[arin-ppml] Stepping forward, opening my mouth and removing all doubt about

William Herrin bill at herrin.us
Thu Aug 28 10:12:24 EDT 2008


On Thu, Aug 28, 2008 at 1:07 AM, Ted Mittelstaedt <tedm at ipinc.net> wrote:
>> Is it your position that more than 10% of those users would
>> be inconvenienced by having an RFC 1918 address behind a NAT
>> box instead?
>
> No, however the issue is that with those large ISP's almost
> certainly a percentage of their customers are running some app
> that is dependent on a public IP.

My guess puts it at 3% to 5% but let's use 10% for our calculations
just to be on the safe side. That's the maximum number of folks choose
to use applications which either fail or function suboptimally when
behind a typical NAT firewall.


>  The large ISPs do not want
> to have to deal with the thousands of irate phone calls that
> would result out of their million+ customer base if they
> just arbitrairly switched people over to private IP numbers.
>
> Now, this does not mean that they couldn't do a gradual
> switchover, I agree.  But I don't agree that it is for
> us to force them to do it.

A liberalized transfer policy doesn't force anyone to do anything.
What it does do is enable an ISP to reap a benefit from making the
effort to use RFC 1918 addresses.


> BUT - the fact of the matter is that stateful inspection
> of packets through a firewall shouldn't require this icky
> disgusting rewriting of source IP addresses.  NAT is a
> transition technology and it has a lot more years left in
> it, but we cannot lose sight of the fact that it is a hack,
> despite our amazement that the elephant can actually dance.
> And you do not lay the foundations of a stable Internet
> on a hack.

Actually, that icky rewriting is a benefit from a network security
perspective. NAT has a tendency to fail closed while non-translating
firewalls have a tendency to fail open.

But that's beside the point. No one is extolling the merits of
ditching IPv6 in favor of a NAT-based Internet. What we are saying is
that it is essentially impossible to achieve sufficiently ubiquitous
IPv6 deployment in the next 3 years as to allow IPv6-only deployments
to customers. Ain't gonna happen. Get past it and realize that however
fast or slow IPv6 is deployed, we're going to need an interim solution
so that until the long term solution is ubiquitously usable the folks
who -can't- engineer their systems to use NAT still have a viable way
to get IPv4 addresses.



> Your asking my generation to committ a terribly immoral act
> by making the very fabric of the Internet dependent on a cheap
> hack.

Providing a working interim solution between depletion of the IPv4
free pool and whatever long term solution comes next is an -immoral-
act? That is an astonishing claim.


On Thu, Aug 28, 2008 at 8:50 AM, Iljitsch van Beijnum
<iljitsch at muada.com> wrote:
> Making IPv4 tradable means that our trajectory towards the wall will change
> in ways that we can't predict.

We went through this pretty extensively last year. Control of IPv4
addresses can be legitimately traded now using The Ruse and The
Container Sale. No one is proposing that we suddenly make IPv4
tradable; for all practical purposes it already is. One point of a
liberalized transfer policy is to give ARIN better control over the
trading process so that the community can avoid the more egregious
abuses (like heavy disaggregation).

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004



More information about the ARIN-PPML mailing list