[Chugalug] EPB introduces CGNAT on Residential Circuits

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[Chugalug] EPB introduces CGNAT on Residential Circuits

Dave Brockman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just curious if anyone else received the CGNAT upgrade from EPB last
night?  If your "WAN" IP is between 100.64.0.0 - 100.127.255.255, you
are now behind CGNAT.  Checking your outside IP from ipchicken.com or
similar should give you a different IP address, the range mentioned
above is not globally routed (think RFC1918, like 192.168.X.X).
  I suspect the NAT portion wasn't working correctly first thing this
morning, but even after they restored "Internet" connectivity to my
circuit, I could not complete IPSEC tunnels across the CGNAT.  Debug
logs show the initial ISAKMP packets are correct (the Tunnel-Group Name
and Secret are successfully exchanged), but subsequent ISAKMP packets
appeared to be manged by the state/NAT machine (ISAKMP proposals were
stripped from ISAKMP packets beyond the initial exchange, although the
modified packets did reach both ends).  Very strange behavior indeed.
  To be fair, EPB did put me back on a real IP address upon request.
But I really wish they had applied the effort and expense spent upon
CGNAT deployment on IPv6 deployment.  I hope this current round of
short-sightedness from whoever dictates what they will sell to whom for
how many donuts has not spread to the people who design the network and
plan its future expansion.  100Mb/s or 1000Mb/s just makes CGNAT suck
harder and faster, not any less.

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWHur1AAoJEMP+wtEOVbcdiC4IAKsrvVg+0TmRzUMZPOMzZp3j
3LJvZx0R0i3gw2xt33aLlDkjL6pJP4roabHBaZfCvqP7wRWBq4+Vvg/wL99a78P4
Q/mZU+A0t7rEsQWd7ssQ0VArJ5oUVyf5LAAcEMyaAlkFBVElCj+JT7/DAHuZygbN
ft6hcIM7XWiNZhxSbGXi/S1MQZRS+RZ6RxNTZjq6OauCZCReiq/3/WAHYidTejKa
Xo8Hulzem0JLH+twCfGwtZxviGLlQqrTiFKsV40qJPvrRpm4zLLTy/nl+t92hHLq
0kDhComwnBXYeWFkCbepdq3o4yXeZMHerAnVt6yFCIjCRzJP3KYZxp5vU85vIoM=
=xMZ1
-----END PGP SIGNATURE-----
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

Stephen Haywood
A couple of weeks ago my address changed from 66.85.225.x to 173.247.19.x. Hopefully, I won’t end up with the CGNAT. I may finally have to switch to a business account if I do.
--
Stephen Haywood
Owner: ASG Consulting
423.305.3700
[hidden email]



> On Oct 14, 2015, at 7:53 PM, Dave Brockman <[hidden email]> wrote:
>
> Signed PGP part
> Just curious if anyone else received the CGNAT upgrade from EPB last
> night?  If your "WAN" IP is between 100.64.0.0 - 100.127.255.255, you
> are now behind CGNAT.  Checking your outside IP from ipchicken.com or
> similar should give you a different IP address, the range mentioned
> above is not globally routed (think RFC1918, like 192.168.X.X).
>   I suspect the NAT portion wasn't working correctly first thing this
> morning, but even after they restored "Internet" connectivity to my
> circuit, I could not complete IPSEC tunnels across the CGNAT.  Debug
> logs show the initial ISAKMP packets are correct (the Tunnel-Group Name
> and Secret are successfully exchanged), but subsequent ISAKMP packets
> appeared to be manged by the state/NAT machine (ISAKMP proposals were
> stripped from ISAKMP packets beyond the initial exchange, although the
> modified packets did reach both ends).  Very strange behavior indeed.
>   To be fair, EPB did put me back on a real IP address upon request.
> But I really wish they had applied the effort and expense spent upon
> CGNAT deployment on IPv6 deployment.  I hope this current round of
> short-sightedness from whoever dictates what they will sell to whom for
> how many donuts has not spread to the people who design the network and
> plan its future expansion.  100Mb/s or 1000Mb/s just makes CGNAT suck
> harder and faster, not any less.
>
> Regards,
>
> dtb
>
> _______________________________________________
> Chugalug mailing list
> [hidden email]
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

signature.asc (859 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

willmwade
Administrator
In reply to this post by Dave Brockman

On Wed, Oct 14, 2015 at 7:53 PM, Dave Brockman <[hidden email]> wrote:
IPv6 deployment


Agreed. I think I would be ok with loosing an IPv4 address if I at least had an IPv6 address. Mine is still in the 104.251.x.x range and same outside as in, so ok for now.

