Look at mister/missis fancy pants, bragging by his choice of providers to switch to!
Unfortunately, not much, but there is a workaround through a VPS.
Which is kind of neat and even can be considered an improvement: no need to deal with ISP firewall (who may be blocking you from hosting services even if you had public IP), no need to mess with buggy router (they all are garbage with few exceptions), no need to deal with other local restrictions (like DDOS protections on some storage appliances people are using), no need to deal with DDNS (most VPS providers offer public static IPs), and no need to change anything if you switch provider, move house, whatever. If there is any outbound internet connection – your node works. Which also allows to do failover through e.g. cellular. And better privacy – you don’t expose your home IP to half of the world.
I personally have my node connect through VPS (hosted in the same city, so extra latency is minimal), mostly to support LTE failover, because the tier of service I get from my provider is trash. (There is better tier – but 4x more expensive and 8x slower)
VPS would costs additional money. Usually you do not need it, if the one phone call is enough.
And, seems I’m this mister fancy pants too. Because I have had used the same argument against my ISP on that time, but they decided to ignore, so I did what’s I promised - switched to the other ISP within a one day.
Of course my ex-ISP is tried to bother me for the next few months giving me offers one better another, however I did not change my mind, I prefer to vote with my money.
I can’t recall when I made that comment. But yeah, I was probably bragging about my fantastic ISP. They increase the range of “services” without being asked and don’t charge more for it…
How does a node work within a VPS? Is the traffic routed through the VPS?
Yes, essentially you host a VPN endpoint, e.g. wireguard ona VPS, and through the magic of ip tables do a DNAT to your node on the other end of the tunnel.
The node (the container/jail/vm/etc) connects to the VPN endpoint first and then starts storagenode.
Clients get dns name resolvable to the VPS, and VPs forwards traffic to the node over the tunnel.
Storagenode sees all traffic coming from the wireguard counterpart, but otherwise everything else is the same.
In US many providers offer quite a generous free tier. I’m using Oracle, that provides 24GB 4-core ARM “always-free” instance and 10TB of monthly network bandwidth, also for free.
Others — offer fairly cheap base options, a few bucks, but I did not look deep enough.
And here I am, living in the Silicon Valley, but for some reason my neighborhood is not lucrative enough neither for Google fiber nor AT&T fiber. I only got access to Comcast cable, and 10Mbps DSL which is not really a contender here… in the past I paid for business tier of cable internet and it was rock solid. But way too expensive.
Yes, I know, that in USA not so much good providers, which was a surprise for me several years ago, while I have had an opportunity to chose from 2-5 ISPs on that time (20 years ago, oh my…) even in a small town in the South-West of Siberia. Only in the villages you have almost no choice except a crappy one half-government ISP or Sat modem or only GPRS (now EDGE/3G/4G).
If I can find a 10TB free VPS, I’m on it.
Anyway, let me brag about my legendary ISP. My nodes are back online. I was waiting too long for them to wipe the cgnat thingy when I thought that maybe my ISP router needs a reboot to acquire a brand new beloved public IP. I’m away from home, so, I called them and asked them to reboot the router. They did and voilá! The sun is shining on me again. The dark zerotier days are over… until next time…
I think I read somewhere that in Germany cgnat became mandatory…
I think this is generally a good idea. IPv4 addresses are a scarcity, and at the same time 99.9% of consumers don’t need to have a public IP. So it does make sense to CGNAT everyone, thus freeing up a pool of public IPs, that can then be issued to whoever needs them, with minimum fuss. It’s a win-win. This also somewhat increases security a tiny bit for most users - since now nobody can (easily) probe consumer devices.
It just needs to be a default. People who don’t care - won’t notice. People who do care — will ask for it.
But for existing customers I don’t think there is a better way than what they did — move everyone, and undo those who complained. I guess some communication beforehand would have been nice, to opt out before things break. Perhaps they did send an email to your spam folder?
They definitely didn’t.
Maybe they could also analyse a bit of usual traffic to know who can’t live without a public ip…
For example, my ISP is obligated by law to keep a record of all my DNS requests for a year. Once they would notice that I have never requested a DNS resolution, that’s a strong hint…
So, I think it wouldn’t be a best method to detect patterns. By the way, node’s pattern is look like p2p (because it’s), however, for example bittorrent can work on CGNAT node, but will be slow on uploads or sometimes cannot be a seed (if the ISP uses not cone NAT to implement CGNAT, see p2p - How NAT traversal works in case of peer to peer protocols like bittorrent. - Stack Overflow), unlike storagenode.
Why is it a contradiction? For sure, all the servers I connect to must know I requested to resolve their name. I just don’t want my ISP to keep a record of my requests.
But that is just one point. I do a lot of TB per month (not just storj). They coulf figure out I’m not always navigating. My computer and phone are always connected to a full traffic vpn to my home (again, no DNS records).
BT on cgnat is lame. I noticed it kept working, but too slow on uploads. eMule just stopped, couldn’t connect to a server, I don’t know why.
You just not aware, that anything you do in the internet, ALWAYS requests to DNS, unless you use exclusively IPs only.
So, this metric cannot be used to determine is you a “reader” or host a server.
But, they could determine are there incoming connections or not, it’s much easier.
However, I do not believe that they use any metric. They have a plan - to reduce a public IPs usage and they just apply CGNAT to everyone, and undo only for those who complains. Simple.
Even for bittoreent you can run it behind their CGNAT, because it’s a cone NAT in most cases, so you can reuse the open port to receive an incoming traffic (unfortunately not possible for Storj).
They also telling to the customers, that they applied a CGNAT FOR FREE!!!
It’s so a great privilege! For FREE! (We put you in the cage for free…)
Of course I’m aware. I run a DNS server on my router that redirects to a random Dnscrypt relay that forwards to a random Dnscrypt server. ISP router is not aware of traffic on port 53 in my network.
Until they put me in cgnat, ISP router was not aware of any mac address of my home devices (except my router mac, of course). (now, not anymore ).
I don’t see how… well, maybe for some connections, if they would keep a table of the connections I initiated…
).
