> [snip] > Examples: > > - Using different source IP ranges in CGNat for ‘web’ traffic vs ’non-web’ > (i.e. port 80/443 vs all other ports) - this can break local IP discovery for > peer-to-peer stuff if it relies on a ‘web’ port for an API endpoint
Even more annoying than basic CGNAT, and doesn’t really benefit the ISP. > > - Using any form of NAT / packet translation with IPv6 (not including nat64 / > other v4 transition related) Pointless, annoying, unacceptable. > > - Dropping non-TCP/UDP/ICMP protocols (outside of CGNat) - such as ‘raw’ > IPSec ESP / AH without UDP encapsulation, or SCTP Completely unacceptable. > - TCP MSS - MSS Clamping all connections May be necessary in limited circumstances. Best avoided if possible. > > - TCP MSS - MSS Clamping, but you instead (accidentally?) set MSS to your > desired value even if it was lower before That’s just dumb. > > - Other TCP options - Dropping syn packets with invalid/unknown options Annoying and probably ill-advised. > - TCP connection interception - Network operator terminates TCP session from > user and then establishes a new one with the original destination. All TCP > options, sequence numbers, .. are lost in this translation I don’t know what you would call this form of proxy, but it’s not internet service. > > - Related to above - Network accepts TCP connection which it will intercept > (sends SYN/ACK to user) before it confirms that the destination is reachable A particularly ill-advised version of the above. > > - Dropping/resetting port 80 sessions that don't ‘look like’ HTTP Unacceptable. > > - Dropping/resetting port 443 sessions that don't ‘look like’ TLS Unacceptable > > - Redirecting port 53 DNS queries to ISP’s own servers, regardless of > destination IP Unacceptable > > - HTTP header injection into port 80 HTTP traffic (i.e. for user tracking) Unacceptable > > - HTTP content injection into port 80 HTTP traffic (i.e. replacing ads, > adding dialogs, …) (and not blanket redirection for non-payment) Unacceptable Owen > > Thanks, > > Andrew ‘apalrd’ Palardy > www.apalrd.net > https://www.youtube.com/c/apalrdsadventures > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/JCNJISMBZQ3RBO5YJQKF6EU52T73A6B7/ _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/FHA4PZNNAWWFVKVC32UTPFFUMWPODMUB/
