[arin-ppml] Just a reminder of some quick mathematicsfor IPv4that shows the long term impossibility of it

Ted Mittelstaedt tedm at ipinc.net
Mon May 16 12:11:28 EDT 2011

On 5/16/2011 8:28 AM, Chris Engel wrote:
>>>>> In fact, the era of end-to-end for the Internet was the
>>>>> limited timeframe between popular acceptance and NAT.
>>>> Wrong because most people back then dialed in with a modem
>>>> using a terminal emulator program.  The first connectivity was
>>>> e-mail gateways between the Internet and BBS networks like
>>>> FidoNet. The WWW came about later and it still wasn't that
>>>> interesting until pretty late in the 90's, around 96-97.  And
>>>> NAT came about when most home users were still using dialup to
>>>> connect to the Internet.
>>> That's what I meant to write. Things got interesting in the
>>> mid-90s. NAT came out shortly thereafter. NAT ended the
>>> end-to-end connectivity
>> thing.
>>> And yet the Internet exploded in size. Dialup was not really
>>> end-to-end because there weren't fixed IP addresses,
>> so not many were hosting servers on dialup.
>>> (I know there were exceptions, I once got a /24 with a dialup
>>> account back
>> in 1995.)
>> This does not prove NAT is wonderful or that end-to-end is not
>> useful or necessary.
>> It proves that a lot of people faced with the choice between NAT
>> and nothing chose NAT over non-connection. This is akin to facing a
>> choice between food poisoning and cancer. The obvious choice is
>> food poisoning, but, most people would prefer to avoid both.
>>>>> Most people would fear to put a real IP address on a computer
>>>>> today, I know that I would. I use Logmein from behind NAT to
>>>>> address another computer behind
>> another
>>>>> NAT.
>>>> logmein is not free for business use so your probably violating
>>>> TOS.
>>> I don't remember saying I used the free one.
>> End-to-end addresses mean I don't have to pay someone else just to
>> provide a rendezvous server so I can reach my own stuff. It also
>> means I can connect to my own stuff without subjecting my access to
>> such a man-in-the-middle attack or the additional latency and/or
>> risks associated with doing so.
>> I really don't see any reason I would want to move from globally
>> addressable systems to systems behind such a rendezvous mechanism.
>> Can you point to any single advantage of doing so?
>>>> And if you paid for it why should everyone else in the world
>>>> pay that company?  Remote Desktop is free for business and
>>>> personal use and does not require some wacky active x control
>>>> or java applet to run in a browser.  So is VNC.  both of these
>>>> are also faster.
>>> I use both of these products, too.
>> Not with the target behind a NAT, you don't.
>>> I started with Carbon Copy over modems.
>> LoL... I remember those days. Not all that fondly.
>>> Full disclosure: I have done some consulting for Logmein.
>> Ah, so you have a somewhat vested interest in the success of this
>> arguably unnecessary (if we had end-to-end) business model.
>>> In the real world I use Logmein for instances behind NAT.
>> In the real world, I keep my systems globally accessible. I just
>> don't see any advantage to doing otherwise.
>>> It's especially valuable for the rapid setup of remote support
>>> because it
>> does not require firewall changes.
>>> People are willing to pay for that ability, according to their
>>> success in the
>> market.
>> People are willing to accept all kinds of bad engineering and pay
>> for workarounds to resolve the issues they create. For example,
>> look at the number of people that bought Windows 3.1 and then paid
>> third parties for IP software, anti-virus software, firewall
>> software, shells that didn't crash all the time, memory managers,
>> etc.
>> Each of those things is arguably a simple deficiency in the
>> original Windows product and a feature that was included in the
>> basic expectations of virtually every other operating system
>> available at the time.
>> Just as network access services provided without a globally unique
>> address can be worked around through things like back2mymac and
>> other rendezvous services. However, those services would be utterly
>> unnecessary with a proper globally unique address.
>>>>> Rendezvous servers exist for that purpose, and the market
>>>>> favors them. Holding on to some dream of complete end-to-end
>>>>> reachability leaves
>> out
>>>>> the inevitable firewall application between them in any
>>>>> case. Juniper and Cisco have enabled CGN on their big iron
>>>>> boxes, do you
>> think
>>>>> they are unaware of the nightmarish negative impact of CGN
>>>>> you
>> ascribe?
>>>> They OFFER CGN on their big iron they don't "enable" it, the
>>>> admin has to configure it for it to be enabled.  And naturally
>>>> they don't mind if an admin does because they get to sell them
>>>> more hardware that way.
>>>> Ted
>>> Well, we won't have to wait too much longer to see who is correct
>>> in their
>> appraisal of the perils of CGN.
>> Indeed. I suspect that carriers in Asia will be forced to implement
>> at least some LSN very soon. Unfortunately, users in Asia are
>> generally used to a much lower level of service quality than even
>> users in the US, so, that may not be an entirely valid datapoint.
>>> I assume somebody paid the coders at Cisco to write the CGN
>>> code.
>> As near as I can tell, most of the LSN code in the Cisco gateways
>> is the same as their standard NAT code that's been in their routers
>> for quite some time. Since IOS tends to be the kitchen sink of all
>> kinds of features anyone imagined someone might ever want, I
>> wouldn't take that as too much of an indication as to market
>> demand. After all, IOS still contained support for Banyan until not
>> all that long ago. In fact, I don't know for sure that it has been
>> retired yet.
>>> I doubt that would have happened if Cisco's research showed
>>> customers
>> would reject it.
>> I'm sure, as I said, that Cisco's research showed that some
>> carriers would need it. There is a huge difference between needing
>> to do something and wanting to do it or considering it desirable.
>> The number of IPv4-only devices in the consumer electronics product
>> space that will not be upgraded before IPv4 runout alone means that
>> even consumers placed on primarily IPv6 services are going to need
>> some level of IPv4 connectivity solution for some time. Those
>> consumers will be subjected to LSN because there is literally no
>> other viable option.
>> LSN isn't a feature, it's a workaround for alack of viable options
>> due to the constraints of time combined with a global lack of
>> preparedness and progress.
>> Owen
> Even though I enjoy healthy debate as much as anyone, I'm not sure
> what the point or relevance of this thread is?

