ARIN-PPML Message

[arin-ppml] inevitability of NAT?

On 2/8/2011 6:43 PM, Frank Bulk wrote:
> Mark:
>
> The hardware came before the implementation of IPv6 support.

wrong.  Most small CPE's are built on Linux and that has IPv6 support 
for many years.

   They tried to
> fit in existing hardware, but it didn't work.

Not true.  Quite a lot of existing hardware will fit it.  And some
existing hardware can be modified very simply to fit it - for example:

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=530360

Netgear WGR614 v9 - user soldered on a jtag, and replaced dram chip and
is going to be doing the flash chip - that was last week.  There is
absolutely no need to redesign the entire thing.

or

http://www.neophob.com/2006/01/wrt54g-ram-upgrade/

that one is a ram update.  Or

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=43386&postdays=0&postorder=asc&start=0

wrt54g v8 with 2MB flash, was upgraded to 8MB flash by the user.


I repeat, NO NEED FOR REDESIGNS!!!

   Future hardware revisions of
> some models will include expanded storage, allowing for SPI support.
>

It is a lot more accurate to say that future hardware revs will
NOT ship with limited flash.  The real truth though is in the CPE market 
there have always been versions that had adequate storage.

What happened in the CPE market was the
earlier CPE's had more flash.  The later versions had less flash.  But 
it has been known since 2008 that you cannot fit a full IPv6 
implementation into anything less than 8MB.  However, you CAN fit an 
IPv6 implementation - WITH an IPv6 firewall - into 4MB if you give up 
dhcpv6.  It's been done.

The Comcast "IPv6 open-wrt reference implementation" which is a "full" 
IPv6 implementation on Sourceforge was built to run in 8MB of flash. 
This is an adequate amount of flash and will serve CPEs for some time. 
The Comcast load is, IMHO, intended for Comcast to be able to pressure 
it's CPE vendors to put in IPv6 so that they cannot make ridiculous 
excuses like they can't do it without making a super expensive CPE.

Here is a list of common CPE models with 8MB of flash.  Some are older 
and no longer shipping.  Some are new and are currently shipping. 
D-link has both an older and a newer model with the required 8MB so they 
cannot make that excuse that they "tried" fitting it in.  Baloney.  They 
didn't try at all.  They just put out a deficient IPv6 stack in a 4MB 
router, hoping nobody would notice.

ALL of these can have special loads built that run a full IPv6 stack:

Accton

MR3201A

ActionTec

MI424WR

ASUS

RT-N16
WL-500gP
WL-500W

Buffalo

WAPM- HP- AM 54G54
WZR-HP-G300NH
WZR-HP-G301NH
WZR-RS-G54

Cisco/Linksys

WRT54G-RG
WRT54GS (version 1 through 3.)
WRTSL54GS
E2000
E2100L
E3000
WRT160NL
WRT300N v1.1
WRT320N
WRT350N
WRT400N
WRT600N
WRT610N

D-link:

DIR-330 ver A1
DIR-825 version B1 and B2

Netgear

WNDR3700
WNDR3500L

US Robotics

USR5453


> I suspect that most consumer/SOHO router vendors are in the same predicament
> at D-Link.
>

No, they are not.  Most if not all have designs they have shipped or are
shipping now that they can come out with newer flash versions that 
support IPv6 because they ALREADY HAVE the required amount of storage.

And of their designs that they have shipping now that don't have
adequate storage, it is simplicity to ship those with adequate storage,
they just replace one flash chip part number with another - nothing else 
in the design needs to be changed.

Ted

> We can complain about the past, but that won't change anything.  Better to
> make current and future purchasing decisions about what's out there -- I am.
>
> Frank
>
> -----Original Message-----
> From: Mark Andrews [mailto:marka at isc.org]
> Sent: Tuesday, February 08, 2011 7:31 PM
> To: frnkblk at iname.com
> Cc: 'Ted Mittelstaedt'; arin-ppml at arin.net
> Subject: Re: [arin-ppml] inevitability of NAT?
>
>
> In message<014d01cbc7cc$226f81e0$674e85a0$@iname.com>, "Frank Bulk" writes:
>> Due to device (storage) limitations D-Link wasn't able to put a firewall
> in
>> many of its IPv-6 capable releases for its different hardware models, but
>> DIR-655 is supposed to support SPI.
>>
>> Frank
>
> Also IPv6 equipment should be capable of being put on the net without
> a seperate firewall.  If it isn't then the product really isn't fit
> for the purpose it was designed for.  Its been a hostile net for
> the entire time IPv6 has existed and that should have been factored
> into the design.  A seperate firewall provides additional isolation
> but shouldn't be needed.
>
> Giving a device a ULA and not a public address if it doesn't need to
> talk to the world will give you as much protection as a NAT gives.
>
> Feature parity should also be there.  I've got a Brother network
> printer that has accept/deny filters for IPv4 but not for IPv6.  I
> don't know what they were thinking.  IPv6 doesn't need accept/deny
> filters but IPv6 does?  It would have been less than a days work
> to add them as they already have them working for IPv4.  A bit more
> for testing and documentation.  At least I can set the IPv6 address
> statically to a ULA.
>
> Mark