[governance] Why we need IPv6 and why you should care

Ian Peter ian.peter at ianpeter.com
Wed Feb 27 15:50:05 EST 2008


OK, so I can get clear about where we are at.

Thomas clarified (and Avri agreed) we won't get rid of NATs with IPv6. So
the architecture remains IPv4+NATs+IPv6+IPv6NATS+dualstack. (that's not
exactly what the founding fathers envisaged in the early 1990s when they
began working on this...)

The single solitary reason why we would introduce this architectural dilemma
is to obtain a larger address pool, because the current one might on current
usage patterns run out in a decade or so. Getting rid of the scourge of
NATs, although it was originally a large part of the justification for IPv6,
now has to be understood as an end to end pipe dream.
 
Other important statements from Thomas in later messages include

>When the free pool is exhausted, people will still be able to obtain
>addresses

>No one wants to go first, because the cost/benefit argument favors delay.

>We will only abandon IPv4 if the cost of maintaining it exceeds the cost of
>moving to IPv6.

>The reason IPv6 has not been deployed is entirely economic. A week to
non->existant business case.

(All of which I agree with, except the latter. There are substantial
technical issues in deployment currently as well)

Irrespective, these factors suggest there will be extreme difficulty, if not
impossibility, in rolling out IPv6. That's the reality we have to face.

But - and this is a serious question - if we are retaining NATs anyway, and
accept them as part of the architecture and use them efficiently, can't we
solve the address problem without IPv6?

Then there is mobility. Thomas wrote

> > > Consider a cell phone with an IP address (the model of all future
> > > devices...). Life sure would be a straightforward if "phone calls"
> > > simply consisted of the caller being able to initiate a direct
> > > connection to your cell phone. That simply doesn't work in a world
> > > full of NATs.

But as this discussion has continued, it seems that, NATs or not, IP won't
handle this vision in its current state anyway? IPv6 may enable it by making
more numbers available providing we can figure the rest out, but in the
meantime if I move back and forth between IPv4 and IPv6 networks (as one
might in a coexistence situation) isn't the situation vastly more complex
than it is now for routing? Doesn't IPv4/Ipv6 co-existence make mobility
more difficult?




Ian Peter
Ian Peter and Associates Pty Ltd
PO Box 10670 Adelaide St  Brisbane 4000
Australia
Tel (+614) 1966 7772 or (+612) 6687 0773
www.ianpeter.com
www.internetmark2.org
www.nethistory.info
 

> -----Original Message-----
> From: Thomas Narten [mailto:narten at us.ibm.com]
> Sent: 27 February 2008 14:15
> To: governance at lists.cpsr.org; Ian Peter
> Subject: Re: [governance] Why we need IPv6 and why you should care
> 
> "Ian Peter" <ian.peter at ianpeter.com> writes:
> 
> > My understanding is that the major deployment of NATs is with corporate
> > networks and government networks. Am I right?
> 
> Depends on how you count. In sheer numbers, it's probably home users.
> 
> Probably 90+% of all home users are behind a NAT box. In the US
> home/office market (characterized by cheap -- under $50 -- "routers")
> they all perform NAT. Indeed, they are arguably not even proper
> routers, because the NAT functionality is integral and *cannot* be
> disabled. When I last looked (a few years back), I couldn't find an
> off-the-shelf (cheap) router in which I could disable NAT. In talking
> to others, this is the norm.
> 
> Bottom line: everyone is using NATs. Home users, small businesses, and
> major enterprises.
> 
> > And isn't the capacity to ensure that you cannot make a direct
> > connection from Internet to any one of hundreds of thousands of
> > computers in corporate networks fundamental to network security as
> > currently practiced? In other words, aren't they going to want to
> > have NATs for network security, IPv6 or no IPv6? So won't NATs just
> > live on?
> 
> You just demonstrated how much of an uphill battle it will be to
> change the NAT mindset. People have been sold on the idea that NATs
> provide security (which has to be good, right?). And yes, they do. But
> that is because they have a built-in firewall. It is the firewall that
> provides the security. You don't need the NAT functionality to get the
> security part...
> 
> Well, it is also true that if you put your computer in a locked room
> and make the doors one-way exits only, you also get security. And NATs
> in a sense do that, because they only allow outgoing connections (by
> design), so it's not really possible to allow inbound connections ---
> whether hostile or friendly.
> 
> With a proper firewall, you can configure the security. That is, you
> can select wich incoming connections to allow (i.e., those from safe
> protocols/applications), while disallowing others. You have a choice.
> 
> With NAT, there is only one setting: disallow all incoming traffic.
> 
> > > Consider a cell phone with an IP address (the model of all future
> > > devices...). Life sure would be a straightforward if "phone calls"
> > > simply consisted of the caller being able to initiate a direct
> > > connection to your cell phone. That simply doesn't work in a world
> > > full of NATs.
> 
> > But does it work anyway within IPv6, which, like its predecessor, was
> not
> > designed for mobility? Isn't one of the unresolved technical issues with
> > IPv6 mobility
> 
> It is just as resolved (or unresolved) in IPv4 as in IPv6, in some
> sense. So I am not sure what this means or if this is (again) supposed
> to suggest that IPv6 is not yet finished and more needs to be done.
> 
> IPv6 provides an enlarged address space. That is the key benefit.
> 
> It doesn't solve a range of other problems that people wish it would
> solve.
> 
> > and multihoming? Doesn't multihoming mean that if I change away from
> > my home base (as one tends to do with a mobile phone) the IPv6
> > address will have to change, i.e when a node changes its point of
> > attachment to the Internet, its address becomes topologically
> > incorrect? I understood that the change of the point of attachment
> > is still problematic?
> 
> Multhoming is just as problematic in IPv6 as it is in IPv4.  In other
> words, there is no magic solution here. People often wish IPv6 solved
> this problem better than IPv4 does, but wishing doesn't make it so.
> 
> One of the big frustrations with IPv6 for many is that it doesn't
> solve a whole lot of problems that would have been nice to solve. But
> it turns out that many of those problems are fundamentally hard to
> solve, and its simply not as simple as saying "since we have to
> upgrade to IPv6 anyway, let's fix a bunch of other things too". IPv6
> has "fixed" some of the easy things that we know how to fix. For the
> more substantative problems (like multihoming or a better mobility)
> people are still figuring out how best to solve those problems.
> Solutions simply aren't on the table today.
> 
> Thomas
> ____________________________________________________________
> You received this message as a subscriber on the list:
>      governance at lists.cpsr.org
> To be removed from the list, send any message to:
>      governance-unsubscribe at lists.cpsr.org
> 
> For all list information and functions, see:
>      http://lists.cpsr.org/lists/info/governance
> 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.21.1/1299 - Release Date:
> 26/02/2008 09:08
> 

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.21.1/1299 - Release Date: 26/02/2008
09:08
 

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance



More information about the Governance mailing list