The point is that IPv4 isn't going to work to get the rest of the
world online.  Sorry it's degenerating into a NAT debate but the
NAT proponents seem to think that NAT will allow IPv4 to be
used forever on the Internet.

> Some participants
> here view universal end-to-end connectivity as an important goal and
> as such NAT being significantly harmful to the internet. Others of us
> believe that goal is not particularly desirable and possibly even
> harmful to the interests of a portion of the community....and thus
> NAT has significant utility that outweighs any potential harm.
> Much like politics or religion, I don't believe either side will be
> effective in changing the others beliefs no matter how much verbiage
> is expended in the effort. That seems evident by the number of times
> this particular discussion has taken place on this list.  Is it
> possible to simply agree to disagree on the utility/harm of NAT and
> set aside that portion of the discussion?
> Can we simply agree that at this particular point in time IPv4
> address space continues to have some value/use to a significant
> portion of the internet community?

So it's the "I've got mine Jack to bad there ain't any left for you"

> If we can generally agree on that proposition, then it seems clear
> that ARIN still has some responsibility for setting policies in
> regards assignment of that space. The question of whether the rest of
> the worlds population of human's, llama's or house flies will be able
> to access the internet through IPv4 strikes me as entirely tangential
> to that point.

Since ARIN has essentially completed assignment of that space, there
is really not much left to set as policy in the IPv4 realm other
than continued interference in transfers of IPv4 from one to the
other party.

> FWIW, my particular hope is that IPv6 see's a steady increase in
> adoption so that people who do value publically addressable space can
> get it, IF they want it....and that NAT&  IPv4 (and maybe even NAT66)
> continue to be available to those of us who prefer it as an option.

But those NATs will NOT continue to be available to those of us
who prefer them because they require IPv4 to go on the "outside" of
the NAT.

> The world is a diverse place, I don't see why the internet should not
> reflect that diversity in being able to cater to a varied and
> sometimes conflicting set of interests. Yes, that adds to the
> complexity of the system from an engineering standpoint....but so
> does manufacturing more then one size of shoe.

Sounds good so let's go ahead and run IPX on the Internet too... since I
like that old Netware protocol better than IP.  So I should be arguing
for ISPs to all enable it on their routers based on backwards 
compatibility, using that logic.

The fact of the matter is that what other people choose to do DOES 
affect you, the Internet is not some wild west network where there is
no law and governance and you Chris can do as you damn well please.

Every time someone else brings up another AS it uses a piece of ram in
MY router.  Every time I subnet the advertisements of my own AS and
prepend some and not others to balance my load it uses a piece of ram
in YOUR router.  Like it or not, we are tied to each other.

How well do you think the US highway system would work if every state 
was allowed to set their own highway widths?  Or set their own standards
on what color vehicle brake lights would be?  Would you like to get a
ticket in my state for having an amber directional signal on the back
of your car instead of red?

This is why the Internet cannot reflect the world's diversity in it's
protocols.  You can be as diverse as you want with website content and
suchlike but the value of the Internet is that everyone is talking
with the same protocols.  We currently have a problem with one of them
right now and we have a plan in place to change it that was set up
a decade ago that all the major networks have signed on to doing - and
what is going on is a few malcontents out there who were asleep at the
switch and are too lazy to educate themselves about how IPv6 works
now want to derail that plan by pretending CGN will allow us to ashcan
IPv6 and keep IPv4 going in perpetuity.

It is one thing to regard CGN as transitional and admit you have a
grotty infrastructure that needs it that you can't replace just right
now, but you are going to soon.  It is quite another to claim that it
is reasonable that CGN will allow IPv4 to be a permanent future protocol 
on the Internet, but that is what your doing.


> Christopher Engel (representing only my own views)
> _______________________________________________ PPML You are
> receiving this message because you are subscribed to the ARIN Public
> Policy Mailing List (ARIN-PPML at arin.net). Unsubscribe or manage your
> mailing list subscription at:
> http://lists.arin.net/mailman/listinfo/arin-ppml Please contact
> info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list