 | |
vpnhow's that different from using carrier-grade NAT in cellular services that assigns your internal ip address to 10.x.x range? I have had no problem connecting to my workplace using tethering and my VPN client on PC through IPSec. I have used company's provided att agn client though. | |
|
 |
1 recommendation |
Re: vpnbecause you're not connecting another router to your cell service, then connecting your phone to that router. | |
|
| |
1 recommendation |
Re: vpnIPSec encapsulated into UDP packets (e.g., for NAT pass-through) should work just fine regardless of how many layers of NAT there are.
Not that this move on AT&T's part isn't completely idiotic. It will break a number of different applications; file transfers via IM, IRC or any other service that depends on identd, various gaming applications, remote access into webcams/rdp/other products at home.
It will also degrade services like Skype that rely on at least one end of the connection not being behind NAT. Skype will work with both ends NAT'ed but it winds up routing through a third party that isn't behind NAT; this can have the effect of degrading the video/audio quality and even if it works is far from ideal. | |
|
| | |  Smith6612
MVM
join:2008-02-01
North Tonawanda, NY ·Charter
Ubee EU2251
Ubiquiti UAP-IW-HD
Ubiquiti UniFi AP-AC-HD
1 recommendation |
Re: vpnLet's also not forget about game consoles. There are a ton of users out there and most of the game consoles complain if you're even behind one NAT. If Carrier grade NAT Goes into effect, expect a lot of trouble with people getting NAT3 on their devices and games not being able to work nicely. That community will certainly suffer as well from Carrier Grade NAT.
Also, piping a ton of people through a single IP address is going to also give website owners and gameserver owners a ton of grief. If there's a DDoS taking place, or if someone needs to get IP Banned there isn't a unique identifier. You wind up blocking the NAT with IP Ban which ultimately winds up blocking a ton of people. They'd have to create an easily avoided way of blocking abusers by means of CD Key Detection (if even possible for some games), account detection (again, if support is there) or nick detection (avoidable). | |
|
| | | |  cdruGo Colts
MVM
join:2003-05-14
Fort Wayne, IN
1 recommendation |
cdru
MVM
2012-May-30 11:46 am
Re: vpnsaid by Smith6612:most of the game consoles complain if you're even behind one NAT. Huh? I'd venture to guess that almost every game console is behind at least one level of NAT. | |
|
| | | | | JTY
join:2004-05-29
Ellensburg, WA |
JTY
Member
2012-May-30 1:50 pm
Re: vpnMost (all) implement UPNP, so they just open the needed ports on your home router. | |
|
| | | | | | cdruGo Colts
MVM
join:2003-05-14
Fort Wayne, IN |
cdru
MVM
2012-May-30 2:16 pm
Re: vpnsaid by JTY:Most (all) implement UPNP, so they just open the needed ports on your home router.
I'm well aware of UPnP. I was countering Smith6612's assertion that game consoles complain if you're even behind one NAT. Obviously there are solutions to work with the issue in those millions of cases...and those solutions that work for the residential router also can (but not necessarily will) work for ISP NATing devices. | |
|
|  mix
join:2002-03-19
Romeo, MI |
to chgo_man99
Congratulations. But you obviously have never tried to make a vpn connection from any other network to yourself. | |
|
| | | |
Re: vpnHow many residential customers really need to do that?
Incoming VPN's are also a PITA with dynamic IP addresses. If you need such services you should probably be paying for a static IP address; I pay $10/mo for a static IP from Frontier for exactly that reason. | |
|
| | | ke4pym
Premium Member
join:2004-07-24
Charlotte, NC |
ke4pym
Premium Member
2012-May-30 10:02 am
Re: vpnsaid by Crookshanks:Incoming VPN's are also a PITA with dynamic IP addresses.
Not really. I am very successfully running not only site-to-site IPSEC VPN with dynamic IP's but mobile-to-site VPN as well with very few, if any issues. DNS services like dyndns.org are your friend. | |
|
| | | | | |
Re: vpnyep. beat me to it. i've been using dyndns for everys (over a decade?) and never paid (or had my work pay) for a home static address. site-to-site VPN to work and PPTP for when i'm on travel to access my home servers. | |
|
| | | | | | nanaki333 |
Re: vpnthat was supposed to say years.... | |
|
| | | | | |
to ke4pym
You _can_ do an ipsec tunnel with a dynamic IP address but can be royal PITA with certain routers; Cisco's ASAs in particular have caused me many headaches over the years.
