Telstra has revealed it has run out of IPv4 internet addresses, prompting warnings that its use of network addressing translation could impact the carrier’s ability to accurately collect customer metadata for the Government's proposed data retention scheme.
Carriers worldwide are being urged to move to the new IPv6 addressing system, which was created to overcome limitations to the quickly dwindling IPv4 address supply.
IPv6 can create a theoretically inexhaustible supply of addresses, but it is not interoperable with the older IPv4 protocol.
Telstra’s chief information security officer, Mike Burgess, last week revealed to iTnews that the carrier had run out of IPv4 address space, and was provisioning mobile services using carrier grade network address translation (CGNAT).
CGNAT is widely used to delay investment in IPv6 networks as it allows carriers to serve hundreds of devices behind IPv4 gateways, rather than assigning them an address from the virtually infinite pool of addresses available with the newer protocol.
Paul Brooks, vice president of the Internet Society of Australia (ISOC-AU), said CGNAT effectively anonymises customers behind the gateways, making it hard, if not impossible, to accurately determine the identity of persons of interests to law enforcement.
Brooks gave the example of Dutch police seeking help from Australian law enforcement to investigate an IP address known to be to accessing a child porn website.
The address, he explained, could be that of a CGNAT device serving hundreds of downstream users at the same time.
“Even if the timestamp that the [Dutch] police were able to give to the Australian police was accurate down to the millisecond … an ISP from its logs, without more information, can’t tell which one of up hundreds of potential customers was responsible for that session," Brooks said.
“If they knew the IP of the host being connected to then that would narrow the field down, but if it was a connection to a popular website, a post to Facebook for example, then you could almost guarantee that out of 150 or so sessions sharing that IP address, 10 to 15 were connecting to Facebook."
Brooks said CGNAT was widely used for mobile phone internet connections but less so for fixed line broadband services.
'No difference' to data retention
During a panel session at Cisco Live last week, Burgess said Telstra's use of CGNAT would make no difference to its ability to adhere to the requirements of the Government's proposed data retention scheme.
The scheme requires telcos and internet service providers to retain the so-called metadata of their customers for two years to assist law enforcement.
“Whether we use IPv4 addresses is irrelevant to data retention. We are confident we can comply with the requirements of the data retention bill,” Burgess told iTnews.
Telstra declined to provide further detail to Burgess' comments.