Just to confirm, I realize the above build has the commit ‘prevent joins from nodes behind NAT’, so does that mean when specifying --local-addr and --public-addr combined args to sn_node binary, that combination would or wouldn’t be supported for node operators even if folks have a manual NAT rule setup on their router?
For now, yes. We are just testing without those questions and hassles for now.
I figured that meant any joins need a unique public ip?
Granted NAT stuff is a big black hole of monsters to me.
If nodes behind NAT are rejected that means the node needs it’s own ip… how wrong am I?
!00% correct 
A first for everything 
Are we going to try this with public tests?
Seems participation will be low (good thing for now perhaps), but if NAT is causing problems, I am all for it.
I also believe this will be the case for most folks, who are behind a NAT at home, but this is all temporary, so all good.
I don’t have experience with Digital Ocean, but I tried today to setup a AWS EC2 instance for a safe node, and see if the ip addr outside of ‘loopback’ interface can show a public IP, but I was unable to do so. This included the ‘Auto Assign Public IP’ option as well as the ‘Elastic IP’ being configured, but it seems both these options allowed one to access the EC2 say via ssh from the client side using the public IP, but the internal network interface of EC2 instance still had a private IP. Maybe I missed something obvious in AWS land, but I was not able to get the safe node on AWS to join the recent testnet (resulting scenario seemed same as home).
Once NAT is supported again, down the line, I am interested in running a few simultaneous node scenarios using a few different public IPs (with NAT rules) from home, and see how the different nodes end up playing out, and co-mingle with other existing nodes that are considered healthy:
- Say a node with normal baseline conditions
- Say a node where 10ms of delay to every packet is added
- Say a node with 10ms of delay and 20ms of jitter to every packet
- Say a node where 1% of the network traffic transmitted is randomly dropped
Either way, lots to look forward to for next year with more incremental testnet iterations being released by Maidsafe team, 
.
What software do you plan to use for it? WANem?
I think that such tests should be made in centralized way first.
At least, nodes should be distributed over different physical locations.
It will allow to test various network conditions without learning of how to use simulators.
Another interesting software for making tests is Shadow.
However tests with Shadow will be completely isolated if I understand it correctly.
I was going to experiment with NetEm (part of IPRoute2 utilities) that allows you add delay, packet loss, jitter, duplication, etc when sending outbound packets from a specific network interface. I have never tried it before, but on initial glance, it seemed like it could work to setup the scenarios above using the CLI.
This is important. Tonight I had nodes on Hetzner from Nuremberg and Helsinki. Had the network remained healthy I would have added similar nodes in Hetzners other German datacentre in Falkenburg and in Ashburn VA USA. I have often wondered about the value of testing on DO nodes if they are all in the same datacentre, hell possibly even the same rack.
I once had a cunning failsafe strategy utterly defeated when it turned out the backup server went on fire along with the primary cos they were both in the same rack.
We are, it makes it a bit of a pita for some, but that nat traversal does add complexity and it’s nice to just avoid that for now. If we know everything else is solid then we can do NAT traversal (quic is moving that way) and make sure that is also solid. I expect NAT traversal will throw us some curve balls as it always does. Good to know those curve balls are NAT traversal and nothing else.
It’s passed beer o’clock and sailed through wine o’clock and am now at whiskey o’clock
Does minus the Nat mean the device that is acting as a node must be directly connected to the isp with its public ip being the actual ip? If that makes sense?
Wine, beer then whisky 
To be followed promptly with plenty of preemptive ibuprofen.
If you mix it all together you get the best of all worlds
On the 8th day God created the Merchant Navy because even the Royal Navy needs heroes!!
Mrs Southside came in with a bottle of Aldi’s cheap Speyside malt. Don’t knock it till you have tried it, said she. So we did.
I now have a premature major craving for a dod of shortie.
Ignore expensive imitations - Glen Marnoch* is perfectly OK
*I will pour a large one if anyone can find this Glen Marnoch place on a map.
You were promised wine, women and song…
You got rum, bum and concertina.
Happy to be corrected and my understanding improved.
The vast majority of us are assigned a single Public IP.
We use NAT routers, so all devices that connect to that router is behind NAT.
If you previously used --local-ip you are behind a NAT router.
You need to pay your ISP a premium to be assigned multiple Public IP’s.
As David says it is going to be a pita for many, but it it makes things more stable… lets go.
Well done
Thank you I will now pour a large one - shame you are so far away - you could watch e enjoying this 