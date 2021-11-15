IPv4 addresses are now gone. The few available on the market are at a high price and if for consumers it is not a directly perceptible problem, for those who aspire to enter the connectivity market as a new Internet Service Provider it is a huge obstacle. Sky Wifi, a fixed connectivity operator active in Italy for about a year and a half now, has naturally developed its access network and its core network with an “IPv6 first” strategy, in order to create an infrastructure projected towards the future. and based on the most modern technologies and standards. But there remains the problem of ensuring compatibility with those devices that do not support IPv6 and of course access to all the services still “IPv4 only” available today on the Internet. In fact, we are in a transition situation where there are two Internet, one IPv4 version and one IPv6 version. Also due to the user base growing more than expected, now Sky Wifi introduces a new technique for sharing the few available IPv4 addresses among its customers. For the vast majority of users this is a completely transparent transition, but in some specific cases there are aspects that need to be taken into account, especially if you intend to use a proprietary router instead of the Sky Hub. Let’s see what exactly changes and for whom.

It’s all a question of NAT

Sky Wifi started activating its customers’ Sky Wifi Hubs a few weeks ago a new network protocol called MAP-T (Mapping Address and Port using Translation). It is an Internet standard (accepted by the Internet Engineering Task Force as RFC 7599) that implements a NAT (Network Address Translation) technique, a system that allows to make multiple devices communicate via the same IP address. A first level of NAT is the one applied for example by the home modem / router in the homes of end users. Typically the operator assigns a single IP address to the home router and this, in turn, creates a local subnet by assigning to the connected devices IP addresses that are valid only on the user’s LAN (the famous addresses of the type 192.168.xx for example ) and therefore are not directly usable externally. The simplest way to explain the operation to the less experienced is the example of a telephone switchboard of a large company: the telephone number to call to contact the company is only one, but there is a switchboard operator who is able to route each call to the correct extension number. In the company, the various offices can communicate with each other with numbers that only work with internal telephones, but every time they have to talk to someone outside they have to go through the switchboard. The firewall inside the home router is a bit like the switchboard operator and takes care of routing the IP packets coming and going to the internal devices by “translating” the external address into the correct internal address and vice versa.

Each IPv4 address will be shared among 16 users

The same thing happens on a larger scale within the network of the operator that has a limited number of public IPv4 addresses (i.e. visible to everyone on the Internet) and therefore does not have the possibility to assign a unique one to each user. Sky WiFi has created an entirely IPv6 network, a protocol that offers such a large number of addresses, that any device on a user’s local network can use a public IPv6 address. If a user’s device supports IPv6 and wishes to communicate with a server that is also connected in IPv6, the connection occurs natively in IPv6 throughout the network. The problem remains, however, for compatibility with IPv4. The solution is therefore to share each available IPv4 address with multiple users.

Sky Wifi has decided to share every single IPv4 address with 16 users via MAP-T, which means that each user will appear on the network with an IPv4 address equal to that of 15 other people. MAP-T is a NAT technology that allows the Sky Wifi Hub to transform the IPv4 packets sent by the user’s devices into IPv6 packets that can travel over the operator’s native IPv6 network to the provider’s interface with the public Internet, where they are translated back into IPv4. Of course, incoming IPv4 packets undergo the reverse process in order to always reach the correct terminal. This is done by creating a unique association between the IPv6 address of the user’s router and the set of the shared IPv4 address and a specific range of transport protocol ports (TCP for example) assigned through appropriate “translation” rules. to the individual user. Sky Wifi’s choice to use MAP-T is due to several reasons. First of all why MAP-T or rather the RFC that proposes it has been elevated by the IETF to the level of Internet standards. This solution also has the advantage of eliminating the complexities and disadvantages of a classic NAT, allowing you to make the most of the modern native IPv6 architecture of the Sky Wifi network.

When needed, the network will automatically assign a unique public IPv4 address

For the vast majority of applications, this technique involves no change for the end user, but since MAP-T relies on assigning a certain range of ports for each user sharing the IPv4 address with others, this potentially limits the number of usable ports and accessibility for those services that need to be visible outside the home network: think of a NAS that must be accessible from outside the home, for example, IoT devices or P2P services. For these cases, Sky Wifi has developed a system that allows, if necessary, to dynamically assign a unique public IPv4 address to the user’s Sky Wifi Hub, in practice by switching to a 1: 1 mapping..

Sky Wifi Hub supports the UPnP protocol for automatic opening of firewall ports by devices on the internal LAN (such as game consoles). By default it is deactivated and must be activated from the router web page. The devices that open the doors via UPnP will “trigger” the assignment of a public IP by Sky Wifi.

For this to happen, Sky Wifi has defined a series of “triggers” that trigger the assignment of a unique public IPv4 and no longer shared, based on how the Sky Wifi Hub is configured by the user. Events that trigger the transition from a 1:16 to 1: 1 sharing factor are:

door opening via UPnP protocol;

door openings through Port Forwarding;

door openings through Port Triggering;

configuration of a device on LAN in DMZ.

As you can understand from this list, essentially whenever the Sky Wifi Hub is set up to allow you to make a service running on a device inside your LAN visible to the outside, the network will automatically reconfigure the NAT for that user in order to assign a unique public address and therefore no longer shared. Of course, this is only valid for services that must necessarily operate in IPv4: native IPv6 services do not have these problems. When the network detects the “closing” of the ports and therefore the elimination of the need to use a public IPv4, the NAT 1:16 will be restored during the following night.

The Sky Wifi Hub supports the opening of firewall ports via both port triggering and port forwarding. In both cases, opening the doors leads to the automatic assignment of a public address.

The node of third party routers

The strategy implemented by Sky Wifi to address the shortage of IPv4 addresses should therefore not create disservices even for users who need to make their devices visible outside the network. Furthermore, Sky Wifi will give the possibility, through its customer support, to force the assignment of a public IPv4 for all those particular situations that could emerge in which the automation could create any disservices. As we have said, however, MAP-T foresees that the user’s router has an active role in the NAT mechanism, as it itself performs the “translation” from IPv4 to IPv6 and vice versa for the devices on the LAN. This also applies under a 1: 1 NAT regime when a public IPv4 is assigned. The Sky Wifi Hub has already clearly been updated to support the new protocol, but the vast majority of third-party routers do not yet support MAP-T at the moment. The node relating to the “free modem” opens. Sky has never made any secret of this in reality, and among the specifications and parameters reported on the Sky Wifi site for the use of a router other than the Sky Wifi Hub, compatibility with the MAP-T standard as NAT technology is correctly reported. . However, it is likely that those who are currently using a proprietary router are not aware of this technical aspect and could face compatibility problems.

Configuring a device in DMZ on your LAN also leads to the assignment of a public IP. For the use of third-party routers, a solution is to cascade it to the Sky Wifi Hub.

The first alternative, in the absence of a product already compatible with MAP-T, is that of use a router compatible with the OpenWrt distribution, the open source platform for modem / router that already supports MAP-T today. This is clearly an alternative for advanced users, which requires you to replace the firmware of your router and use a more versatile but also more complex software than that of a normal router.

The second alternative is to use the third-party router in cascade to the Sky Wifi Hub, which will now function as a bridge and will manage the MAP-T. A not optimal solution because it requires the use of two devices in cascade, but which allows you to continue using the router of your choice.