Move to VOIP an CGNAT

[David Wade]

Folks,

Just a quick question. I know many of the new Fibre suppliers use CGNAT
on their services. I also know this can cause issues with VOIP and SIP
in particular, as, for example A&A have a VPN service designed to get
round this issue.

So, is this an issue in practice?

Don't mobile networks also use CGNAT ? is this also an issue for mobile
apps?

Dave

[The Natural Philosopher]

I don't see why fibre would imply a move to CGNAT.


--
The theory of Communism may be summed up in one sentence: Abolish all
private property.

Karl Marx

[SH]

On 16/07/2023 10:22, David Wade wrote:

I dont think fibre networks actally use CG NAT, its just dynamically
allocated IPs.

Its the mobile phone networks that use CG NAT.

Some fibre providers do provide an option to have a Static IP, I have a
FREE static IP address provided upon request, this is with Vodafone
Gigafast that is on the City Fibre ALt-Net.

[The Natural Philosopher]

On 16/07/2023 10:22, David Wade wrote:

The issue with NAT is that it makes *incoming* opening of TCP/UDP
connections harder.

Normally an outgoing app will have no issues.

Incoming listeners have to register, and maybe keep registering, their
(translated) port/IP addresses with some centralised server.

That's no different, however, between local NAT and CGNAT...


--
Climate Change: Socialism wearing a lab coat.

[The Natural Philosopher]

There is simply no reason to dynamically allocate IP addresses to
'always on' services.

My fixed IP address is *de rigeur* with IDNET.


--
Future generations will wonder in bemused amazement that the early
twenty-first century’s developed world went into hysterical panic over a
globally average temperature increase of a few tenths of a degree, and,
on the basis of gross exaggerations of highly uncertain computer
projections combined into implausible chains of inference, proceeded to
contemplate a rollback of the industrial age.

Richard Lindzen

[Joe]

On Sun, 16 Jul 2023 10:30:26 +0100
The Natural Philosopher <t...@invalid.invalid> wrote:


> There is simply no reason to dynamically allocate IP addresses to
> 'always on' services.
>

Indeed not, but it's not easy to get a fixed IP. Salespeople for many
ISPs don't even know what that means, and BT a few years ago were
charging £10 a month for a fixed address on a *business* account.
And a 'fixed' IP address is simply a dynamic one with a reservation,
which takes about two minutes to set up, as a one-off thing.
I'm on Plusnet (oddly, part of BT) which was one of three ISPs I could
find about five years ago offering fixed, and I couldn't afford A&A.

What you can't generally find out in advance is which ISPs have an
interest in staying off email blacklists, and I know for a fact that BT
doesn't. I've advised three former business clients to move away from
BT, and they all suffered for not doing so.

--
Joe

[David Wade]

On 16/07/2023 10:26, The Natural Philosopher wrote:
> On 16/07/2023 10:22, David Wade wrote:
>> Folks,
>>
>> Just a quick question. I know many of the new Fibre suppliers use
>> CGNAT on their services. I also know this can cause issues with VOIP
>> and SIP in particular, as, for example A&A have a VPN service designed
>> to get round this issue.
>>
>> So, is this an issue in practice?
>>
>> Don't mobile networks also use CGNAT ? is this also an issue for
>> mobile apps?
>>
>> Dave
>
> I don't see why fibre would imply a move to CGNAT.
>
>

Its not the Fibre but the suppliers. They were late on the scene in IP
terms and so don't have enough routable IPV4 addresses to give one to
every user.

It would be expensive and challenging to obtain more.

So for example by default both City Fibre and Giganet use CGNAT
addresses. They will sell you a fixed routable IP for a monthly fee.

Dave

[David Wade]

On 16/07/2023 10:27, SH wrote:

> On 16/07/2023 10:22, David Wade wrote:
>> Folks,
>>
>> Just a quick question. I know many of the new Fibre suppliers use
>> CGNAT on their services. I also know this can cause issues with VOIP
>> and SIP in particular, as, for example A&A have a VPN service designed
>> to get round this issue.
>>
>> So, is this an issue in practice?
>>
>> Don't mobile networks also use CGNAT ? is this also an issue for
>> mobile apps?
>>
>> Dave
>
> I dont think fibre networks actally use CG NAT, its just dynamically
> allocated IPs.
>

by default City Fibre uses CGNAT

> Its the mobile phone networks that use CG NAT.
>
> Some fibre providers do provide an option to have a Static IP, I have a
> FREE static IP address provided upon request, this is with Vodafone
> Gigafast that is on the City Fibre ALt-Net.

