[lacnog] Alternatives for Incoming Connections when using CGNAT
Fernando Frediani
fhfrediani en gmail.com
Vie Jun 14 21:10:22 -03 2019
Thanks for the reply Mike.
Are you aware of any open application or hosted service that could be used
in this context to access a Home/SMB Server behind a CGNAT (e.g: a
web/ftp/ssh services) ?
With regards gaming are you aware if most ones, including most know
consoles are already using this technique for letting people host matches
as well ?
Thanks
Regards
Fernando
On Fri, 14 Jun 2019, 19:41 Mike Burns, <mike en iptrading.com> wrote:
> Hi Fernando,
>
> I think what you are describing is known as a rendezvous server.
> It is responsible for security and for keeping track of ip address/ port
> number combinations of the unreachable client device which is behind NAT.
> The client device initiates an outbound contact to the rendezvous server
> and that server records the ip address and the port number which the client
> device is listening on.
>
> Now to reach that client, first you connect to the rendezvous server and
> provide credentials which allows the server to provide the ip address and
> port number of the client device.
> At that point the user uses that ip address and port number to reach the
> device, even behind ever-changing ip addresses and port numbers.
>
> Most applications these days are aware of the ubiquity of NAT and have
> used rendezvous servers to get around the reachability issues inherent with
> devices behind NAT.
> Hard-coding static port redirection in NAT routers is rarely needed
> anymore.
> In this scenario, only the rendezvous server needs a publicly reachable IP
> address, and some of the security can be removed from the dumb client
> device and instead be placed on the rendezvous server.
> That server will authenticate any requests to access the dumb client
> device.
>
> The use of rendezvous servers is a practical way to deal with NAT, and to
> deal with address exhaustion.
> It additionally allows more security to be built into the rendezvous
> server than could normally be incorporated into relatively dumb device.
>
>
> Regards,
> Mike Burns
> IPTrading.com
>
>
>
>
>
>
> ---- On Fri, 14 Jun 2019 16:33:20 -0400 *Fernando Frediani
> <fhfrediani en gmail.com <fhfrediani en gmail.com>>* wrote ----
>
> Hello folks.
>
> I wanted to share a topic with you and gather your views on the matter so
> perhaps it can be useful to people specially for ISP operadors.
>
> With the growing need o CGNAT (or equivalent methods) at many ISPs some
> issues appear more frequentlly as for example users who require Incoming
> Connections and Port Reditections for various reasons like access a camera
> system as DVR/NVR for example, a Home/SMB Server or similar or even to be
> able to Host Games' matches.
>
> For DVRs there have been more recentlly some makers that developed a
> 'Cloud System' whihc kind of resolves the issue by doing some type of NAT
> Punch Hole with the help of an external 'coordinator' server and which
> becomes something very handy avoiding the ISP having to attribute a public
> IPv4 for that user.
>
> But that is specific to that application and the maker develop implement
> the technology and mantain the servers who coordinate this technique.
>
> I wanted to find out more other applications who are able to work with
> this technique to bypasss CGNAT issues lime this more easily going futher
> to perhaps having something that can work or is adaptable to other
> situations like a Home/SMB Server or a Gaming system.
>
> This can help many ISPs to resolve many problems caused by the adaption of
> the unavoidable CGNAT other than just the DVR scenarios.
>
> Note: even with IPv6 fully implemented at the ISP that still may be many
> cases where either the hosted equipment didn't get firmware upgrade to
> suport IPv6 or the most common, the access device not having a IPv6
> connection available.
>
> Thanks
> Best regards
>
> Fernando Frediani
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
>
>
> _______________________________________________
> LACNOG mailing list
> LACNOG en lacnic.net
> https://mail.lacnic.net/mailman/listinfo/lacnog
> Cancelar suscripcion: https://mail.lacnic.net/mailman/options/lacnog
>
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20190614/a112e0cf/attachment.html>
Más información sobre la lista de distribución LACNOG