ARIN-PPML Message

[arin-ppml] inevitability of NAT?

On 2/6/2011 8:36 AM, Lee Howard wrote:
>
>
>> From: Benson Schliesser<bensons at queuefull.net>
>
>>
>> Sadly, because we've waited too long to grow IPv6 penetration to
>> the inflection point ("the moment that end users start accepting and
>> using  IPv6"), people will still need to deploy IPv4.  Vendors will
>> make money on  NATs.  And people will find ways to get addresses
>> - one way or  another.
>
> This is often asserted and generally accepted.  Is it true?
>

Today - yes.  Tomorrow - IMHO it is completely dependent on the
CPE vendors.

> Nobody wants NAT: ISPs, content providers, law enforcement,
> copyright holders, game console manufacturers, web advertisers,
> home gateway vendors,

agreed.

  and end users all have an interest in
> avoiding NAT.

wrong.  End users absolutely need inexpensive - and I'm talking $60 and
under - stateful packet inspection hardware firewalls.

So far the only devices that meet that criteria are NAT devices.

Even the few SOHO CPE's like the D-link and Cisco RVS4000 that
implement IPv6 do NOT include stateful packet inspection in their
CPE's on the IPv6 part of it.

>  Even NAT vendors are decorously sheepish in
> selling their products.  If everyone wants to avoid it, why are we
> stuck with it?
>

Because in the beginning none of those stakeholders that have
an interest against NAT nowadays were in play, many did not exist.
And the end users needed stateful packet inspection, address
portability, and an unconstrained source of addresses.  NAT
solved those problems.

What has IMHO changed is the coming into existence of stakeholders
who want to "reach into the consumers network"  Groups like
law enforcement, copyright digital rights management people,
advertisers, and so on would all love to gain "authorized"
access to consumers machines for their own purposes.

Today, EVEN IF a consumer WANTS a corporation like itunes to
contact one of their network devices in their homes, there is
no way they can click a box or whatever on their network device
to allow this - other than having a program on that device
initiate contact to the stakeholder.  And that kind of
architecture is not scalable because the stakeholder cannot
schedule the incoming contacts.

The irony of it is that once the CPE market matures and we
have many products including IPv6, the consumers will be demanding
them to have firewalling.

As an admin of an ISP I would never deploy IPv6 to my "ma
and pa kettle" customers until a CPE existed that included
firewalling on the IPv6 side out of the box.  The reason is
that if I did then within hours Ma and Pa Kettle's peecee's
would be cracked into and they would be on the phone with
me, costing me precious support dollars, wanting to know why
their peecee was running so slow.

So I do not see that the stakeholders you mentioned - law
enforcement, the DRM crowd, etc. - are going to be any better
off under IPv6.  They still won't have a defined way of
getting at consumer network devices.

> 1.  ISPs aren't ready for IPv6.  This belief is rapidly being
> overtaken by events--most ISPs will have broad IPv6 this year.
> 2.  Content isn't ready for IPv6.  This belief is rapidly being
> overtaken by events.  World IPv6 Day is a test-drive of content,
> which should go a long way toward eliminating barriers.
> 3.  Home gateways aren't ready for IPv6.  This belief is
> slowly being overtaken by events.  All home gateway makers
> are developing IPv6, and industry is doing better as telling them
> what needs to be fixed.  However, it may still be true that all
> home gateways sold before ARIN runout have to be replaced.

Well, all of those were sold to customers who were connecting in
with IPv4 so they only would need to be replaced if those
customers's ISP's wanted to retract the IPv4 originally assigned
to them.

> 4.  Consumer electronics aren't ready for IPv6.  This is widely
> true, although more embedded OSs are becoming IPv6-capable.
> Most web-capable devices will be capable of simple firmware
> or OS updates.  Untraditional networked devices (like
> entertainment systems) are in trouble.
>

I would tend to disagree with that last, because it is mandatory
that anything that plays a Blue Ray disk be easily updatable
by the consumer, because the blue Ray standard permits future
modification of the encryption algorithms.

Blu Ray players that become orphaned because their manufacturers go out 
of business or whatever, they will be unable to play newer disks 
eventually and will have to be scrapped.

And there are very few entertainment systems that are IPv4
networkable that AREN'T blue-ray players.  There's some game consoles 
but those will be obsoleted long before this is a problem because 
frequent obsolescence of game consoles is part of any game console 
manufacturer's business plan.  And there are some HD TV sets that can do 
netflix that may have a problem.

> How do we improve IPv6 uptake in these categories?
>

Well, if you could get NetFlix to mandate IPv6 in any hardware
device that is sold to stream Netflix that would be a big help.
If you could get them to do that now it would be great since
that would force Roku and the TV set makers who added support
for that into their products to release firmware updates now,
before those products get too old that those companies can
skank out of providing updates.

> If all of a household's devices speak IPv6, and the ISP provides
> IPv6, and all of the content the household accesses is available
> over IPv6 (including NAT64), that household no longer needs
> IPv4.
>
> What would it take for the number of households in that state
> to increase faster than new Internet activations?  Think big--
> there are a lot of stakeholders whose interests align against
> NAT.
>

If there was some way to get the content providers who are
now providing television over the Internet to require IPv6
for higher resolution streaming you would have it in the bag.

Netflix has done some work in this area and they say now for 1080p at 60 
fps the end user needs at least 3MB of bandwidth.  Few users are at this 
level since Netflix also charges an additional fee for HD streaming.

But it is inevitable that as TV broadcasting moves to the Internet that 
demand will grow for them to stream shows at the full 1080p.  If what 
your saying about advertisers wanting to get rid of NAT is true, then 
the broadcasting industry should come out with an Internet broadcasting 
standard that would specify IPv6 and no-NAT and UPnP for 1080p streaming.

I would propose that ARIN write a "best practices" RFC that says just that.

Ted

> Lee
>
>
>