Yes but some make a monthly charge for this....

Dave

[David Wade]

SIP needs inbound connections.
My router has SIP detection and opens and routes the ports as needed.
I can't do that on the ISPs CGNAT

[The Natural Philosopher]

On 16/07/2023 11:14, David Wade wrote:
> SIP needs inbound connections.
> My router has SIP detection and opens and routes the ports as needed.
> I can't do that on the ISPs CGNAT

You probably could. SIP works *behind* router NAT.
--
Ideas are more powerful than guns. We would not let our enemies have
guns, why should we let them have ideas?

Josef Stalin

[SteveW]

On 16/07/2023 10:59, Joe wrote:
> On Sun, 16 Jul 2023 10:30:26 +0100
> The Natural Philosopher <t...@invalid.invalid> wrote:
>
>
>> There is simply no reason to dynamically allocate IP addresses to
>> 'always on' services.
>>
>
> Indeed not, but it's not easy to get a fixed IP. Salespeople for many
> ISPs don't even know what that means, and BT a few years ago were
> charging £10 a month for a fixed address on a *business* account.
> And a 'fixed' IP address is simply a dynamic one with a reservation,
> which takes about two minutes to set up, as a one-off thing.

I'm with Virgin. They don't offer static IP on domestic contracts, but I
had read in advance that the dynamic IPs very rarely change - even after
router reboots, power outages, etc. So far I've had the same IP address
for the 3 years that I've been with them.

[Tweed]

City Fibre is not an ISP. Whether or not you get a routeable IP address
depends on which ISP you select to run over CF. CF is unusual amongst the
altnets in this respect. Many of the others altnet fibre suppliers are also
the sole ISP. That’s where you can run into trouble with CGNAT.

[David Wade]

On 16/07/2023 11:19, The Natural Philosopher wrote:
> On 16/07/2023 11:14, David Wade wrote:
>> SIP needs inbound connections.
>> My router has SIP detection and opens and routes the ports as needed.
>> I can't do that on the ISPs CGNAT
>
> You probably could. SIP works *behind* router NAT.

If thats the case why do A&A offer a VPN service specially to allow VOIP
users to by-pass NAT?

Dave

[Jeff Gaines]

On 16/07/2023 in message

<20230716105...@jrenewsid.jretrading.com> Joe wrote:

>What you can't generally find out in advance is which ISPs have an
>interest in staying off email blacklists, and I know for a fact that BT
>doesn't. I've advised three former business clients to move away from
>BT, and they all suffered for not doing so.

That's interesting. I have suffered that with Heart Internet who were
black-listed by Yahoo but you are the first person who has mentioned it in
a post I have seen.

--
Jeff Gaines Dorset UK
I've been through the desert on a horse with no name.
It was a right bugger to get him back when he ran off.

[Jeff Gaines]

On 16/07/2023 in message <u90flo$o11e$1...@dont-email.me> David Wade wrote:

>Its not the Fibre but the suppliers. They were late on the scene in IP
>terms and so don't have enough routable IPV4 addresses to give one to
>every user.

What happened to IPV6? It's been here for years but nobody seems to use it.

--
Jeff Gaines Dorset UK

There are 3 types of people in this world. Those who can count, and those
who can't.

[The Natural Philosopher]

On 16/07/2023 12:07, Jeff Gaines wrote:
> On 16/07/2023 in message <u90flo$o11e$1...@dont-email.me> David Wade wrote:
>
>> Its not the Fibre but the suppliers. They were late on the scene in IP
>> terms and so don't have enough routable IPV4 addresses to give one to
>> every user.
>
> What happened to IPV6? It's been here for years but nobody seems to use it.
>

It's pretty horrible really.

--
You can get much farther with a kind word and a gun than you can with a
kind word alone.