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

Lynn Dixon

I'm still getting a 23.251.*.* ip or at least thats what pfsense and ipchicken are showing.  Out in ooltewah I'd that matters.

On Oct 14, 2015 8:55 PM, "Wil Wade" <[hidden email]> wrote:

On Wed, Oct 14, 2015 at 7:53 PM, Dave Brockman <[hidden email]> wrote:
IPv6 deployment


Agreed. I think I would be ok with loosing an IPv4 address if I at least had an IPv6 address. Mine is still in the 104.251.x.x range and same outside as in, so ok for now.

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

John Dills
In reply to this post by willmwade
Upon request, EPB will remove the CGN/LSN, if you're affected. It's free and all you need to do is give us a call at 423-648-1372! You can even ask for me, if I'm there I'll be more than happy to help. 

There's no need to switch to a business account  to remove LSN. 

Thanks,
John Dills




On Oct 14, 2015, at 8:54 PM, Wil Wade <[hidden email]> wrote:


On Wed, Oct 14, 2015 at 7:53 PM, Dave Brockman <[hidden email]> wrote:
IPv6 deployment


Agreed. I think I would be ok with loosing an IPv4 address if I at least had an IPv6 address. Mine is still in the 104.251.x.x range and same outside as in, so ok for now.
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug

_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

Dave Brockman
In reply to this post by willmwade
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/14/2015 8:54 PM, Wil Wade wrote:
z>
> On Wed, Oct 14, 2015 at 7:53 PM, Dave Brockman <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     IPv6 deployment
>
/sigh. I tried really hard not to make it a rant.
>
> Agreed. I think I would be ok with loosing an IPv4 address if I at lea
st
> had an IPv6 address.

Go back to v6 school.  We don't ask for an IPv6 address, we should be
given a /56! :)

- --dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWHx+xAAoJEMP+wtEOVbcdyYgH/0D7wmqwiBIC6AiknrK+jPgl
9Iiuq8NBbVnNr6WqOrmxHEgGQZb255LQ4blwRLCh/sWakiUYpXybKc/OBhlJseVK
4+bLs10WHeucEaXwdbsC7yajanNT+WeHScubAA72cOPw6cipAFaA7jmQ911LJ0QD
h8yknKYcr5SSgqJHAn/ienJzB7kCb0BRz2XMSUlzFIWyHLrtm58SBRHe7iyubuYM
posJdUJ7VCAr11A9pEytmZdxzgFND5RCrkMmstdWq75rYy+tjMHZQk1rMV6ez6Xz
gV8o7V9p3V9u/HDosKmXIhaMJdK/e0qFP/NSxt138o0NyNjUHuDNdR/s10CxI64=
=gVnE
-----END PGP SIGNATURE-----
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

Howard, Christopher
I'd be alright with just a /64. :)  One subnet is better than nothing.

-Christopher

On Oct 14, 2015, at 11:38 PM, Dave Brockman <[hidden email]> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/14/2015 8:54 PM, Wil Wade wrote:
z>
On Wed, Oct 14, 2015 at 7:53 PM, Dave Brockman <[hidden email]
<[hidden email]>> wrote:

   IPv6 deployment

/sigh. I tried really hard not to make it a rant.

Agreed. I think I would be ok with loosing an IPv4 address if I at lea
st
had an IPv6 address.

Go back to v6 school.  We don't ask for an IPv6 address, we should be
given a /56! :)

- --dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWHx+xAAoJEMP+wtEOVbcdyYgH/0D7wmqwiBIC6AiknrK+jPgl
9Iiuq8NBbVnNr6WqOrmxHEgGQZb255LQ4blwRLCh/sWakiUYpXybKc/OBhlJseVK
4+bLs10WHeucEaXwdbsC7yajanNT+WeHScubAA72cOPw6cipAFaA7jmQ911LJ0QD
h8yknKYcr5SSgqJHAn/ienJzB7kCb0BRz2XMSUlzFIWyHLrtm58SBRHe7iyubuYM
posJdUJ7VCAr11A9pEytmZdxzgFND5RCrkMmstdWq75rYy+tjMHZQk1rMV6ez6Xz
gV8o7V9p3V9u/HDosKmXIhaMJdK/e0qFP/NSxt138o0NyNjUHuDNdR/s10CxI64=
=gVnE
-----END PGP SIGNATURE-----
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

Dave Brockman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/15/2015 9:14 AM, Howard, Christopher wrote:
> I'd be alright with just a /64. :)  One subnet is better than
> nothing.
>

Assigning or accepting a /64 is extremely short-sighted.

