[arin-ppml] Just a reminder of some quick mathematicsfor IPv4that shows the long term impossibility of it

Mark Smith ipng at 69706e6720323030352d30312d31340a.nosense.org
Mon May 16 18:41:55 EDT 2011 

On Mon, 16 May 2011 11:28:57 -0400
Chris Engel <cengel at conxeo.com> wrote:

> 
> > >>
> > >>> In fact, the era of end-to-end for the Internet was the limited
> > >>> timeframe between popular acceptance and NAT.
> > >>
> > >> Wrong because most people back then dialed in with a modem using
> > >> a terminal emulator program.  The first connectivity was e-mail
> > >> gateways between the Internet and BBS networks like FidoNet.
> > >> The WWW came about later and it still wasn't that interesting until
> > >> pretty late in the 90's, around 96-97.  And NAT came about when
> > >> most home users were still using dialup to connect to the Internet.
> > >
> > > That's what I meant to write. Things got interesting in the mid-90s.
> > > NAT came out shortly thereafter. NAT ended the end-to-end connectivity
> > thing.
> > > And yet the Internet exploded in size.
> > > Dialup was not really end-to-end because there weren't fixed IP addresses,
> > so not many were hosting servers on dialup.
> > > (I know there were exceptions, I once got a /24 with a dialup account back
> > in 1995.)
> > >
> > 
> > This does not prove NAT is wonderful or that end-to-end is not useful
> > or necessary.
> > 
> > It proves that a lot of people faced with the choice between NAT and nothing
> > chose NAT over non-connection. This is akin to facing a choice between
> > food poisoning and cancer. The obvious choice is food poisoning, but,
> > most people would prefer to avoid both.
> > 
> > >>
> > >>> Most people would fear to put a real IP address on a computer today, I
> > >>> know that I would.
> > >>> I use Logmein from behind NAT to address another computer behind
> > another
> > >>> NAT.
> > >>
> > >> logmein is not free for business use so your probably violating TOS.
> > >
> > > I don't remember saying I used the free one.
> > >
> > 
> > End-to-end addresses mean I don't have to pay someone else just to
> > provide a rendezvous server so I can reach my own stuff. It also means
> > I can connect to my own stuff without subjecting my access to such a
> > man-in-the-middle attack or the additional latency and/or risks associated
> > with doing so.
> > 
> > I really don't see any reason I would want to move from globally addressable
> > systems to systems behind such a rendezvous mechanism. Can you point
> > to any single advantage of doing so?
> > 
> > >> And if you paid for it why should everyone else in the world pay
> > >> that company?  Remote Desktop is free for business and personal use
> > >> and does not require some wacky active x control or java applet to
> > >> run in a browser.  So is VNC.  both of these are also faster.
> > >>
> > > I use both of these products, too.
> > 
> > Not with the target behind a NAT, you don't.
> > 
> > > I started with Carbon Copy over modems.
> > 
> > LoL... I remember those days. Not all that fondly.
> > 
> > > Full disclosure: I have done some consulting for Logmein.
> > 
> > Ah, so you have a somewhat vested interest in the success of this
> > arguably unnecessary (if we had end-to-end) business model.
> > 
> > > In the real world I use Logmein for instances behind NAT.
> > 
> > In the real world, I keep my systems globally accessible. I just
> > don't see any advantage to doing otherwise.
> > 
> > > It's especially valuable for the rapid setup of remote support because it
> > does not require firewall changes.
> > > People are willing to pay for that ability, according to their success in the
> > market.
> > >
> > 
> > People are willing to accept all kinds of bad engineering and pay for
> > workarounds to
> > resolve the issues they create. For example, look at the number of people
> > that
> > bought Windows 3.1 and then paid third parties for IP software, anti-virus
> > software,
> > firewall software, shells that didn't crash all the time, memory managers, etc.
> > 
> > Each of those things is arguably a simple deficiency in the original Windows
> > product
> > and a feature that was included in the basic expectations of virtually every
> > other
> > operating system available at the time.
> > 
> > Just as network access services provided without a globally unique address
> > can
> > be worked around through things like back2mymac and other rendezvous
> > services.
> > However, those services would be utterly unnecessary with a proper globally
> > unique address.
> > 
> > >
> > >>> Rendezvous servers exist for that purpose, and the market favors them.
> > >>> Holding on to some dream of complete end-to-end reachability leaves
> > out
> > >>> the inevitable firewall application between them in any case.
> > >>> Juniper and Cisco have enabled CGN on their big iron boxes, do you
> > think
> > >>> they are unaware of the nightmarish negative impact of CGN you
> > ascribe?
> > >>>
> > >>
> > >> They OFFER CGN on their big iron they don't "enable" it, the admin
> > >> has to configure it for it to be enabled.  And naturally they don't mind
> > >> if an admin does because they get to sell them more hardware that way.
> > >>
> > >> Ted
> > >
> > > Well, we won't have to wait too much longer to see who is correct in their
> > appraisal of the perils of CGN.
> > 
> > Indeed. I suspect that carriers in Asia will be forced to implement at least
> > some LSN very soon.
> > Unfortunately, users in Asia are generally used to a much lower level of
> > service quality than
> > even users in the US, so, that may not be an entirely valid datapoint.
> > 
> > > I assume somebody paid the coders at Cisco to write the CGN code.
> > 
> > As near as I can tell, most of the LSN code in the Cisco gateways is the same
> > as their standard
> > NAT code that's been in their routers for quite some time. Since IOS tends to
> > be the kitchen
> > sink of all kinds of features anyone imagined someone might ever want, I
> > wouldn't take
> > that as too much of an indication as to market demand. After all, IOS still
> > contained support
> > for Banyan until not all that long ago. In fact, I don't know for sure that it has
> > been retired yet.
> > 
> > > I doubt that would have happened if Cisco's research showed customers
> > would reject it.
> > >
> > 
> > I'm sure, as I said, that Cisco's research showed that some carriers would
> > need it. There is
> > a huge difference between needing to do something and wanting to do it or
> > considering it
> > desirable. The number of IPv4-only devices in the consumer electronics
> > product space
> > that will not be upgraded before IPv4 runout alone means that even
> > consumers placed
> > on primarily IPv6 services are going to need some level of IPv4 connectivity
> > solution
> > for some time. Those consumers will be subjected to LSN because there is
> > literally no
> > other viable option.
> > 
> > LSN isn't a feature, it's a workaround for alack of viable options due to the
> > constraints
> > of time combined with a global lack of preparedness and progress.
> > 
> > Owen
> > 
> 
> Even though I enjoy healthy debate as much as anyone, I'm not sure what the point or relevance of this thread is?  Some participants here view universal end-to-end connectivity as an important goal and as such NAT being significantly harmful to the internet. Others of us believe that goal is not particularly desirable and possibly even harmful to the interests of a portion of the community....and thus NAT has significant utility that outweighs any potential harm.
> 
> Much like politics or religion, I don't believe either side will be effective in changing the others beliefs no matter how much verbiage is expended in the effort. That seems evident by the number of times this particular discussion has taken place on this list.  Is it possible to simply agree to disagree on the utility/harm of NAT and set aside that portion of the discussion?
> 