Al Capone

[The Natural Philosopher]

Why don't you ask them?
Perhaps there are other protocols in use than SIP

> Dave

[Joe]

On 16 Jul 2023 11:06:10 GMT

"Jeff Gaines" <jgne...@outlook.com> wrote:

> On 16/07/2023 in message
> <20230716105...@jrenewsid.jretrading.com> Joe wrote:
>
> >What you can't generally find out in advance is which ISPs have an
> >interest in staying off email blacklists, and I know for a fact that
> >BT doesn't. I've advised three former business clients to move away
> >from BT, and they all suffered for not doing so.
>
> That's interesting. I have suffered that with Heart Internet who were
> black-listed by Yahoo but you are the first person who has mentioned
> it in a post I have seen.
>

Generally the whole IP block gets on a blacklist, and unless the ISP is
willing to discipline the actual offender and pay to get taken off the
list, there's not a lot you can do. Another reason for using a
'professional' ISP rather than the cheaper mass-market ones is that
their other customers are less likely to be hacked and turned into
malware distributors.

But if you're on a blacklist, all you can do is use a smarthost, which
your ISP or domain host may provide. I could probably do that now I'm
retired, but previously I needed to see the actual transaction with the
destination SMTP server when a client had an email problem. I moved from
Demon, when Vodafone finally killed it, to Plusnet, and both seem to
have been clean.

--
Joe

[Woody]

I can beat that. Mine has been unchanged for must be getting on for 20
years!

[Marco Moock]

Am 16.07.2023 um 10:22:08 Uhr schrieb David Wade:

> Just a quick question. I know many of the new Fibre suppliers use
> CGNAT on their services. I also know this can cause issues with VOIP
> and SIP in particular, as, for example A&A have a VPN service
> designed to get round this issue.

Use IPv6 for VoIP and you don't need to care.
CGNAT makes incoming calls with VoIP mostly impossible.

[Theo]

I've run A&A's SIP service over a number of ISP routers. I only remember
having to change router settings once - I think it might have been Plusnet
maybe a decade ago. STUN should handle the case where the local IP is not
the same as the public IP, which is the case for domestic NAT and for CGNAT.

In the case of A&A, having IPv6 should avoid NAT altogether, and that is
what A&A recommend: they effectively say they don't really support their SIP
service unless there's Proper Internet (which they provide to their
customers, of course).

The VPN service is for other things that using their VOIP service - for
example, inbound connections to machines on the network. For SIP you could
also use it for inbound SIP trunks to your PABX - ie rather than your client
talking to A&A's server, an A&A customer hosts a SIP PABX on their network
and allows clients to connect to it. For that you need incoming public IPs.

Theo

[Michael Chare]

On 16/07/2023 10:59, Joe wrote:

Plusnet made a one time charge of £5 for a fixed IP address. Dynamic DNS
services can be an alternative. Voip clients don't have to be behind a
fixed adddress as they register with a server using a DNS name.

--
Michael Chare

[Michael Chare]

On 16/07/2023 11:14, David Wade wrote:

Sip clients establish a connection to a Sip server by registering. The
clients can be behind Nat. They keep reregistering maybe every minute.

I use three different Sip providers. They are the same in that respect.
I use a Gigaset N300 Dect base station and Gigaset Dect phones. The
N300 can register with several different providers at the same time.

[Jeff Gaines]

On 16/07/2023 in message <u90jop$ogqd$1...@dont-email.me> The Natural

Philosopher wrote:

>On 16/07/2023 12:07, Jeff Gaines wrote:
>>On 16/07/2023 in message <u90flo$o11e$1...@dont-email.me> David Wade wrote:
>>
>>>Its not the Fibre but the suppliers. They were late on the scene in IP
>>>terms and so don't have enough routable IPV4 addresses to give one to
>>>every user.
>>
>>What happened to IPV6? It's been here for years but nobody seems to use
>>it.
>>
>It's pretty horrible really.

Isn't it just bigger numbers so a lot more available?

--
Jeff Gaines Dorset UK

There are 10 types of people in the world, those who do binary and those
who don't.

[The Natural Philosopher]

Similar length of time with IDNET.
--
All political activity makes complete sense once the proposition that
all government is basically a self-legalising protection racket, is
fully understood.

