On 12/10/2014 07:43 PM, Ted Lemon wrote:
A+P is for home gateways, not for servers. That said, most uses of A+P
exclude the well-known port range for assignment to home gateways, so if for
some strange reason you wanted to do A+P with servers, you could allocate those
ranges to servers. This is not a common or expected use of A+P, however, so
this is kind of moot. The essential point of A+P is that it creates
deterministic mappings, which makes carrier-grade NAT less painful and more
predictable. It really only makes sense in the context of a dual-stack
transition model, where you would always prefer IPv6 for flows between hosts
that support it.
So the expectation is that ISP's will replace your NAT/router with one
that meets this specification? Why would they just not replace it with a
IPv6 one? I still see no time
to implement gain if this is the plan.
If the mapping is done at the ISP layer and *not* the home router, then
they better NAT the IP
they give you, or your operating system firewall will go nuts trying to
figure out when and
what port range to open up. They can do that now with NAT, so why would
they implement?
*Or* your operating systems firewall software, virus protection, and
firewalls better be
updated to this specification before it is deployed.
If they NAT, then what is the gain over the current NAT? I can see this
may have been a great
alternative to NAT, but we already have NAT. So why would they implement?
How about port 6112 incoming, probably the most common gamer port.
(http://www.speedguide.net/port.php?port=6112)
Which DHCP home 1.2.3.4 IP address gets it? Or do all gaming servers
that connect to port 6112
on home systems have to be re-written to find the correct port dynamically?
I know about port 6112 because I did the IANA registration for UNIX/CDE
dtspcd on port 6112. I get many
emails from people wanting to know about their game and how to configure
it and their router (which I simply delete). Or maybe they are wrong and
it does not need to be incoming and makes no difference.
This would also break all dynamic-DNS servers. Many ISP's could care
less about home based dynamic-DNS
updated servers. Some care, it would break those that do not care.
It looks to me to be another DMARC type oops.
--
Doug Royer - (http://K7DMR.us / http://DougRoyer.US)
DouglasRoyer(_at_)gmail(_dot_)com
714-989-6135
smime.p7s
Description: S/MIME Cryptographic Signature