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWH6iKAAoJEMP+wtEOVbcdvYYIAINKrdekuM+isgpqUk578+sE
FT6lbMHFqGOpwFnqj+mqtTMqk8KwMdOac+7WMM4arHf8QUgOKB/qLv555EyOYU/S
MYauw9PJMigft6LifwkPzt0QqX7Yl9qLQxYM9fEpRjNpxT4EK4u3pH3AOvqj1KQY
5bdO7623OzeZb5NStuUgVpjLXp7rbOcJteU5607WOovY1jY3rvl/tC26HJflGLsh
eP9WReauJD6sppEHyenUbiPYQP3fWvTKWO/dUh4skGKFeFUAOBiJPGsXDfYeKCBV
GuEXh80a7sjeQgMY4qy3lZD0MiGyQ1TFsTBix2RCGB8CuqntGJqgVjFH9ek+rUI=
=rIDg
-----END PGP SIGNATURE-----
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

Howard, Christopher
At home I'd think a /64 is fine for the majority.  They will never realize what they have.  Businesses on the other hand, I'd agree with you.

If EPB wants to give me a /56 at home, I'd gladly give every single one of my devices it's own /64. 

-Christopher

On Oct 15, 2015, at 9:22 AM, Dave Brockman <[hidden email]> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/15/2015 9:14 AM, Howard, Christopher wrote:
I'd be alright with just a /64. :)  One subnet is better than
nothing.


Assigning or accepting a /64 is extremely short-sighted.

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWH6iKAAoJEMP+wtEOVbcdvYYIAINKrdekuM+isgpqUk578+sE
FT6lbMHFqGOpwFnqj+mqtTMqk8KwMdOac+7WMM4arHf8QUgOKB/qLv555EyOYU/S
MYauw9PJMigft6LifwkPzt0QqX7Yl9qLQxYM9fEpRjNpxT4EK4u3pH3AOvqj1KQY
5bdO7623OzeZb5NStuUgVpjLXp7rbOcJteU5607WOovY1jY3rvl/tC26HJflGLsh
eP9WReauJD6sppEHyenUbiPYQP3fWvTKWO/dUh4skGKFeFUAOBiJPGsXDfYeKCBV
GuEXh80a7sjeQgMY4qy3lZD0MiGyQ1TFsTBix2RCGB8CuqntGJqgVjFH9ek+rUI=
=rIDg
-----END PGP SIGNATURE-----
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug


_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
Reply | Threaded
Open this post in threaded view
|

Re: [Chugalug] EPB introduces CGNAT on Residential Circuits

Dave Brockman
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/15/2015 9:36 AM, Howard, Christopher wrote:
> At home I'd think a /64 is fine for the majority.  They will never
> realize what they have.  Businesses on the other hand, I'd agree with
you.
>
> If EPB wants to give me a /56 at home, I'd gladly give every single on
e
> of my devices it's own /64.

It's not to give every device a /64, it's so your other devices can
request subnets from the original device, the subnets get smaller with
each request, the goal is at least 15 devices able to request addressing
from the original router.

Regards,

dtb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJWH+eYAAoJEMP+wtEOVbcdQbUH/1pjn5KnGu3pXqCp/GiHMjgk
nrC06J/mcso8eDLedjd/WY3mOO0ueB7U+3H3AqcQied0aNgHD+SnrZXyWlnbjW1/
gzsSjb6PL94mLDSONDpRDtIgwgoBXSMaY1X8kXVa1iK7ZYoJ3b7SOqevA+QNb4VQ
UwK4Ef9PPoeRolxvHaYqJJ+wTYqs8hKAUIcIp/PF9JyZ+9MxlosCs/6fT011+yXk
eSwilZphWHcI8ydr/FrdD+u5Igvmi5Q05+7BDCe9jW8RKqf4j4kv14A84ixVVcMd
JeMtrbr3ivcJSBIvG9+iG1iKHf9Pn/p5T9YnDg+0goNW8Qcddl1/OhPiGVg9X/o=
=hDTz
-----END PGP SIGNATURE-----
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug