[arin-ppml] inevitability of NAT?
tedm at ipinc.net
Thu Feb 10 14:08:12 EST 2011
On 2/10/2011 9:21 AM, Frank Bulk wrote:
> CPE vendors have tight margins, so they're the first to cut costs and have a
> short-term view of things. They figure customers will replace their $30 to
> $150 hardware in 3 to 5 years.
> We would all wish CPE vendors had built and sold devices with 8 MB of flash
> and had software engineering groups to provide new code for 3-year old
> models that includes IPv6 support, but they haven't done it thus far and I'm
> not holding my breath to think that they will. And that's where DD-WRT has
> a role. If customer prefers to upgrade their router with DD-WRT code so
> that they have IPv6 without spending a dime, that's fine with me, but as a
> service provider I don't have the resources to support that.
As a service provider you can certainly put up an unsupported but
suggested config for an open-wrt or dd-wrt box. That is the normal way
that open source software is "supported"
As for doing the actual upgrade itself, (which admittedly for most
models can be a bit hairy to the general public who has not done it)
Ebay is full of routers that are being sold with open-wrt or dd-wrt on
them. The usual practice is for the seller to advertise a new router
with a markup on it, then when someone buys it, the seller goes to the
store, buys the router, flashes it, and ships it off. A guy can make a
nice bit of money on the side doing that if he sold enough of them.
A new CPE that had IPv6 support in it would cost the customer at least
$60-$100, so there is a market for a guy operating out of his house,
advertising on craigslist, to charge $30-$40 to come over to the
customers house, upgrade their existing router, and set them up with
IPv6 once their ISP of choice starts offering it. But to get those guys
to appear as a service provider your going to have to have that
"suggested but unsupported" config available, since that shows that you
have at least tested with it. That is another reason Comcast did the
Sourceforge distribution of a modded linksys 160NL load.
The point of the post was to indicate that full IPv6 support has always
been an option for CPE vendors, because many of them have already sold
(in the past) or are selling today, CPE's that have enough storage. The
only thing that has prevented it is the CPE vendors haven't wanted to
include additional functionality like IPv6, probably because every time
you add more knobs to something it increases support costs. It is not
because their products aren't technically possible to do it, since most
of them have models that it IS technically possible to do it with.
> -----Original Message-----
> From: Ted Mittelstaedt [mailto:tedm at ipinc.net]
> Sent: Thursday, February 10, 2011 3:36 AM
> To: frnkblk at iname.com
> Cc: 'Mark Andrews'; arin-ppml at arin.net
> Subject: Re: [arin-ppml] inevitability of NAT?
> On 2/8/2011 6:43 PM, Frank Bulk wrote:
>> The hardware came before the implementation of IPv6 support.
> wrong. Most small CPE's are built on Linux and that has IPv6 support
> for many years.
> They tried to
>> fit in existing hardware, but it didn't work.
> Not true. Quite a lot of existing hardware will fit it. And some
> existing hardware can be modified very simply to fit it - for example:
> Netgear WGR614 v9 - user soldered on a jtag, and replaced dram chip and
> is going to be doing the flash chip - that was last week. There is
> absolutely no need to redesign the entire thing.
> that one is a ram update. Or
> wrt54g v8 with 2MB flash, was upgraded to 8MB flash by the user.
> I repeat, NO NEED FOR REDESIGNS!!!
> Future hardware revisions of
>> some models will include expanded storage, allowing for SPI support.
> It is a lot more accurate to say that future hardware revs will
> NOT ship with limited flash. The real truth though is in the CPE market
> there have always been versions that had adequate storage.
> What happened in the CPE market was the
> earlier CPE's had more flash. The later versions had less flash. But
> it has been known since 2008 that you cannot fit a full IPv6
> implementation into anything less than 8MB. However, you CAN fit an
> IPv6 implementation - WITH an IPv6 firewall - into 4MB if you give up
> dhcpv6. It's been done.
> The Comcast "IPv6 open-wrt reference implementation" which is a "full"
> IPv6 implementation on Sourceforge was built to run in 8MB of flash.
> This is an adequate amount of flash and will serve CPEs for some time.
> The Comcast load is, IMHO, intended for Comcast to be able to pressure
> it's CPE vendors to put in IPv6 so that they cannot make ridiculous
> excuses like they can't do it without making a super expensive CPE.
> Here is a list of common CPE models with 8MB of flash. Some are older
> and no longer shipping. Some are new and are currently shipping.
> D-link has both an older and a newer model with the required 8MB so they
> cannot make that excuse that they "tried" fitting it in. Baloney. They
> didn't try at all. They just put out a deficient IPv6 stack in a 4MB
> router, hoping nobody would notice.
> ALL of these can have special loads built that run a full IPv6 stack:
> WAPM- HP- AM 54G54
> WRT54GS (version 1 through 3.)
> WRT300N v1.1
> DIR-330 ver A1
> DIR-825 version B1 and B2
> US Robotics
>> I suspect that most consumer/SOHO router vendors are in the same
>> at D-Link.
> No, they are not. Most if not all have designs they have shipped or are
> shipping now that they can come out with newer flash versions that
> support IPv6 because they ALREADY HAVE the required amount of storage.
> And of their designs that they have shipping now that don't have
> adequate storage, it is simplicity to ship those with adequate storage,
> they just replace one flash chip part number with another - nothing else
> in the design needs to be changed.
>> We can complain about the past, but that won't change anything. Better to
>> make current and future purchasing decisions about what's out there -- I
>> -----Original Message-----
>> From: Mark Andrews [mailto:marka at isc.org]
>> Sent: Tuesday, February 08, 2011 7:31 PM
>> To: frnkblk at iname.com
>> Cc: 'Ted Mittelstaedt'; arin-ppml at arin.net
>> Subject: Re: [arin-ppml] inevitability of NAT?
>> In message<email@example.com>, "Frank Bulk"
>>> Due to device (storage) limitations D-Link wasn't able to put a firewall
>>> many of its IPv-6 capable releases for its different hardware models, but
>>> DIR-655 is supposed to support SPI.
>> Also IPv6 equipment should be capable of being put on the net without
>> a seperate firewall. If it isn't then the product really isn't fit
>> for the purpose it was designed for. Its been a hostile net for
>> the entire time IPv6 has existed and that should have been factored
>> into the design. A seperate firewall provides additional isolation
>> but shouldn't be needed.
>> Giving a device a ULA and not a public address if it doesn't need to
>> talk to the world will give you as much protection as a NAT gives.
>> Feature parity should also be there. I've got a Brother network
>> printer that has accept/deny filters for IPv4 but not for IPv6. I
>> don't know what they were thinking. IPv6 doesn't need accept/deny
>> filters but IPv6 does? It would have been less than a days work
>> to add them as they already have them working for IPv4. A bit more
>> for testing and documentation. At least I can set the IPv6 address
>> statically to a ULA.
More information about the ARIN-PPML