[arin-ppml] An article of interest to the community....
Mike Burns
mike at nationwideinc.com
Fri Sep 2 10:38:16 EDT 2011
>
> can you clarify your position a little bit further, as follows? i'd
> like to be sure i understand your vision. are you suggesting that in
> the future we can all just use tcp/80 and tcp/443, all new users and
> all new applications, henceforth, unto perpetuity?
>
> because if not, i don't see your observations as relevant to the ipv6
> transition, wherein we need to preserve an end to end packet transport
> as the basis of "the essence of the internet". which way we as a
> community decide to move on this, which vision we treat as consensus,
> will inform "the market" as well as make "history".
> --
> Paul Vixie
>
Hi Paul,
I think this worship of end-to-end connectivity has to stop.
It's an idealistic view of the Internet that is incompatible with reality.
I don't even hold with the idea that end-to-end was ever that important.
The Internet means a network of networks.
The early Internet connected disparate operating systems and network
protocols and provided end-to-end connectivity when each end was not a
computer, it was a researcher reading email or transferring files.
Somewhere along the line it was realized that if we have tcp/ip on every
machine, not just on gateways, that each machine could reach every other
machine.
Immediately some neat applications came to mind.
But then reality quickly set in, and people outside ivory towers and
Internet governance organizations realized that the benefits of end-to-end
were outweighed by the downsides.
Primarily these downsides involve the need to block or prevent unwanted
communications.
And so firewalls were erected which put the kibosh on end-to-end
connectivity for any machine behind one.
NAT was indeed a response to address shortage, but once understood that NAT
provides protection against inbound communications as well as allowed
address sharing it was embraced by network engineers everywhere.
People wax on about the applications we could have if we had end-to-end,
then are unable to specify what they would be.
How about a thought experiment? Imagine humanity became telepathic and each
human could communicate directly with any other. Imagine what we could do!
But then upon further reflection we could see that end-to-end communication
can be a curse as well as a blessing, due to lack of protection from
unwanted communications.
Very shortly, tools or techniques would be developed to provide some
protection from intrusive, dangerous, or unwanted thoughts. Maybe firewall
helmets, or maybe we would only open telepathic channels to a gatekeeper who
would only let in the thoughts we want let in.
What the Internet organically developed into was not an end-to-end
environment, but actually one more in keeping with normal human relations,
involving walls and gates.
I asked Mr. Vixie what applications he thought were being prevented by NAT,
and did not get an answer. I didn't ask which applications required
finessing to enable them to safely pass through the walls and gates we have
erected. Those that we wanted to happen did happen. VoIP was a problem, now
it is not so much. Hosting services from a computer behind NAT was a
problem, now, with rendezvous servers, not so much a problem.
If I could pick up my magic wand again and replace IPv4 with IPv6 in toto, I
don't believe there would be any new applications taking advantage of
end-to-end, because people would be too busy getting their IPv6 firewalls to
work.
I foresee a layered architecture to the Internet as more compatible with
human nature. The problems with Carrier Grade Nat, in my mind, revolve
around control of the NAT boxes. It is true that currently NAT boxes are in
the control of the gatekeeper who installed them. When this gatekeeper
becomes the carrier, there is a loss of control downstream. What we need,
and what the IETF has been thwarting, is a protocol which would allow a
level of control of NAT ports external to one's own NAT box. If I want
inbound traffic on port X, I should be able to communicate to NAT boxes
upstream and arrange for the opening of that port and the directing of it to
my NAT box.
I will ask again. Suppose I waved my wand and IPv6 was the only extant
protocol on the Internet. What applications could I look forward to that I
don't already have?
(Point being if there was one that people wanted, it could serve as the
missing incentive to transition to IPv6.)
Oh, and this idea that NAT works only for ports 80 and 443 is ludicrous.
Even without the help of the IETF in creating safe and effective NAT
traversal protocols, the market has done this job, and games, Voip, video
and nearly everything else we actually have a desire for works with NAT,
even multilayer NAT, in my direct experience. This pooh-poohing of NAT as
only good for web access reveals a lack of understanding of it.
Our job at ARIN is not to push protocols based on a nearly religious view of
the optimum network architecture. We are charged with carefully doling out
the free pool addresses entrusted to us, trying to control route table
growth, and ensuring the unique public registration of all addresses.
Mr. Vixie is correct about the need for the community to decide, but for too
long this ARIN community has been dominated by a single voice, the voice of
the IPv6 evangelist.
This voice has been crying the same sad tune for over a decade, issuing the
same dire warnings, and completely failing to move the needle on the
adoption of IPv6.
It's time to listen to voices like John Curran's voice in
1994,(http://tools.ietf.org/html/rfc1669) when he pointed out that
technological transitions do not happen without economic motivations.
Normally the driver for technological transitions is customer demand, which
has just never materialized for an IPv6 which has no effective purpose other
than providing additional address space.
We were promised the Internet of Things, we were promised better security,
we were promised exciting new applications which only IPv6 could enable. And
we were warned, loudly and repeatedly, that NAT would degrade things, NAT
would stifle innovation, NAT was a kludge and and incompatible with our
vision of a perfect Internet. Except there are no new applications which
demand IPv6, and lo and behold NAT does work, does allow for innovation, and
is scalable.
Regards,
Mike
More information about the ARIN-PPML
mailing list