Writing

Software, technology, sysadmin war stories, and more. Feed
Thursday, August 22, 2013

Carrier grade NAT vs. IP devices for ordinary people

I noticed something interesting with a bit of consumer electronics the other day. After being plugged into a network, you then configure it by going to the company's web site. The device itself has no knobs, switches, or indeed, any way to get into it. Assuming your network does DHCP and grants the device a route to the outside world, then it'll be reasonably happy.

How do they manage to match up your eventual visit to their web site with the device you just put online? They don't have you install anything weird and interesting on your computer. It's just a visit in an ordinary, unmodified browser.

As best I can tell, they just match you up to your device by the public IP address -- that is, the one they see you using relative to their web site. After all, it's a pretty good bet that if you're coming from a given cable modem or DSL address, odds are, your device is too. You probably don't have one network for your device and another for your computer in your house.

Thinking about this some more, I wonder what will happen at the point that things like carrier-grade NAT really get cooking on the Internet in large quantities. It seems that if one of these ISPs winds up with more customers than public IP addresses, something will have to give. I imagine more than one customer might show up from the same ISP IP address. If two of these boxes are being set up at the same time, that could make life interesting.

This probably doesn't happen that often, but think about Christmas morning or something like that. Lots of people turn on their new scale or thermostat or video sender device, and it phones home. What if their neighbors also got one? All it would take is one really popular device some holiday season, and life would get interesting.

There's also the possibility of having multiple external addresses for the same household. I don't imagine that would be as common, but if you're already going for forced NAT craziness, what's one more step? Any of these scenarios could turn a design with good intentions into one of trouble and pain.

I don't have any good and easy solutions to this. I seem to recall that some devices used to come with these nasty little "helper" programs that would only work on specific builds of Windows. It would install from a CD and would then do some black magic on the network to look for the device. Then it would jump in and set it up with some proprietary gunk, and if it worked, then the device would be online.

Thinking of it now, some of these things probably just added a temporary alias to your network adapter to put it into a hard-coded network just long enough to reach the device... and woe to those who actually used that network in real life.