In any case, I'm left wondering how many residential users need the ability to do site-to-site VPNs. I presume you are using such a VPN for business purposes? You could still make it work if you initiated the connection from the end behind NAT; if that doesn't work I doubt AT&T will have any sympathy for you when you tell them you're trying conduct business over your residential connection.
Services like Skype and online gaming will be much more noticeable to the typical residential customer. | |
|
| | | | | cdruGo Colts
MVM
join:2003-05-14
Fort Wayne, IN |
cdru
MVM
2012-May-30 11:50 am
Re: vpnsaid by Crookshanks:In any case, I'm left wondering how many residential users need the ability to do site-to-site VPNs. I presume you are using such a VPN for business purposes? You could still make it work if you initiated the connection from the end behind NAT; if that doesn't work I doubt AT&T will have any sympathy for you when you tell them you're trying conduct business over your residential connection. It's not site to site, but I do quiet frequently. I need a file from home I can quickly remote in and grab the file I need. It's not for business use, strictly personal. | |
|
| | | | | |
1 recommendation |
Re: vpnWell, that's what Dropbox and similar services are for. If you have privacy concerns that's where encryption comes in. Understand that I'm not defending AT&T here; I'm just shooting down the notion that an inability to VPN into a residential connection is even a consideration for them. If you're that technically inclined I don't understand why you aren't willing to pay the extra few dollars for a static IP address. It makes life easier, allows you to host services you can't host otherwise (I do my own DNS and e-mail, plus I run an NTP server in the NTP pool) and at least with my ISP puts you into a business class service rather than a residential one, which comes with other advantages (better support, no blocked ports, more permissive AUP, etc.) In the final analysis this was probably inevitable when you consider the snail's pace deployment of IPV6. The other day I was informed by my Time Warner rep that they are now charging new business class customers extra money if they need more than one IP address. Apparently it is becoming harder and harder for them to procure more IP address space. We set up our business class service a little over a year ago and obtained a /27 simply by asking for it. No longer. | |
|
| | | | | | | cdruGo Colts
MVM
join:2003-05-14
Fort Wayne, IN
1 recommendation |
cdru
MVM
2012-May-30 2:08 pm
Re: vpnsaid by Crookshanks:Well, that's what Dropbox and similar services are for. I have about 6TB of files on my home server. Drop box isn't an option. Plus keeping files synced between home desktop and drop box would become an issue. If you have privacy concerns that's where encryption comes in. Privacy isn't a concern here...just accessing MY data is. And it's not even just data. Applications as well. I'm a web developer, and from time to time I have reasons to need to check to see what a project I'm working on looks like or behaves from outside of our corporate network. Yes this is now a "business" function, but it's still my residential connection. If you're that technically inclined I don't understand why you aren't willing to pay the extra few dollars for a static IP address. Frontier 35mbit symmetrical residental FIOS: $56.50 Frontier 35mbit symmetrical business FIOS w/ static IP: $129.99 I would not consider 73.49 a "few extra dollars". Even at just the $15, it's still ridiculous as static IPs aren't necessary. It makes life easier, allows you to host services you can't host otherwise (I do my own DNS and e-mail, plus I run an NTP server in the NTP pool) and at least with my ISP puts you into a business class service rather than a residential one, which comes with other advantages (better support, no blocked ports, more permissive AUP, etc.) My service has been rock solid, so support isn't an issue. Ports aren't blocked with the exception of outbound 25, but you can easily relay through their server or free google apps (aka gmail with your own domain name). I can run my own internal DNS and have a free zoneedit dns hosting which is far more reliable and better connected then my single fios line. Not saying that my setup is optimal for everyone...but it suits me. And everything is ran off of a dynamic IP that's updated via my router if/when my DNS changes. | |
|
| | | | | | | | | |
Re: vpnsaid by cdru:Frontier 35mbit symmetrical residental FIOS: $56.50
Frontier 35mbit symmetrical business FIOS w/ static IP: $129.99
I would not consider 73.49 a "few extra dollars". Even at just the $15, it's still ridiculous as static IPs aren't necessary. *shrug*, don't know what to tell you, the choices I had (also from Frontier) were: 3/384 residential dsl for $34.95 6/1 business dsl for $60 + $10 for static IP I could get by without the static IP but as I've already said it just makes life easier. said by cdru:Privacy isn't a concern here...just accessing MY data is. And it's not even just data. Applications as well. I'm a web developer, and from time to time I have reasons to need to check to see what a project I'm working on looks like or behaves from outside of our corporate network. Yes this is now a "business" function, but it's still my residential connection. So you're using it for commercial purposes? It sounds like you'll need to pony up some dollars if your ISP ever decides to go this route. I'll concur that it sucks but the sad reality is that the vast majority of users will never know or care that they don't have globally valid IP addresses. Those who need them will have to pay extra for a scarce resource or wait for the deployment of IPV6. That's the law of supply and demand: limited resource + increased demand = higher prices. BTW, I'm not sure if Frontier's residential FIOS service is under the same AUP as the residential DSL service but if it is you've got a problem: Customers may not resell High Speed Internet Access Service ("Service") without a legal and written agency agreement with Frontier. Customers may not retransmit the Service or make the Service available to anyone outside the premises (i.e. wi-fi or other methods of networking). Customers may not use the Service to host any type of commercial server.