NAT isn't up to a matter of opinion. It is a matter of what the
Internet's design architecture is, and whether NAT can fit within that
architecture. NAT breaks end-to-end reachability and transparency
between the edges of the Internet, which is why it doesn't fit the
Internet's design architecture.

The Internet is intended to be a dumb packet switching network, not one
that has to have an understanding of the applications that are running
over it. That's the fundamental difference between the Internet and a
traditional application specific network such as the PSTN - if you want
to run something other than voice over the PSTN (e.g. fax), you have to
make it look like a phone call. If you want to run an application over
the Internet (the no-NAT Internet), you don't have to care what it
looks like, because the Internet doesn't care what the application is.
The moment you add NAT is the moment "the Internet" needs to care about
the applications because it now has to translate any addresses carried
in them. You then also introduce a performance bottle neck, another
point of application failure and a traffic interception point at the
"public server" that is acting as a relay between the true end-points.
(Imagine a birthday party where nobody can talk directly to each other,
instead, all conversations have to go through the person having the
birthday ...)

For those in the pro-NAT camp, have a read of the following. Then if
you're still advocating NAT, you'll be more aware as to what
you're trading off.

RFC1627 - Network 10 Considered Harmful (Some Practices Shouldn't be
Codified)
http://tools.ietf.org/html/rfc1627

RFC1958 - Architectural Principles of the Internet
http://tools.ietf.org/html/rfc1958

RFC2775 - Internet Transparency
http://tools.ietf.org/html/rfc2775

RFC2993 - Architectural Implications of NAT
http://tools.ietf.org/html/rfc2993


> Can we simply agree that at this particular point in time IPv4 address space continues to have some value/use to a significant portion of the internet community?
> 
> If we can generally agree on that proposition, then it seems clear that ARIN still has some responsibility for setting policies in regards assignment of that space. The question of whether the rest of the worlds population of human's, llama's or house flies will be able to access the internet through IPv4 strikes me as entirely tangential to that point.
> 
> FWIW, my particular hope is that IPv6 see's a steady increase in adoption so that people who do value publically addressable space can get it, IF they want it....and that NAT & IPv4 (and maybe even NAT66) continue to be available to those of us who prefer it as an option. The world is a diverse place, I don't see why the internet should not reflect that diversity in being able to cater to a varied and sometimes conflicting set of interests. Yes, that adds to the complexity of the system from an engineering standpoint....but so does manufacturing more then one size of shoe.
> 
> 
> Christopher Engel
> (representing only my own views)
> 
> _______________________________________________
> PPML
> You are receiving this message because you are subscribed to
> the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> Unsubscribe or manage your mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml
> Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list