[CLUE-Tech] NAT blocks P2P?
David Anselmi
anselmi at anselmi.us
Tue Mar 23 22:27:09 MST 2004
Jed S. Baer wrote:
> Hi Folks.
>
> Referring to this from the Politech mailing list:
> http://politechbot.com/pipermail/politech/2004-March/000524.html
>
> John Walker claims that increases in the use of NATted addressing by
> high-speed providers will eventually kill P2P connections on the internet.
Note that he doesn't mean P2P as in Gnutella and similar apps. He means
that if you're behind a NAT box you're a second class citizen compared
to a box with a routable IP of its own.
> Since I'm no NAT guru, I wonder if this is really true? I understand that
> in order to establish a P2P connection, each box has to send out, or
> otherwise establish, its address, which isn't the same as the routing
> interface where NAT is happening. But I'd think there'd be a way for a NAT
> interface to somehow figure out that connection x is intended for a
> particular address/port on the "inside". IOW, the P2P request would be
> directed to the NAT interface, which ought to be able to figure out what
> do with it, based on recognizing the protocol, or which port the request
> comes in on.
That is true. For example, I run a web and mail server behind NAT with
(one) dynamic IP. Various NAT rules and DNS updating allow you to find
my web server regardless.
Now suppose though that I wanted to run two servers (separate machines)
behind my NAT. I can do that with one, by telling the NAT box to
translate incoming connections to the appropriate private IP and port.
But with only one external IP and one port I can only identify one
server to the Internet. The machines behind the NAT are at a
disadvantage compared to "regular" servers.
No big deal. Current technology allows most (even IPSec and other
"broken" protocols) to get by on a NAT connection. But suppose that
your ISP (not you) controls the NAT box. They give you a non-routable
address for your Internet connection and they won't do DNAT for you.
You will run no more servers. Period.
I think the real issue here is "end-to-end"ed-ness. I first heard about
it from KC Claffy at CAIDA. I don't understand it completely yet (it
was actually described in another paper and she just mentioned it). But
smart people are concerned so I wouldn't dismiss it.
KC's talk is at:
http://www.caida.org/outreach/presentations/2003/netproblems_lisa03/
Dave
More information about the clue-tech
mailing list