Frontier's residential Internet access services are provided for residential usage only. Commercial or business use of residential services is prohibited. In the event of such usage Frontier at its option may suspend or terminate service or may move the customer to a commercial Internet access service, in which case higher charges may apply.
Users may not run any program which makes a service or resource available to others, including but not limited to port redirectors, proxy servers, chat servers, MUDs, file servers, and IRC bots. Users may not run such programs on their own machines to make such services or resources available to others through one of our dialup or DSL accounts; a dedicated access account is required for such purposes.That's another reason why I opted for business class service; the AUP is far more permissive and essentially prohibits nothing other than hacking, open relays, UCE and child pornography. | |
|
| | | | | | | | | cdruGo Colts
MVM
join:2003-05-14
Fort Wayne, IN
1 recommendation |
cdru
MVM
2012-May-30 7:02 pm
Re: vpnsaid by Crookshanks:BTW, I'm not sure if Frontier's residential FIOS service is under the same AUP as the residential DSL service but if it is you've got a problem:
Customers may not retransmit the Service or make the Service available to anyone outside the premises (i.e. wi-fi or other methods of networking). Any type of peer to peer communications (and not just p2p file sharing) would be in violation of this if interpreted in the most strict literal sense. The intent of this clause is to prevent a customer from sharing their connection with their neighbor for instance. Users may not run any program which makes a service or resource available to others, including but not limited to port redirectors, proxy servers, chat servers, MUDs, file servers, and IRC bots. Users may not run such programs on their own machines to make such services or resources available to others through one of our dialup or DSL accounts; a dedicated access account is required for such purposes. For my use, this clause doesn't pertain to me. I'm a party to the policy, so I wouldn't be considered part of the "to others". And it wouldn't be hard to argue any family member living with me also would not be considered others. If ANY and ALL servers are prohibited, then there wouldn't be clauses necessary that says paraphrased, "Commercial servers are prohibited". The commercial could be removed and simplify things by just saying "Any server is prohibited." But that is not their intent and we both know it. | |
|
| | | | | ke4pym
Premium Member
join:2004-07-24
Charlotte, NC |
to Crookshanks
said by Crookshanks:I presume you are using such a VPN for business purposes?
if by business purposes you mean me supporting my parent's computers and keeping a remote server to copy data too business, then, sure. We could call it business purposes.  | |
|
| | | |  ·Frontier FiberOp..
|
to ke4pym
said by ke4pym:
DNS services like dyndns.org are your friend.
Never tried this with an ASA, but on a 1811 I've never been able to bring up a tunnel using a FQDN even if I point both 1811's to a private DNS box with appropriate A records for each side. It only seems to like listing an IP address for a peer under the crypto. For the typical residential customer who probably runs a Linksys behind their bridge, IPsec VPN access is probably a non-issue. | |
|
| | | | | cramer
Premium Member
join:2007-04-10
Raleigh, NC |
cramer
Premium Member
2012-May-30 2:41 pm
Re: vpnCorrect. Cisco (IOS and ASA) will resolve the address on the spot instead of storing the name and resolving it every time it needs to use it. This is very annoying to people who don't know it does this. | |
|
| | |  Oh_NoTrogglus normalus
join:2011-05-21
Chicago, IL
1 recommendation |
to Crookshanks
I do it all the time on a residential connection.