[The Natural Philosopher]

On 16/07/2023 13:26, Jeff Gaines wrote:
> On 16/07/2023 in message <u90jop$ogqd$1...@dont-email.me> The Natural
> Philosopher wrote:
>
>> On 16/07/2023 12:07, Jeff Gaines wrote:
>>> On 16/07/2023 in message <u90flo$o11e$1...@dont-email.me> David Wade wrote:
>>>
>>>> Its not the Fibre but the suppliers. They were late on the scene in
>>>> IP terms and so don't have enough routable IPV4 addresses to give
>>>> one to every user.
>>>
>>> What happened to IPV6? It's been here for years but nobody seems to
>>> use it.
>>>
>> It's pretty horrible really.
>
> Isn't it just bigger numbers so a lot more available?
>

Yes, but no one uses it because no one uses it :-)

[Ian]

On 2023-07-16, Jeff Gaines <jgne...@outlook.com> wrote:
> On 16/07/2023 in message <u90jop$ogqd$1...@dont-email.me> The Natural
> Philosopher wrote:
>
>>On 16/07/2023 12:07, Jeff Gaines wrote:
>>>On 16/07/2023 in message <u90flo$o11e$1...@dont-email.me> David Wade wrote:
>>>
>>>>Its not the Fibre but the suppliers. They were late on the scene in IP
>>>>terms and so don't have enough routable IPV4 addresses to give one to
>>>>every user.
>>>
>>>What happened to IPV6? It's been here for years but nobody seems to use
>>>it.
>>>
>>It's pretty horrible really.
>
> Isn't it just bigger numbers so a lot more available?
>

It certainly is.

Ramble/rant follows...

We've just had our fibre lit up, and went with Zen, as we already had ADSL from them
as a backup for <undesirable rodent> Media, who have been unable to deliver a reliable
cable service for the 12 months we've been here.

Can't fault Zen, upgraded the contract with no penalty, even kept the same static IP
on the fibre as we had on ADSL. Not quite so impressed with the physical install by
City Fibre. First crew gave up, supposedly because they needed a crane to get over
some trees. Second crew managed without one, but pointed out the first crew hadn't
put up a long enough drop from the pole to reach the wall box, which is probably
why they scarpered. Luckly they could move the wall box and got it working, though
I don't like how the flimsy fibre cable (~4mm jacketed) is nailed to the wall, and
a good breeze will probably bring down the drop cable, along with a few branches of
the tree it's wrapped around.

Download speed is top notch, rock solid 100MBps (that's Bytes...) downloading a 35GB
game on Steam. Ping isn't much better than cable / ADSL. Haven't been able to get
anywhere near Gbit upload speeds though. With a fast laptop straight in to the Zen
router (FritxBox) gets ~450Mbps. By the time it's been through our firewall, internal
router and a couple of switches the best we see on the PC is about 60Mbps up, so
not much better than cable was (download on the same PC gets the full Gbit speed).
Need to figure out where the bottleneck is, probably some MTU or window size issue
internally, as the physical is all Gbit. Another job to do, and I already spend
half my working time looking at TCP traces and comms dumps :(

Anyway, looking forward to a chat with VM when the contract comes up for renewal.
Hopefully we can keep a cable service as a backup, but dropping it down to the lowest
(cheapest) tier, just out of spite for them screwing loyal customers with an
annual inflation+4% cost increase. Intrestingly they recently increased our service
to 1Gbit "for free", probably knowing we'd be looking at fibre very soon. Wonder
if they were hoping to slam us into the higher price tier at renewal?

So now we have three bits of wet string that can supply broadband - copper pair,
co-ax cable and fibre. We want to keep two of those live, as internet is essential,
but are they likely to deprecicate the coax and copper lines, and insist all future
broadband is fibre only? Time will tell...

What about IPv6 then?. While futzing about on the new Zen router, I noticed it showed
some IPv6 addresses, a /64, presumably for the WAN link, and a /48. Nice, I thought,
as we've been using Hurricane Electric to give us an IPv6 /48. Quick call to
Zen confirmed thay yes, IPv6 was live on our service, so started to see if I could
get it working - much better to have a fast direct link than a tunneled one.
Then the nightmares returned from when I set ip all up in the first place. IPv6 is
an over-complicated, unreliable, incompatible abortion of a protocol. With IPv4
you configure your address, some static routes, and NAT if you want it, and off
you go. With IPv6 you have to hope some SLACC or DHCPv6 gets you an address, and
if you're lucky you catch a Router advertisment and get a default route. If you want
to have static routes to private networks you need to configure addresses carefully,
as the auto ones may change. Then you have to configure your /48 prefix on all internal
systems (and if you change ISP you need to change it, and all the corresponding
firewall rules). It's all do-able, but a right-royal pain in the arse. In the end
I decided IPv6 was more trouble than it's worth, and instead of switching to an
ISP-supplied IPv6 connection I ripped it all out, removed all the AAAA records from
the DNS and dropped the HE tunnel. Funny how everything still works just fine.

