North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)

  • From: Mark Newton
  • Date: Tue Oct 02 11:31:06 2007

On Tue, Oct 02, 2007 at 10:35:11PM +1300, Perry Lorier wrote:

 > > What has happened?  Well, application protocols have evolved to 
 > > accommodate NAT weirdness (e.g., SIP NAT discovery), and NATs have
 > > undergone incremental improvements, and almost no end-users care about
 > > NATs.  As long as they can use the Google, BitTorrent and Skype, most
 > > moms and dads neither know nor care about any technical impediments
 > > NATs erect between them and their enjoyment of the Internet.
  [ ... ]
 > While NAT traversal for TCP is theoretically possible, it relies on
 > rarely used features of TCP (Simultaneous open) and good timing, both of
 > which are likely to cause issues. 

You're talking about inbound (from the Internet to the client) traversal,
right?  Because outbound is trivial :-)

 > I've never heard of a successful real
 > world application successfully doing this. (Feel free to educate me if
 > you know of a realworld application in common use that does do TCP NAT
 > traversal and has it work a significant amount of the time).

By focussing on the mechanics of inbound NAT traversal, you're
ignoring the fact that applications work regardless.  Web, VoIP,
P2P utilities, games, IM, Google Earth, you name it, it works.

On the ADSL network my employer operates, the number of customers who
use NAT (because it's enabled by default on their CPE and they don't
know or care enough to turn it off) is somewhere north of 95%.  The
Internet works.  Nobody cares about NAT.

Yes, it means that some classes of protocol (which rely on full
P2P visibility) don't happen;  But they aren't going to happen
_anyway_, because NAT or no NAT firewalls remain a reality, and
inbound firewall traversal is every bit as problematic as inbound
NAT traversal.

Like it or not, we don't really have a peer-to-peer Internet anymore.
Not like we used to in the good ol' days when everyone had a globally
routed IP address and nobody used firewalls.

 > NAT is hurting applications today, and applications aren't getting
 > deployed (or even written) because of problems NAT causes.

Meanwhile, IPv6 advocates who don't like NAT are hurting IPv6 deployment
today by waving their arms in the air and bitching about NAT.  That
makes life difficult, because their advocacy is removing tools 
(such as NAT-PT) which we could use to facilitate and hasten an
IPv6 rollout.

Throughout IPv6's history, and IPng's history before that, lots
of disparate problem domains have been bundled together as things
that the new protocol _must_ solve.  

IPv6 solves the 32-bit-address-space-is-too-small problem.
That's all it does. 

So we've been able to run IPv6 for years, except IPv6 is also supposed
to solve the bgp-table-is-too-big problem by (until recently) banning
PI address space by non-ISPs and focussing attention on vaporware like
SHIM6, so non-ISPs have yawned instead of deploying it;

and IPv6 is also supposed to solve the security problem, so years
were wasted defining mandatory IPSEC which isn't really mandatory;

and IPv6 is also supposed to solve the mobility problem, so more
years were wasted working out option headers and all measure of 
other crap needed to support mobile-IPv6;

Now IPv6 is supposed to solve the we-want-a-p2p-internet-all-over-again
problem by making NAT go away, and anti-NAT purists have spent 
their energy having NAT proposals for v6 written out of the standards,
and oppose various deployment scenarios by saying, "You can't possibly
do that beacuse you'll (re)break end-to-end, and that isn't allowed
in an IPv6 universe!"

While all this dicking around has been happening, the vendors have
been cooling their heels waiting for sufficient amounts of consensus
to make it worth their while to release the mass-market CPE with v6 
support that we'll need to drive mass-market adoption of the new 
protocol.  Protocol purists hold the whole process to ransom with
their aesthetic sensibilities, and every year of delay is another
year that'll pass before grandma can go down to Frys and buy a DLink 
ADSL modem with IPv6 support.  And until grandma has a native IPv6
IP address, all the table-thumping in the world about end-to-end
reachability ain't worth beans.

In a _rational_ world, we would have said, "We have a pressing
problem, that of v4 exhaustion, so lets build a protocol that 
solves that, and maybe after we've passed that speed-bump we can
fit mobility, security, end-to-end visibility, routing table
controls, etc into the new framework."

So, a reality check:

IPv6 will happen.  Eventually.  And it'll have deficiencies which
some believe are "severe", just like the IPv4 Internet.  Such as
NAT.  Deal with it.

Throughout its history, the Internet has advanced by applying
less-than-optimal solutions to the most pressing problems of the
time, then going back and fixing it later when the heat has died
down if the suboptimal solutions create their own new problems.  If
you believe that v4 exhaustion is a pressing problem, then I'd
humbly suggest that 2007 is a good time to shut the hell up about
how bad NAT is and get on with fixing the most pressing problem. 
If we're successful, there'll be plenty of time to go back and
re-evaluate NAT afterwards when IPv6 exhaustion is a distant memory.

  - mark

Mark Newton                               Email:  [email protected] (W)
Network Engineer                          Email:  [email protected]  (H)
Internode Systems Pty Ltd                 Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223