I use dyndns.org. It is a free url linked to your dynamic IP. It updates as your ip changes.
No reason to pay for anything. | |
|
 kapilThe Kapil
join:2000-04-26
Chicago, IL
1 recommendation |
kapil
Member
2012-May-30 9:29 am
LOLKnowing AT&T, this doesn't surprise me at all....given two options, AT&T will always pick whichever one is more idiotic.
Although I thought what is being called "carrier grade NAT" actually had a whole new IPv4 network set aside for it by IANA pending an IETF RFC on the subject...precisely so that existing CPE already using NAT doesn't' conflict with the private IPs being use by the provider. | |
|
|
1 recommendation |
Re: LOLThey do, it is 100.64.x.x but of course AT&T being the morons they are think they can do whatever they want and not follow along with what they should.
Quite possibly the worst company ever! | |
|
| | ccjunk
join:2006-06-29
Austin, TX
1 recommendation |
ccjunk
Member
2012-May-30 3:34 pm
Re: LOLActually the IETF is part of the problem. rfc6598 was only published *last* month with the 100.64.0.0/10 recommended usage. Very late; after these CPE notices started going out. ISPs have been working on CGN solutions for several years now. ISPs in Japan (APNIC or Asia Pac has already run out of public IPv4 addresses) asked for this very thing several years ago of IANA/IETF and it was shot down by various factions. They are already using 10/8 in their access networks. If this had been done when originally asked then probably CPE firmware updates would not be removing use of 10/8. Although that /10 is 4 times smaller making its use a little more problematic (Comcast received a /10 alone at the end of 2010 just for their 2011 growth allocation); it requires a more complicated plan to be reused multiple times across the footprint at a large ISP (as pointed in the RFC; which by the way is not a "standard" but a only practice recommendation by its authors). | |
|
| | |
to kapil
said by kapil:Knowing AT&T, this doesn't surprise me at all....given two options, AT&T will always pick whichever one is more idiotic.
And cheaper (for them). Witness their solution for broadband services delivery: Essentially DSL on (weak) steroids. | |
|
kaila
join:2000-10-11
Lincolnshire, IL |
kaila
Member
2012-May-30 9:43 am
I know it says U-Verse........users are getting these letters, but can anyone confirm this won't be effecting vanilla DSL only customers in U-Verse served markets? | |
|
| | |
Re: I know it says U-Verse........won't this screw up people who play games online and ever need to create their own lobbies even with upnp applciations? | |
|
| |  whfsdude
Premium Member
join:2003-04-05
Washington, DC
1 recommendation |
whfsdude
Premium Member
2012-May-30 10:47 am
Re: I know it says U-Verse........said by JigglyWiggly:won't this screw up people who play games online and ever need to create their own lobbies even with upnp applciations?
Yes it will. This is why it's important to move to IPv6 to preserve the end-to-end principle. CGN is going to be the new standard on the IPv4 Internet. Lee Howard has a good presentation about TWC's CGN plans, » www.asgard.org/images/TC ··· _CGN.pdf | |
|
bpfremm
join:2002-01-04
Milwaukee, WI |
bpfremm
Member
2012-May-30 10:03 am
Helping the pirates?How will the MPAA, and RIAA track users by IP address then? Seems like they might be helping the pirates out. | |
|
|
1 recommendation |
Re: Helping the pirates?There's no technical reason why an ISP can't log traffic through a NAT gateway. Record the time the connection was initiated along with the port numbers on each end and it would be easy enough to attribute that connection to a specific user. MPAA's investigators would simply need to provide port numbers along with IP addresses. | |
|
| | cramer
Premium Member
join:2007-04-10
Raleigh, NC Westell 6100
Cisco PIX 501
1 recommendation |
cramer
Premium Member
2012-May-30 2:53 pm
Re: Helping the pirates?Exactly. They'll be forced to do what other providers do (in other countries where they really have no more IPv4 addresses)... extensive logging. I don't think anyone has thought about how much work this really is. Or how much it will cost to keep this massive amount of data for the terms they are required by law to keep it.
(I did netflow collection at a Tier3 ISP a decade ago. Compressed, that was nearly 1GB per day. That was in a world of IDSL, SDSL, and T1's. I don't want to think about how much traffic that is today.) | |
|
 PToN
Premium Member
join:2001-10-04
Houston, TX
1 recommendation |
PToN
Premium Member
2012-May-30 10:04 am
Setting up....They are setting up for the 3 or 6 strike piracy policy shit they are coming up with...