IPv6 must be one of the worst technical innovations of recent times (I don't count
twitter/facebook/etc. as either technical or innovations). Had they just added a
few bytes to the IPv4 address range, and kept everything else the same, by now the
new protocol would likely be in universal use, but instead they had to make it
complicated and incompatible, and as a result unreliable, insecure and (still)
poorly supported.

(Nurse, the meds, stat!)

--
Ian

"Tamahome!!!" - "Miaka!!!"

[Woody]

My PAP2T reregisters every 3600 seconds or one hour by default.

[Woody]

[snip]
The slowest that VM do now is 50Mb at a cost of £42/m - which is still
steep compared with most ISP broadband over CityFibre!

For the record they increase annually by RPI+3.9% against CPI+3.9% for
most other ISPs. Mine went up from £36 to £42 in July as RPI is usually
around 2-2.2% higher than CPI!!

[Brian Gaff]

I would imagine the overall system was catered for by the hardware, and
should be transparent to the system of software using it.
Brian

--

--:
This newsgroup posting comes to you directly from...
The Sofa of Brian Gaff...
bri...@blueyonder.co.uk
Blind user, so no pictures please
Note this Signature is meaningless.!
"The Natural Philosopher" <t...@invalid.invalid> wrote in message
news:u90d4d$nqdq$1...@dont-email.me...

> On 16/07/2023 10:22, David Wade wrote:
>> Folks,
>>
>> Just a quick question. I know many of the new Fibre suppliers use CGNAT
>> on their services. I also know this can cause issues with VOIP and SIP in
>> particular, as, for example A&A have a VPN service designed to get round
>> this issue.
>>
>> So, is this an issue in practice?
>>
>> Don't mobile networks also use CGNAT ? is this also an issue for mobile
>> apps?
>>
>> Dave
>

> I don't see why fibre would imply a move to CGNAT.
>
>

> --
> The theory of Communism may be summed up in one sentence: Abolish all
> private property.
>
> Karl Marx
>
>

[Andy Burns]

SH wrote:

> I dont think fibre networks actally use CG NAT, its just dynamically
> allocated IPs.
>

> Its the mobile phone networks that use CG NAT.

I'd think any ISP which has more customers than public IP addrs might
use CGNAT

[John Walliker]

Most ISPs now support IPv6 and around half the traffic to the more popular
web sites uses it. VoIP works perfectly well over IPv6 and there are so many
addresses that there is no excuse for any kind of NAT.
John

[Andy Burns]

John Walliker wrote:

> Andy Burns wrote:
>
>> I'd think any ISP which has more customers than public IP addrs might
>> use CGNAT
>
> Most ISPs now support IPv6

Plusnet are still dragging their feet ...

[Robin]

And VM with their mere 5m cable connections.
--
Robin
reply-to address is (intended to be) valid

[Andy Burns]

On 17/07/2023 15:42, Robin wrote:

> Andy Burns wrote:
>
>> John Walliker wrote:
>>
>>> Most ISPs now support IPv6
>>
>> Plusnet are still dragging their feet ...
>
> And VM with their mere 5m cable connections.

They're probably waiting until they can make their typo-squatting DNS
work with IPv6

[David Woolley]

On 16/07/2023 11:19, The Natural Philosopher wrote:
> You probably could. SIP works *behind* router NAT.

SIP wasn't designed to work behind NAT. There are various kludges in
SIP implementations to cope with it, and at least one in SIP itself.
Not setting up those kludges properly is the biggest reason for getting
one way, or no way audio, and calls that drop after 32 seconds.

The kludge in SIP itself is rport, which tells the other end to ignore
what it is being told about the initial signalling address, and just
reply to wherever the request appears to have come from.

The cleanest operation tends to happen when the user agents are either
told, or work out, what their public address is and send that in the
protocol.

Other old kludges, are pretending rport was used even when it was not,
ignoring contact headers and using the de facto signalling address, and
assuming media goes to where it comes from, rather than where the
signalling says it goes (only one side can use this tactic).

