      Also a while back in the news was the DSS’s 16 million ip’s doing nothing…

      Surely ripe can do something???

  5. Olivier

    I guess the market will decide between those ISPs with v6 and those with CGN.
    The IPv6 CPE shortage was true a few years ago but we are starting to see many low cost IPv6 compatible CPEs enter the market. Plus most new mobile phones are IPv6 compatible. To implement CGN would be a serious strategic error indeed.

  6. Mark Jones

    One of the problem for ISP’s is replacing legacy CPE’s. The bean counters will yell “NO” or “DELAY” to replacing over a million CPE’s at a wholesale cost of approx £15 – £20 a router plus additional delivery and support costs…

    I’m surprised that PlusNet didnt trial ipv6-nat-pt?

    • Andrew Bower

      Why would they have to do that all at once? And that’s just the ones that supply CPE. Even just making service available for customers who ask or providing with new CPE for new customers or when replacing broken equipment would be a very welcome improvement on the current situation of ‘we won’t tell you what we are doing when and anyway we are fine because we have lots of legacy addresses left’

      I agree NAT64/DNS64 would be a good trial to run with native IPv6.

  7. Neil McRae

    CPE is still a real issue. Even the ones that do support V6 are very poor.

    But the issue isn’t the access network – the issue is all the services that are IPV4 only, which is the VAST MAJORITY! Of course Alex is going to say everyone should have an IP address – thats what the RIPE NCCs core business is! but the reality is that most users use NAT already and it works perfectly well, its also reduces security issues for those users.

    At some point in time every ISP will have to deploy CG-NAT. IPV4 is going to be around for another ten years at least, people still play Xbox games and PS2 games online!

    Even the latest Nintendo console Wii-U doesn’t support IPV6 and it was launched last month!

    You see Adrian’s comment about offering IPV6 for ten years, there are loads of ISPs that have done this but nobody is queuing at the door for it – why – because most of the apps are still on IPV4.

    Not being able to offer an IPV4 service to new customers would be a strategic error, and even whilst phones support it, tons of apps on the phones don’t support V6!

    Cheers,
    Neil.

  8. I am finding more and more IPS are reluctant to provide dedicated IPs, even when your plan is supposed to include them. Recently I was told that needing an IP address for a custom A record was not a valid reason to have one. Is this the future?

  9. cyclope

    Isp’s don’t have to supply a router to their customers,and i for one won’t use the bricks they supply as they are usually cheap / poor quality They only provide a router because it saves having trained staff on their tech support,Not that being able to give support to most 3rd party routers would be a difficult task,

    What i have never understood fully is why they all don’t provide all customers with their own static ip, like the smaller and business grade isp’s do, My current router supports IPv6 on another note i personally can’t see many isp’s running out of IPv4 addresses any time soon, as customers leave isp’s as well as join them,so their old IP’s can be re used,

  10. cyclope

    Bt retail are rolling out a CGN piot and customers have to opt out if they don’t wan’t CGN, The whole thing about CGN to me is a sign that the big isp’s only care about profits and are treating customers like sheep ,

IMPORTANT: Javascript must be enabled to post (most browsers do this automatically). On mobile devices you may need to load the page in 'Desktop' mode to comment.


Comments RSS Feed

* Your comment might NOT appear immediately (the site cache re-syncs periodically) *
* Comments that break site rules, SPAM, TROLL or post via fake IP/anon proxy servers may be blocked *
Promotion
Cheapest Superfast ISPs
  • BT £0.00 (*15.00)
    * Speed: 38Mbps - 20GB
    * Gift: £50 Sainsburys Voucher
  • Sky Broadband £0.00 (*20.00)
    * Speed: 38Mbps - Unlimited
    * Gift: First 6 Month Discount
  • PlusNet £3.99 (*14.99)
    * Speed: 38Mbps - Unlimited
    * Gift: None
  • TalkTalk £6.75 (*13.50)
    * Speed: 38Mbps - Unlimited
    * Gift: None
  • Virgin Media £10.00 (*15.50)
    * Speed: 50Mbps - Unlimited (FUP)
    * Gift: None
Poll
* Javascript must be ON to vote *
The Top 20 Category Tags
New Forum Topics
Promotion

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy and Cookie Policy, Links (.), Website Rules)