They cannot say that CGN is easier to setup than implementing RFC compliant IPv6...
In my area there are only ATT and Comcast... | |
|
| cramer
Premium Member
join:2007-04-10
Raleigh, NC Westell 6100
Cisco PIX 501
1 recommendation |
cramer
Premium Member
2012-May-30 3:00 pm
Re: Setting up....Actually, CGN is trivial. Go buy a honkin' CGN appliance, plug it in, and you're done. IPv6 is real work... you have to build an IPv6 network, provision IPv6 addresses, and get IPv6 capable firmware on every CPE. (many of the older one's cannot do it -- all of the crap handed out for Uverse likely can be upgraded.) | |
|
1 recommendation |
No letter for meI haven't received one of these letters, not even in the att.net mail account that I never use for anything, so I'm guessing this is being rolled out only to certain users.
I wonder what AT&T's plan is when they discover that this is an unmitigated disaster. | |
|
|  Gbcue
Premium Member
join:2001-09-30
Santa Rosa, CA |
Gbcue
Premium Member
2012-May-30 3:40 pm
Re: No letter for meI haven't gotten a letter either. | |
|
MaynardKrebsWe did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17 |
Services such as Dynamic DNS (DDNS) will no longer work | |
|
| |
6RD TunnelingNow Comcast, as much as they anger me sometimes, already dropped 6RD after starting a trial almost two years ago.
AT&T never fails to show me lack of innovation. | |
|
|
••••• |
hga
join:2008-05-09
Joplin, MO
1 edit
1 recommendation |
hga
Member
2012-May-30 10:32 am
It's probably about the moneyMaybe that is the key here, getting another $15/month? I suspect so, given that I recently read that the going rate for public IPv4 addresses is around that much, although with some research it looks like that depends on quantity. This site (» tradeipv4.com/) is quoting a single figure of $8 (that's for a sale; $1/year to lease). So AT&T gets to repurpose a large quantity of valuable addresses and you get to pay an additional $15 per month for the privilege of getting the same level of service you've been getting since you got your connection from them. This would be in character for a company who's CEO in 2006 ignited the Net Neutrality firestorm with some fantastically ill chosen comments (» www.businessweek.com/mag ··· 8092.htm) ; among other things it was estimated this cost AT&T a billion dollars when they later bought Bell South.... It could also help explain how people are being forced to "upgrade" to U-verse DSL from plain DSL. I'm stuck with plain AT&T DSL, if they extend this policy/architecture to us I won't like paying nearly 50% more to enjoy the same service. (Why do I stick with them? Not even sure if the local cable monopoly will serve us and AT&T's service is rock solid for me and my family in this town.) | |
|
|  morboComplete Your Transaction
join:2002-01-22
00000 |
morbo
Member
2012-May-30 11:07 am
Re: It's probably about the moneysaid by hga:(Why do I stick with them? Not even sure if the local cable monopoly will serve us and AT&T's service is rock solid for me and my family in this town.)
Maybe you should at least see if it's an option -- unless you are content paying $15 more per month for the same service. | |
|
 maartenaElmo
Premium Member
join:2002-05-10
Orange, CA |
maartena
Premium Member
2012-May-30 11:00 am
The day I lose a public, routable IP address.....The day I lose a public, routable IP address.....is the day I will call Time Warner Cable to replace U-Verse. | |
|
| whfsdude
Premium Member
join:2003-04-05
Washington, DC
1 recommendation |
whfsdude
Premium Member
2012-May-30 11:04 am
Re: The day I lose a public, routable IP address.....said by maartena:The day I lose a public, routable IP address.....is the day I will call Time Warner Cable to replace U-Verse.
And then use TWC for another 6 months to a year until they deploy CGN. It's not a problem going away. The solution is use IPv6. In fact, ARIN won't get any new IPv4 addresses. Addresses returned get returned into the IANA pool. Those will go to APNIC where the need is greatest. | |
|
|  swintec
Premium Member
join:2003-12-19
Alfred, ME
1 recommendation |
to maartena
said by maartena:The day I lose a public, routable IP address.....is the day I will call Time Warner Cable to replace U-Verse.