For WebRTC, there is ICE, which seems to be that the user agent makes
guesses as to the possible correct address for media, and the other side
tries them in turn, stopping if it finds one that works. That can
sometimes result in very slow starts.

[Tweed]

I wonder how the likes of WhatsApp/Teams/FaceTime work? They rarely seem
bothered by NAT.

[David Woolley]

On 28/07/2023 16:53, Tweed wrote:
> I wonder how the likes of WhatsApp/Teams/FaceTime work? They rarely seem
> bothered by NAT.

They are newer, and at least WhatsApp's protocol in not published.
However one of the ways they are made to work is by going through a
public server, which is, itself, not-natted.

I suspect, also, that ICE came from the tactics they used.

They were designed, from the start, to work with over a consumer
oriented web browsing service, whereas SIP was designed to work on the
internet.

[Tweed]

ICE?

[John Walliker]

It is a horrible mess. I support VoIP phones in half a dozen countries with
hundreds of numbers.
Some phones, such as the Gigaset cordless phones work remarkably well behind
NAT. Many others need a bit of help. This usually means setting up tunnels
so that the phone can have a public IP address (either IPv4 or IPv6).
I have found the A&A service to be more reliable than several alternatives that
I tried. I don't (yet) use it myself, but their low-cost L2TP tunnel service would
solve a lot of VoIP problems.
Many phones have L2TP tunnel support, although some are rather flaky and there
are firewalling issues to consider. I once accidentally left a VoIP phone open to
the internet and within a few hours there were multiple simultaneous calls to
eastern Europe. Fortunately, the A&A fraud detection algorithm spotted this and
shut down the number!
John

[Rod Speed]

Bullshit. I joined MyRepublic as soon as they started to get an FTTN
service and they have always used CGNAT and have always provided
a VOIP service which has always worked fine. I also had another VOIP
service with MyNetFone from before that and it continued to work fine,

MyRepublic chose to leave the country and sold their local operation
to SuperLoop which has always used CGNAT and their VOIP and
the MyNetFone VOIP continued to work fine over the CGNAT service.

Never had any setup problem with either of them, completely
automatic with both and the MyNetFone sevice was easy to
setup and use on the iphones too.

[The Natural Philosopher]

On 28/07/2023 16:53, Tweed wrote:

They are not peer to peer. A server of a known address is involved that
relays the calls.

The problem with NAT is that it allows outbound connections but makes
very little provision for inbound ones.

SIP worked flawlessly on my VOIP equipped router though, and works on
the new one too. They *are* the NAT, not behind it!

I suspect that is the way it will go, Phone ports in the router for
third party VOIP/SIP or in the fibre modem thingie for locked into
BT/ISP shit
There are boxes that will work inside NAT, and there are ways to accept
incoming connections behind NAT. PnP is one ghastly one.

As with things like ftp transfers in the early days, the router needs to
understand the protocol and accept incoming SYN packets and allow a
remote peer to set up a connection.

Or we all go IPV6 for voip and forget NAT


--
How fortunate for governments that the people they administer don't think.

Adolf Hitler

[Peeler]

On Sat, 29 Jul 2023 09:41:09 +1000, cantankerous trolling geezer Rodent
Speed, the auto-contradicting senile sociopath, blabbered, again:

<FLUSH the abnormal trolling senile cretin's latest trollshit unread>

--
Xeno addressing senile Rodent:
"You're a sad old man Rod, truly sad."
MID: <id04c3...@mid.individual.net>

[Andy Burns]

Tweed wrote:

> David Woolley wrote:
>
>> I suspect, also, that ICE came from the tactics they used.
>

> ICE?

<https://en.wikipedia.org/wiki/Interactive_Connectivity_Establishment>

I've never used it, but some SBCs I've installed offer it, either not
using NAT or using STUN has always worked for me.

[Theo]

I found this useful in understanding:
https://wayback.archive-it.org/20635/20230207091459/https://www.ietfjournal.org/interactive-connectivity-establishment/

Briefly, STUN asks a server on the internet to tell you what IP your packets
came from (roughly like https://whatismyipaddress.com/ but for machines).
Then you can embed that in your packets.

TURN acts as a proxy for your packets, so you send all your audio to the
TURN server and that forwards it. That's expensive.

ICE tries both STUN and TURN at the same time at each end and the sides
then negotiate over which method is best.

