Originally published at: http://www.howtogeek.com/148664/how-and-why-all-devices-in-your-home-share-one-ip-address/
If you’re like most people, your Internet service provider hands you a single Internet Protocol address and your router shares it amongst all the connected devices in your home.
From the small description Carrier-Grade NAT sounds awful.
Toredo and 6to4 should ease the transition a bit.
I doubt most users will even notice the difference. Those who would will be people like us who like to actually run servers from home or other services that require port forwarding. You can bet that, once an ISP goes to Carrier-Grade NAT, they'll start charging extra for the public IPs or port forwarding services.
I don't understand why we're so hesitant to switch to IP6. We've been having issues with IP4 for a LONG time now so why not just jump ship? Maybe an article on the delay is in order...
And I agree with the above, carrier grade NAT sounds terrible for those of us running a private, home server.
Aside from the IP shortage - what issues?
The switch to IPv6 is no small undertaking, and it takes action from a lot of large and generally slow-moving entities to make it happen. While it may be a bit disappointing that it hasn't happened yet, I don't consider it very surprising.
If there's anyone with particular data from industry polls or other sources, I'd definitely be interested to see such an article.
Actually I think that's it. Maybe a better choice of words would have been "this issue". I'm more just curious because it seems that I hear about a new patch to make it work every so often and that it's kind of silly.
I honestly don't know why companies are hestitent/slow to change and I think a lot of people don't know either. Does the change require anything other than simple software updates? Are those updates deeper more complicated? Is there a major hardware component to making this work?
I wasn't looking for anything definitive, I just think it'd be cool to finally here what's holding the whole thing back.
I predict that we could end up with 2 types of Internet users before all is said and done - users and servers. Most of us with no need to run a public accessible server may end up with IPv6-only where we could find it very hard to network with anyone or anything outside of our own local networks. It could be that any sort of public IPv6 DNS services either evaporate or get so restricted that only IPv4 remains and thus remains the only choice protocol for serving web pages or any other files to the public at large. But like the man said, we're out of IPv4 addresses...
So now when we start talking about implementing carrier grade NAT, all of a sudden it gets worse! Much worse!!! Because with Carrier Grade NAT it could be possible to end up with an Internet that has easily controlled borders. And not just any old border either but borders that are controlled by the very few companies who won't even light up the dark fiber they have now (it's a money thing which is why they don't do it). Implementing Carrier Grade NAT could end up being a giant step backwards to the days of dial up BBS's and services like America Online. (Anyone else get a cold shiver here?) About the only thing different would be high speed access and rich content but it would only be "their" content or content from "approved" services.
NAT is HORRENDOUS in certain situations, some of which will be familiar:
- Inbound connections (bittorrent, gaming, etc) are a pain to set up behind NAT
- SIP/FTP and any protocol which requires the endpoint behind the NAT to have knowledge of it's external IP? Have fun with that. Yeah, there are solutions which are a pain.
- Stateful NAT: Now you have to keep track of all those connections going through your NAT device. Long-running connections may time-out without keepalives.
- Internet routing tables are getting too big
- IPv6 is easier on your mobile phone's battery
That last one was something that took me by surprise but makes sense.
Carrier-Grade NAT Doesn't sound like a good option. I'm far from an expert in the field, but it sounds like it's shared and re-assigned each time you utilize it.
May sound like an ignorant question, but as I said I'm not the knowledgeable in this field.
What about Static IP's, and those who run home servers that require a static IP? Will they have to change all their network related hardware to go to IP6 or pay addition for a IP4 Server Level IP if they go that route?
Just wondering as I've had some issues in the past with dynamic IP's as I needed a Static IP to run my webpage properly.
Sorry if I'm low on the knowledge level here,I'm an old hardware guy, and not much on the network side but they have all merged over the years, and I haven't kept up.
IPV4 to IPV6 is quite a large undertaking, alot of people have done certifications for IPV4 routing and switching then having to learn all of the new protocols and addressing for IPV6 is a long process.
also alot of businesses and residential routers and switches may not support the IPV6 addressing.
Aren't they already paying extra to maintain a static IP? Though I haven't researched the issue myself lately, I'd be surprised if any ISP currently provides (or has in the recent past) this on consumer-grade connections for free.
It's actually not all that different. All the basic ideas are the same.
There are some great resources at he.net to help with the IPv6 transition. Free IPv6 connectivity, even!
It's worth the time for people to learn.
