[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Typical additional latency for CGN?

Subject: Typical additional latency for CGN?
From: marka at isc.org (Mark Andrews)
Date: Thu, 11 Oct 2012 09:30:03 +1100
In-reply-to: Your message of "Wed, 10 Oct 2012 09:25:12 EDT." <[email protected]>
References: <CAHVFxg==eKy2f2PPyPpDCoT3H4yWdxo4nyYW758_iYUo2wScMg@mail.gmail.com> <CAD6AjGR9QV8MmB8yC4h29adBMOMj2j5dU-LiyT+PQWf_+7mjeA@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>

In message <Pine.LNX.4.61.1210100920590.26706 at soloth.lewis.org>, Jon Lewis writ
es:
> I just spent a few minutes looking into this again, and figured out the 
> problem.  AT&T has apparently changed the way their CGN works.  I use a 
> form of port knocking to restrict access to SSHd from "foreign" networks. 
> It used to work fine from my phone.  Now, the port knocking request from 
> the phone and the ssh connection are being NAT'd to different public IPs, 
> so my system is allowing ssh access to one AT&T IP, and then the ssh 
> connection comes from a nearby but different IP.

Which is a badly designed CGN.  I turns singly homed clients into
multi-homed client where the client has no control over the source
address selection. At least with real multi-homed clients they have
the ability to force source addresses to match.

> On Wed, 10 Oct 2012, Owen DeLong wrote:
> 
> > The day before I left the US, it was still working on my iPad.
> >
> > Owen
> >
> > On Oct 8, 2012, at 5:20 AM, Jon Sands <fohdeesha at gmail.com> wrote:
> >
> >> On 10/7/2012 9:22 PM, Jon Lewis wrote:
> >>> has anyone else noticed AT&T mobile is blocking ssh (outgoing 22/tcp) con
> nections?
> >>
> >> Not here, have an SSH session open on my phone on port 22 as we speak. I'm
>  on an android on ATT's 3G network in central indiana, if that matters.
> >>
> >> --
> >> Jon Sands
> >> Fohdeesha Media
> >> http://fohdeesha.com/
> >>
> >
> >
> >
> 
> ----------------------------------------------------------------------
>   Jon Lewis, MCP :)           |  I route
>   Senior Network Engineer     |  therefore you are
>   Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

Follow-Ups:
- Typical additional latency for CGN?
  - From: owen at delong.com (Owen DeLong)

References:
- Typical additional latency for CGN?
  - From: tal at whatexit.org (Tom Limoncelli)
- Typical additional latency for CGN?
  - From: cb.list6 at gmail.com (Cameron Byrne)
- Typical additional latency for CGN?
  - From: owen at delong.com (Owen DeLong)
- Typical additional latency for CGN?
  - From: jlewis at lewis.org (Jon Lewis)
- Typical additional latency for CGN?
  - From: fohdeesha at gmail.com (Jon Sands)
- Typical additional latency for CGN?
  - From: owen at delong.com (Owen DeLong)
- Typical additional latency for CGN?
  - From: jlewis at lewis.org (Jon Lewis)

Prev by Date: Wired access to SMS?
Next by Date: Typical additional latency for CGN?
Previous by thread: Typical additional latency for CGN?
Next by thread: Typical additional latency for CGN?
Index(es):
- Date
- Thread