Who says TWC won't do it as well? The slide show posted above at least shows they are or have looked into it. | |
|
 jjoshua
Premium Member
join:2001-06-01
Scotch Plains, NJ
1 recommendation |
jjoshua
Premium Member
2012-May-30 11:18 am
This is no longer an internet connectionThis is now a private network with internet connectivity.
I'd be pissed. | |
|
|
1 recommendation |
Re: This is no longer an internet connectionAnd THAT'S how they'll get around any net neutrality regs.
"No, we're not an ISP. Subscribers buy access to our network, and we allow them to access the Internet via a gateway that we have in place."
Brilliant! | |
|
| hga
join:2008-05-09
Joplin, MO
1 recommendation |
to jjoshua
said by jjoshua:This is now a private network with internet connectivity. Exactly. And if we have to pay a 180 times markup for a public IP address to continue to get what we originally were offered we have a right to pissed. On the other hand, the exhaustion of IPv4 addresses (something predicted before its deployment, I believe by the authors of the standard (the hardware of the day couldn't afford more addresses)) is a very real problem. And it's too early to offer IPv6 as an alternative, although if they don't offer it for free eventually we'll know its a money grab as much as anything else, and ideally they'll be forced by the FTC to advertise the total price if they want to say they're offering "Internet" access. Hmmm, back in the early-mid-90s when MAE-East and -West were the only two public interchanges one or more dominant Internet companies including UUNET at one point conspired to do much the same thing, offer a private network with limited Internet connectivity (you'd only be able to get to other networks that were willing to pay them big bucks). I think Sprint blasted that cartel wide open when they started offering cheap 0 CIR Internet links and changed the business model for the better. | |
|
BiggA
Premium Member
join:2005-11-23
Central CT ·Frontier FiberOp..
Asus RT-AC68
|
BiggA
Premium Member
2012-May-30 11:20 am
CGN is smartCGN is what should have been used instead of IPv6 the world over. It's proven to work, and 95% of customers don't need a public IP, and the ones who do should pay extra.
It already works on the cell network, and on some large Wifi networks, so we know it works. I've actually seen it work a lot BETTER than assigning public IP's, as it just makes more up, instead of running out of public IP's. | |
|
|
•••••••••••••••• |
|
| | |
cowboyro
Premium Member
2012-May-30 11:24 am
Re: Non issueNon-isue period. Internal IP, not external IP. Default is NOT 10.x.x.x. | |
|
| cowboyro |
cowboyro
Premium Member
2012-May-30 11:22 am
If anyone bothered to read instead of bashing...They would have realized it's about the *INTERNAL* IP/subnet, not the external IP of the gateway.
So instead of having the internal in the 10.0.0.1 - 10.255.255.255 range it will have to be 192.168.x.x. Nothing else...
No, it doesn't affect any gaming, any Skype, any chat... It doesn't change ANYTHING except the local numbering scheme and it only affects those who changed it from the default. | |
|
|
•••••••••••••••• |
 NOCTech75
Premium Member
join:2009-06-29
Marietta, GA |
At least they aren't trying to allocate 127.0.0.0/8Although sometime in the future I'm sure they will try. | |
|
| amungus
Premium Member
join:2004-11-26
America |
amungus
Premium Member
2012-May-30 3:54 pm
Re: At least they aren't trying to allocate 127.0.0.0/8LOL. ...you shouldn't have said that 'out loud'  | |
|
| | NOCTech75
Premium Member
join:2009-06-29
Marietta, GA |
Re: At least they aren't trying to allocate 127.0.0.0/8said by amungus:LOL. ...you shouldn't have said that 'out loud'
HA! I could see some AT&T engineer now... hey guys, there is an ENTIRE CLASS A network not allocated, we should grab it! | |
|
mmay149q
Premium Member
join:2009-03-05
Dallas, TX
1 recommendation |
mmay149q
Premium Member
2012-May-30 2:57 pm
It's carrier grade NATBefore I left AT&T (unless it's changed) the goal was to migrate users to IPv6 via carrier grade NAT, and knowing how much they love to screw customer for an extra buck it wouldn't surprise me if this was still the plan, hopefully one day every customer will flee from them and we can do without them and they can just disappear... One can only hope  Matt | |
|
cramer
Premium Member
join:2007-04-10
Raleigh, NC Westell 6100
Cisco PIX 501
1 recommendation |
cramer
Premium Member
2012-May-30 3:26 pm
CorrectionOne correction... this is not a "request", it is a demand. They will be loading new firmware that does not allow 10/8 internal addressing. If you are still using 10/8 internally when the new firmware is loaded, your network may cease to function. If your network is all DHCP and you have no pinholes, you won't notice a thing. If you have any static (or reserved DHCP) assignments, those machines will no longer have connectivity. Any NAT pinholes referencing a 10/8 address will be invalid, and thus deleted.
