The alternative to forcing everyone to use IPv6?

Standard
NAT categorization according to RFC 3489

NAT categorization according to RFC 3489 (Photo credit: Wikipedia)

A couple of weeks ago I wrote about what I saw as the apparent suggestion from the government that we in the UK would all be forced to use IPv6 to meet the government’s and the police’s desire to be able to match an IP address to an end user. It seems there may be a, superficially at least, simpler alternative.

The fundamental problem today is that there are simply not enough of the Bog-standard IPv4 addresses around to allow every device to be given its own, unique, IP address. Instead what is called “network address translation” (NAT) is commonly used. If you have a router at home and have more than one device then you will almost certainly be using NAT even if you do not realise it. Indeed BT has started to insist that even your router is placed behind NAT – so called “carrier grade NAT” – as they have run out of IPv4 addresses to allocate.

More importantly, Britain’s mobile phone companies all use NAT to get all your phones and tables online even though they only have a few hundred IP addresses to play with.

In essence, NAT works like this – your router (or the mobile phone company’s “router”) has a real world IP address and all your devices inside your private network (or the mobile telco’s network) have private IP addresses – there are lots of these and they can be reused as they are “private” and not visible to the outside world – e.g. most likely your and your neighbour’s routers “share” a private address of 192.168.1.1 or 192.168.1.254.

To ensure that, say replies to your laptop don’t get mixed up with replies to your Wii, your router associates a port number with your internal private address (all internet communications have a destination number known as the port – so if you want to contact a webserver you hit on port 80 (the standard port on which a webserver listens for requests) and the webserver then replies to your  destination port , the details of which are in the request to the webserver). So, if both the laptop and the Wii were expecting a reply from the BBC’s website and your router had the external IP address of 2.1.2.1, your router would know that when the BBC sent a reply to 2.1.2.1:30101 that port 30101 was the listening port on the laptop and route the reply there (by “translating” the address to, say 192.168.1.10:30101) and that the reply to 2.1.2.1:25674 was for the Wii and should be translated to 192.168.1.11:25674 and so on.

So, one way to avoid having to force everyone to use IPv6 to make their use of the internet traceable is to force mobile phone companies to log these NAT port assignments. That way is simpler for all concerned – except, probably, the mobile phone companies, who are landed with big technical difficulties (can they even do this? Their networks may not be set up to pay much attention to who gets what NAT port and so changing this could be hellishly difficult and expensive – a cost, of course that consumers will eventually have to pay.)

More details here.