I don't understand how an application can control a remote computer using something like Net Meeting, LogMeIn, etc. It seems like the application wouldn't know what computer to connect to, because of the router.
Is there a special Port number that is created on both computers.
What is it.
Is this really how it works? I always thought that your router just grabs an IP from your ISP that I call your "public ip" but the router has its own dhcp server (or static if you want) and gives your other devices like your pc or phone a local ip address.
Many third-party remote access applications like LogMeIn deliberately operate in a way that's meant to get around firewalls, dynamic IP addresses, corporate proxies, and other things that might generally make it difficult for someone to access their home computer.
Most consumer-grade firewalls only block (at least, by default) incoming connections - that is, attempts by outside computers to initiate connections to computers on your home network. NAT also prevents this by its very nature. Unless you've told the router what to do with an incoming connection (e.g.: with port forwarding rules) it doesn't know where to send it and therefore will drop it.
Most of the time you're using the Internet, your connections are outbound - i.e.: your system is the one initiating a request to an external server, not the other way around. Consumer-grade firewalls happily allow this by default, because that's the most user-friendly way to behave. (Otherwise, you'd have to bother yourself with creating your own whitelists just to do things like visit Google or get to your e-mail. This is something your average Internet user doesn't want to be bothered with, and generally doesn't properly know how to do anyway.) The NAT router can handle outbound requests automatically because can make note of which internal system made the request so that it will properly forward the reply when it comes.
Dynamic IP addressing is another problem you normally have to work around if you want to remote to your home computer. Typically, your computer is configured to automatically receive an IP address from your home network. The network will normally just give your computer whatever IP is the first available within its range. This means that, whenever you reboot your computer or move between networks, the computer is quite likely to change its IP address on the internal network. This will break whatever port forwarding you've set up at the router. You can eliminate this by setting your computer to use a static IP address or setting the DHCP server (usually your home router) to always give your computer the same address.
However, this only resolves the issue on the side of the internal home network - you still have to worry about your external IP address. Your external IP address is assigned by your Internet Service Provider. Typically, consumer-grade Internet connections do not come with static IP addresses. So, it is very possible - even likely - that the IP address you have today won't be the same one you'll have tomorrow. Unless you have some way of tracking this externally (e.g.: with a Dynamic DNS service) this could mean that you won't know your house's correct IP address when you try to access your home computer from the outside.
Corporate proxies can also create difficulties for employees who want to use services across the Internet which are generally not meant (for business purposes) to traverse beyond the organization's network perimeter. The usual way to get around this is to tunnel unapproved traffic through an approved (or, at least, not blacklisted) protocol like HTTP. Even better is to use an encrypted protocol, like HTTPS, so that it is harder (though not impossible) for the proxy to inspect and trigger a block on your traffic.
LogMeIn uses one simple mechanism to get around all the problems you might generally encounter on the most networks: Your home computer maintains a constant connection with the LogMeIn servers over HTTPS. Since this connection is outbound, encrypted, and using a port and protocol that is normal for authorized business traffic, it is very unlikely that it will be blocked by firewalls or proxies. The outbound nature of the connection also makes it easy for NAT routers to make sure the return traffic gets back to your home computer no matter what the local IP address is. Also, since your computer is in constant communication with LogMeIn's servers, this allows LogMeIn to always know what your house's external IP is.
The processes you describe are indeed how IP addresses are assigned. However, there need to be mechanisms in place to route that traffic properly. On the broader Internet, and in corporate networks, this is done by normal routing methods where both endpoints' local IP addresses are visible to each other and intervening routers just pass the traffic naturally from one end to the other.
The problem with doing the same with home networks, and many other networks connected to the Internet, is two-fold:
- Not everyone can afford or be bothered to get a reserved public IP address for every device on their network.
- There aren't enough IP addresses in the IPv4 address space to assign unique public IPs to every device in the world.
This is where RFC 1918 IP addresses and NAT routing come in. RFC 1918 address spaces are specifically reserved and excluded from Internet routing tables so that everyone has a few ranges of IPs that they can (more or less) arbitrarily assign to devices on their private network without having to worry about interfering with other networks on the other side of the Internet. NAT Routing allows home and corporate Internet routers to properly manage the traffic flow in conditions where multiple hosts reside behind one public IP address and private IP addresses should not be made public in order to avoid conflicts with other private networks.
This topic is now closed. New replies are no longer allowed.