I have seen at least one thread from someone with such a router, and it will error out when you try to use a "10." address. | |
|
Gbcue
Premium Member
join:2001-09-30
Santa Rosa, CA |
Gbcue
Premium Member
2012-May-30 3:48 pm
Home Automation Will BreakAlong with the plethora of other services.
The IPs handed out to U-Verse are tagged by equipment. Usually, you'll never lose the same IP for the life of your equipment.
I've had the same "dynamic" IP for multiple years now, even after shutting off power to my RG for a day.
I've got access to various web appliances (irrigation, HVAC, security cameras, garage door, lights), accessible via my IP address & port assignments (worldwide) that are great. I can turn my sprinklers on/off in another continent.
With this new scheme, I'll have to pay $15/month? I already get it for free. | |
|
amungus
Premium Member
join:2004-11-26
America
1 edit |
amungus
Premium Member
2012-May-30 3:49 pm
do they really need "the big one?"I have to wonder - how many uVerse customers there are, and if they really need to start out using "the big one" (10.x.x.x)? At some point, I suppose they intend to move *everyone* into this (home customers - DSL & uVerse). ***** EDIT - - - A few hours later, this appears to be the case. DSL accounts are being moved to uVerse - » AT&T Forcing DSL Users to Upgrade to U-Verse [109] comments) This really shouldn't *break everything* 100%, other than VPN between endpoints on the same sub-net range. At that point, well, it can get "fun." If they started doing this for DSL, I would certainly have been contacted, as I was using this range. No longer with AT&T, though my provider appears to directly connect - wonder if they'll have to be forced into this eventually... and by extension, me. Very curious to see how this pans out. I'd think that it'd still be a better option to tunnel, and start deploying IPv6 now. If all "home" users were forced into IPv6 in the next year, IPv4 would be open enough for business usage that it'd buy plenty of time on that front. | |
|
| | |
Customer
Anon
2012-Jun-9 7:34 pm
Re: do they really need "the big one?"... and this is precisely why I moved to a 10.x.x.x, because so many places I VPN to, even boneheaded company networks, have 192.168.1.x sub-nets, so what ATT recommend is going to be a royal pain.
I got one of the letters, it simply demands the change, explains nothing, and tries to placate me with a one time $25 credit.
It is my sub-net, behind closed doors, I don't understand what any of this this has to do with IPV6. Of course, AT&T think so little of their customers that they are not going to even try to explain. | |
|
| |
1 recommendation |
Re: do they really need "the big one?"said by Customer :I don't understand what any of this this has to do with IPV6. It doesn't have anything to do with IPv6. They want to use the 10.0.0.0/8 block themselves, and so you can't use it. Now it's possible that they'll use that block only to address their own routers that the customer's routers peer with. A lot of networks already do this because their own routers never have to be addressed by anyone but the NOC or the users when setting up a default route. The end users could still have public addresses. But I agree it's more likely that AT&T will also want to assign them to the upstream interface on your router, in place of the public and routable IPv4 address you now have. And that will break a lot of things, just as everyone has said it will. Whenever I use the phrase "carrier grade NAT" I always put it in quotation marks. Certainly, the best way to get that functionality back is to implement IPv6. The problem is that it's not entirely up to me. Sure, I have implemented it on my own home network; I've set up a 6rd tunnel and every device that can speak IPv6 is speaking IPv6. But not all, and I don't control their firmware. Nor do I control the routers on all the various public hotspots that I visit. Nearly all of them stick you behind a NAT that will make it impossible for you to contact your own server at home once AT&T puts it behind a NAT. Even with IPv6 at home, you still need the hotspot operator to implement IPv6 (or use a godawful kludge like Teredo). That's just the problem. It's not a question of any one individual agreeing to implement IPv6, it's that we're all dependent on others to implement it on networks that we do not control. | |
|
| |
xsbell
Member
2012-May-31 1:28 am
huhI bet it's for their Mediaroom servers. | |
|
|
|
·
·