This does sound a little like the protocol Skype used in its original P2P
implementation, except that clients were also servers. A client would try
to decide if it was on the public internet and if so announce itself as a
'supernode', and non-internet clients would funnel their traffic through the
nearest supernode. This was a big headache for network managers who
suddenly found somebody running Skype on one of their machines would
suddenly generate a massive spike in traffic.

Theo

[Brian Gregory]

On 16/07/2023 14:11, The Natural Philosopher wrote:
> On 16/07/2023 13:26, Jeff Gaines wrote:
>> On 16/07/2023 in message <u90jop$ogqd$1...@dont-email.me> The Natural
>> Philosopher wrote:
>>
>>> On 16/07/2023 12:07, Jeff Gaines wrote:
>>>> On 16/07/2023 in message <u90flo$o11e$1...@dont-email.me> David Wade
>>>> wrote:
>>>>
>>>>> Its not the Fibre but the suppliers. They were late on the scene in
>>>>> IP terms and so don't have enough routable IPV4 addresses to give
>>>>> one to every user.
>>>>
>>>> What happened to IPV6? It's been here for years but nobody seems to
>>>> use it.
>>>>
>>> It's pretty horrible really.
>>
>> Isn't it just bigger numbers so a lot more available?
>>
> Yes, but no one uses it because no one uses it :-)
>

I use it, alongside IPv4. Quite a few of the UK ISPs will give you both
either by default, or if you ask. BT, Sky, Zen...

--
Brian Gregory (in England).

[Brian Gregory]

On 16/07/2023 11:14, David Wade wrote:

> On 16/07/2023 10:28, The Natural Philosopher wrote:
>> On 16/07/2023 10:22, David Wade wrote:
>>> Folks,
>>>

>>> Just a quick question. I know many of the new Fibre suppliers use
>>> CGNAT on their services. I also know this can cause issues with VOIP
>>> and SIP in particular, as, for example A&A have a VPN service
>>> designed to get round this issue.
>>>

>>> So, is this an issue in practice?
>>>
>>> Don't mobile networks also use CGNAT ? is this also an issue for
>>> mobile apps?
>>>
>>> Dave
>>

>> The issue with NAT is that it makes *incoming* opening of TCP/UDP
>> connections harder.
>>
>> Normally an outgoing app will have no issues.
>>
>> Incoming listeners have to register, and maybe keep registering, their
>> (translated) port/IP addresses with some centralised server.
>>
>> That's no different, however, between local NAT and CGNAT...
>>
>>
> SIP needs inbound connections.
> My router has SIP detection and opens and routes the ports as needed.
> I can't do that on the ISPs CGNAT

If the telco that provides you SIP knows what they are doing they will
set things up so that it works fine through NAT and CGNAT. Nearly all
customers are behind NAT now.

You have to set up your telephone or ATA to make an outgoing SIP
connection when powered on and send keep alive packets at intervals, but
it'd be unusual if you have equipment that can't do that.

[Brian Gregory]

On 16/07/2023 11:48, David Wade wrote:

> On 16/07/2023 11:19, The Natural Philosopher wrote:
>> On 16/07/2023 11:14, David Wade wrote:
>>> SIP needs inbound connections.
>>> My router has SIP detection and opens and routes the ports as needed.
>>> I can't do that on the ISPs CGNAT
>>

>> You probably could. SIP works *behind* router NAT.
>

> If thats the case why do A&A offer a VPN service specially to allow VOIP
> users to by-pass NAT?
>

Maybe there are still some daft SIP providers that refuse to use the
modified versions of SIP and RTP at their end which will work fine
through NAT?

Maybe some users of VoIP like to allow anyone who knows their IP address
to call them for free without involving any phone company?

[Brian Gregory]

On 16/07/2023 12:59, Marco Moock wrote:
> Am 16.07.2023 um 10:22:08 Uhr schrieb David Wade:
>

>> Just a quick question. I know many of the new Fibre suppliers use
>> CGNAT on their services. I also know this can cause issues with VOIP
>> and SIP in particular, as, for example A&A have a VPN service
>> designed to get round this issue.
>

> Use IPv6 for VoIP and you don't need to care.
> CGNAT makes incoming calls with VoIP mostly impossible.
>

No it doesn't.
Most SIP telcos now accept SIP connection from any port (so NAT doesn't
matter) so you just need to make your equipment keep the SIP connection
to the telco open all the time it is powered on.