Alastair Johnson wrote:
Jonny Martin wrote:
At the risk of taking this thread somewhere it shouldn't - do we even care about end to end connectivity anymore?
For the majority of people? No. End-to-End has been gone for a long time, as you correctly point out.
Has it really? Some of the common protocols are: HTTP, HTTPS, IMAP, POP3, SMTP, bittorrent, emule, gnutella, napster, DC, NNTP. IRC, MSN, Windows traffic (SMB, Winpopup etc), warcraft, CitrixICA, RTSP, Counter Strike, DNS, Battlefield 2, XBox, WMP, GRE, IPSec, SIP, IAX2. (and so on) Of these protocols: * Doesn't care about E2E as long as the server is public: HTTP, HTTPS, IMAP, POP3, SMP, NNTP, CitrixICA, RTSP(?), Warcraft, CounterStrike, DNS, Battlefield2, XBox (?), WMP, IAX2. * Has reduced functionality in the presence of NAT: Bittorrent, emule, gnutella, napster, DC, IRC (DCC doesn't work), MSN (I believe), Windows traffic, GRE, IPSec, SIP. Now many of the protocols in the "reduced functionality" area are aware of NAT and try (some more successfully than others) to soften it's effects. Most still require, or at least perform better if you statically forward a port from the NAT gateway (and many will try and do this via UPnP if possible). Some can work via NAT so long as only one client at a time uses them from behind the NAT. All the ones in the first category require you run a server thats not NATted (or at least portforwarded). Of those protocols, HTTP, HTTPS and DNS are the only ones that can be trivially proxied. Most of the others work over a web proxy, many of the later ones are UDP or IP based and can't be transported over an HTTP Proxy. The interesting question is what proportion of an ISP's customers are only using POP3/SMTP/HTTP and are unlikely to notice NAT. Then we get into issues about your NAT box. For instance TCP's WindowScale option is often corrupted by state tracking firewalls causing TCP connections to falter and stall if your TCP stack is optimised for high bandwidth delay networks. Does your NAT box understand all TCP options, (including the weird ones like MD5 signatures or T/TCP?), Does your NAT box correctly deal with all ICMP codes? What about non UDP/ICMP/TCP protocols such as GRE, IPSec (AH and ESP?), DCCP, or SCTP? How much state can these boxes deal with? Can they deal with one client suddenly creating a few thousand or million state entries?
I wonder how many large ISPs are currently looking at NATing their dialup pools. Given that most people still using dialup these days don't actually need end-to-end connectivity, and it's low-bandwidth/low-connection volume (and reasonably easy to implement on the NAS, rather than needing giant NAT boxes), it's a quick win to reclaim some address space if you're really hurting.
Are all the users that are trying to use the more sophisticated protocols all using broadband? Is broadband available in their areas? How good is the NAT implementation in these boxes?