[arin-ppml] Why not NAT for Dorms (Was: Suggestion: charging for IPv4 space)

David Farmer farmer at umn.edu
Tue Oct 21 20:43:54 EDT 2008 

On 21 Oct 2008 Ted Mittelstaedt wrote:

> For myself I do not understand why all of these academic
> users keep throwing up examples of student dormotories
> that chew up vast blocks of IPv4.  Why does ANY student that
> is getting Internet connectivity for free from the college
> expect to get a public IPv4 number?

There are so many reasons, let me educate you on just a few;

1. Technical the definition I use for NAT (Network Address Translation) is a 
one to one internal to external address translator.  If I need one external 
IPv4 addresses for each internal IPv4 address where is the win?  I have 
more complexity and cost for almost no win, maybe a 10-20% reduction in 
number of IPv4 addresses used by eliminating subnet round up.

2. I think you really meant PAT (Port Address Translation) when you said 
NAT, so I need to support at least 10,000 users (this is only the Dorms too) 
with at least 250Mb of capacity, and at least 200,000 concurrent 
connections.  So lets say a Cisco ASA 5540 for discussion, $17,000 (list), 
need 2 for redundancy, so $34,000 (list), divide by 5 year life, and add 
$4,000 a year for Smartnet (list), comes out to about $10,000 a year for a 
PAT/NAT. a /18 is with 16K addresses is only $4500 a year.  So explain to 
me how it is cheeper?  Even with a 50% discount from Cisco it is only 
breaks even, and I have included any operation expenses yet, other than 
Smartnet.
 
3. Putting all 10,000 users behind a single address or even some small 
number of addresses just concentrates the effect of DOS attacks, which 
happen every day.

4. Putting all the users behind a single address or even some small number 
of addresses means I have to track session info to keep the RIAA and 
MPAA happy, that's several servers and a bunch of disk not in the number 
above.  By using real IPs the RIAA and MPAA have to do the real work.  
And if you don't think we should have to do this at all then tell congress that 
because they are making our federal dollars contingent on it.

http://net.educause.edu/ir/library/pdf/epo0815.pdf

But that is a whole other story;

5. Competition - If students move out of the dorms to get real IPs from 
Comcast so all there games and other stuff work then we get a bad 
reputation.  Students actually take into account the wiredness of a school 
when selecting where to go now.  That's at least as good as of a reason to 
consider than if we are party school or not, dude!!

6. Why should Comcast users expect a real IP address from Comcast?  It is 
really the same questions.

I'll stop here, but I could keep going on and on...


=======================================================
David Farmer				     Email:	farmer at umn.edu
Office of Information Technology
Networking & Telecomunication Services
University of Minnesota			     Phone:	612-626-0815
2218 University Ave SE			     Cell:		612-812-9952
Minneapolis, MN 55414-3029		     FAX:	612-626-1818
=======================================================

More information about the ARIN-PPML mailing list