[governance] Why we need IPv6 and why you should care

[Thomas Narten]

Getting IPv6 deployed should be of great interest to this
community. The consequences of NOT deploying IPv6 will be large, and
from a public policy perspective, overwhelmingly negative.

Will IPv6 deployment be cost free? Or easy? Certainly not. No new
service roll out comes easy or without cost.

That said, do not confuse this with "IPv6 is undeployable" or "IPv6
doesn't work", or "after ten years of promises, it's clear that IPv6
won't happen", etc., etc., as some seem prone to saying.

And also be skeptical about sound bite quotes taken out of context, or
made by folk who do not themselves have experience/expertise with
IPv6.

But make no mistake. What is at stake is the future of the Internet as
we know it, and all the benefits it has brought us. Really!

Consider IPv4 today. Rather amazing what it has created/enabled and
the applications and services that have been built on top of it. This
has been made possible by the simple service model IP creates, whereby
any machine can talk to any other machine. IP is an enabling
technology. That is its fundamental beauty and strength.

Today, the world consists largely of islands of "pure" IPv4
connectivity, with NATs in between. NATs mostly work pretty well, for
the simple (but limited) client/server model that is widely in use
today. In this simple (but also restrictive) model, pretty much
everything is accessed via a web browser. The key to all this is that
all communication is initiated by a (dumb) client browser, and all
services are accessed via HTTP from some web server that is out in the
Public Internet.

The trouble with NAT is that it only allows one to open connections in
one direction. I (at home) can initiate connections to the rest of the
Public Internet, but you cannot initiate a connection to me. This is a
fundamental restriction of NATs.

This simple client/server NAT model is quite limiting. It doesn't
permit you to (easily) set up a web (or any other) server at home and
have others access it. NATs won't let you do this (or at least, not
without significant limitations, not to mention that it takes a
serious techie to figure out how to configure things and make them
actually work - something the vast majority of users simply cannot
do).

Consider a cell phone with an IP address (the model of all future
devices...). Life sure would be a straightforward if "phone calls"
simply consisted of the caller being able to initiate a direct
connection to your cell phone. That simply doesn't work in a world
full of NATs. (And don't be fooled by skype -- they have developed a
lot of complexity to work around this problem -- complexity that has a
real cost).

As the IPv4 free pool reaches exhaustion, it will become increasingly
expensive to obtain public IPv4 address space. Whether it actually
comes to people buying addresses on eBay or not remains to be seen,
but as the free pool shrinks, the law of supply and demand will kick
in. Costs will inevitably go up. That almost certainly means people
will just use more private address space and increase the usage of
NATs.

Why is such a future undesireable? Consider:

 - NATs break a fundamental property of the original IP model. While
   one might say (and some do) that this is just a technical detail,
   it turns out to be subtly critical. There are entire classes of
   protocols that don't work properly in the presence of NATs and
   can't easily be deployed when NAT is present. Peer-to-peer
   applications come to mind (as one broad class).

 - today, there are already applications that don't work properly in
   the presence of NATs or have reliability problems (i.e., work
   intermittently). The sad thing is, people almost never realize that
   NAT is the cause of the problem. When they reboot their machine,
   things may start working again. So they conclude it was just
   another bug in Windows rather than understanding where the real
   problem lies.

 - With NATs, it simply won't be possible to deploy entire new (yet
   uninvented) classes of protocols and applications. If they don't
   work thorugh NAT, they simply won't be deployable (we are already
   there today, at the global Internet level). Today, NATs require
   special plugins that understand a handful of well-known protocols
   that normally wouldn't work through a NAT. To deploy a new
   (non-simple client/server) application, however, you have the
   classic chicken-and-egg problem of you can't deploy it without
   having an appropriate NAT plugin, and NAT vendors won't develop a
   plugin for an application that is not already widely deployed. Will
   the next Netscape/Google/eBay never happen because the next cool
   application simply can't be deployed?  Quite possibly. (Sadly, the
   larger public won't ever miss something they never imagined they
   could have.)

 - The Internet continues to grow exponentially. While we are
   (generally) today talking about one NAT between you and the rest of
   the world, the future will be multiple levels of NAT. The overall
   robustness and reliability of the Internet will decrease, precisely
   as we become increasingly/critically dependent on a rock-solid 24x7
   network infrastructure for just about everything.

 - Today, the vast majority of organizations do not deal with NAT
   internally. That will change. Different departments/divisions will
   be forced to add NATs (how else will you have address space to
   deploy tens of thousands of sensors in a building?), and services
   that used to work just fine within an organization will become
   problematical. Imagine having a NAT device between you and your
   accounting or HR department. There will be applications that stop
   working when this happens. Or only work if security is disabled,
   etc., etc.

The net of it is that the community has a basic choice before it:

   - Just continue with IPv4 and use more NATs. Costs will go up. It
     will be increasingly difficult to deploy new services. Lots of
     band aides, hacks and duct tape to make things work. Overall, the
     Internet becomes less robust and increasingly brittle.  No light
     at the end of the tunnel.

   - Start deploying IPv6. Where the use of IPv4/NATs becomes
     problematical, IPv6 offers a more workable/scalable (and lower
     cost) alternative. There is an actual light at the end of the
     tunnel. 

In both cases, costs will go up. There is no free lunch here. The
choice is whether to invest those costs up front in IPv6 (and have a
more viable long-term future) or just continue to patch IPv4 (at
increasing cost) with no end in site.

The reason IPv6 has not been widely deployed yet is simple
economics. People look at the bottom line and say "I don't see the
return on investment in the short term for deploying IPv6, and I don't
see a problem with IPv4/NATs".

For better or worse, the pain level of IPv4/NATs is simply not viewed
as significant. Hence, no urgency to deploy IPv6.

>From a public policy perspective, I find this rather depressing. We
have a classic tragedy of the commons here. Everyone makes local
decisions (to not deploy IPv6, since the short-term cost/benefit of
NAT is better, and the hard-to-quantify in $$ benefits of IPv6 are all
long term) to the detriment of the commons as a whole.

Thomas
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance