The only problem here will be if you use private IP space in your internal network. Max Muster have 192.168.100.100, hmm? That will not be enogh for the new law starting at 01.01.2009.
Exporting the whole NAT table maybe help, but is more an abstract solution.
they have this regulations right now… we actually have to build some hotspots there, but we can not because I haven´t a good solution for this problem…
solution is simple and straigt forward, just use public IPs, thats it. We offer in Germany a tunnel connection to our central systems with an EoIP or L2TP tunnel, so our customers can get public ips thru that tunnel.
You are talking about Directive 2006/24/EC of the European Parliament and of the Council of 15 March 2006 on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks.
Article 1. Subject matter and scope:
This Directive aims to harmonise Member States’ provisions concerning the obligations of the providers of publicly available electronic communications services or of public communications networks with respect to the retention of certain data which are generated or processed by them, in order to ensure that the data are available for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law.
This Directive shall apply to traffic and location data on both legal entities and natural persons and to the related data necessary to identify the subscriber or registered user. It shall not apply to the content of electronic communications, including information consulted using an electronic communications network.
…
Article 5. Categories of data to be retained:
Member States shall ensure that the following categories of data are retained under this Directive (concerning Internet access, Internet e-mail and Internet telephony):
Data necessary to trace and identify the source of a communication:
(i) the user ID(s) allocated;
(ii) the user ID and telephone number allocated to any communication entering the public telephone network;
(iii) the name and address of the subscriber or registered user to whom an Internet Protocol (IP) address, user ID or telephone number was allocated at the time of the communication;
Data necessary to identify the destination of a communication:
(i) the user ID or telephone number of the intended recipient(s) of an Internet telephony call;
(ii) the name(s) and address(es) of the subscriber(s) or registered user(s) and user ID of the intended recipient of the communication;
Data necessary to identify the date, time and duration of a communication:
(i) the date and time of the log-in and log-off of the Internet access service, based on a certain time zone, together with the IP address, whether dynamic or static, allocated by the Internet access service provider to a communication, and the user ID of the subscriber or registered user;
(ii) the date and time of the log-in and log-off of the Internet e-mail service or Internet telephony service, based on a certain time zone;
Data necessary to identify the type of communication: the Internet service used;
Data necessary to identify users’ communication equipment or what purports to be their equipment:
(i) the calling telephone number for dial-up access;
(ii) the digital subscriber line (DSL) or other end point of the originator of the communication;
No data revealing the content of the communication may be retained pursuant to this Directive.
Article 6. Periods of retention
Member States shall ensure that the categories of data specified in Article 5 are retained for periods of not less than six months and not more than two years from the date of the communication.
So the question is… how to make MT NATed networks work according to this European Directive.
Counterquestion:
How can an ISP deliver services without giving public ip addresses to the customers? Where is the problem ro do that? How can you bring up real ISP services with a natted network?
IMHO, WISPs could have a basic subscription intended for users that do not need public IPs. Cheaper Internet access for those customers that just want to surf the web and read email. NAT is enought for that, those type of customers don’t care and do not know even what an IP is.
Normaly you don’t have to pay for IP Addresses, so where is the problem? It’s absolute easy to tunnel from a central datacenter public IP Adresses to a remote side using Mikrotik, so why do you want to use NAT and make 200 and more hitches in your brain and configuration to fulfil the Europeen law?
Lutz, you are right if public IP addresses were free or always available. It’d be a nonsense using NAT with all the tools MT has.
For example, there are still places here in Spain that the only option for WISPs is to bond some ADSL links. No public IP pools are available for ADSL, so the only thing you can do with them is NAT. Another example could be that the carrier sells public IP addresses to the WISP, so the final customer’s fee must be higher than those with NATed private IPs.
So IMHO some WISPs still need doing NAT… unless it was technically impossible to meet this new European law with NAT. Calea is the clue?
For example, there are still places here in Spain that the only option for WISPs is to bond some ADSL links. No public IP pools are available for ADSL,
No problem to bring public IPs across your cheap ADSL lines. Just use 2 Mikrotiks (one behind your ADSL lines, one in a datacenter where you get public IPs) and tunnel them to your WISP network. Works great.
I think, that there are a lot of companys, like Hotels, Bars and such organisations all over the world, acting as WISPS, using a DSL-Line, with a NATed environment, having neither the money, nor the knowledge to implement official IP-tunnels.
just remember how IP and NAT works and what this this European Directive wants to have from the (W)ISP. So save all NAT informations with each change like a new seesion) in a 1:N NAT environment with hundreds of internal user, you will have fun with this.
Or configure a HotSpot- or e. g. PPPoE-Environment using public IPs and you get all you need in the stop records for each user. Thats it.
I think, that there are a lot of companys, like Hotels, Bars and such organisations all over the world, acting as WISPS, using a DSL-Line, with a NATed environment, having neither the money, nor the knowledge to implement official IP-tunnels.
