[arin-ppml] An article of interest to the community....

[Mike Burns]

>
> can you clarify your position a little bit further, as follows?  i'd
> like to be sure i understand your vision.  are you suggesting that in
> the future we can all just use tcp/80 and tcp/443, all new users and
> all new applications, henceforth, unto perpetuity?
>
> because if not, i don't see your observations as relevant to the ipv6
> transition, wherein we need to preserve an end to end packet transport
> as the basis of "the essence of the internet".  which way we as a
> community decide to move on this, which vision we treat as consensus,
> will inform "the market" as well as make "history".
> -- 
> Paul Vixie
>

Hi Paul,

I think this worship of end-to-end connectivity has to stop.
It's an idealistic view of the Internet that is incompatible with reality.
I don't even hold with the idea that end-to-end was ever that important.
The Internet means a network of networks.
The early Internet connected disparate operating systems and network 
protocols and provided end-to-end connectivity when each end was not a 
computer, it was a researcher reading email or transferring files.
Somewhere along the line it was realized that if we have tcp/ip on every 
machine, not just on gateways, that each machine could reach every other 
machine.
Immediately some neat applications came to mind.
But then reality quickly set in, and people outside ivory towers and 
Internet governance organizations realized that the benefits of end-to-end 
were outweighed by the downsides.
Primarily these downsides involve the need to block or prevent unwanted 
communications.
And so firewalls were erected which put the kibosh on end-to-end 
connectivity for any machine behind one.
NAT was indeed a response to address shortage, but once understood that NAT 
provides protection against inbound communications as well as allowed 
address sharing it was embraced by network engineers everywhere.
People wax on about the applications we could have if we had end-to-end, 
then are unable to specify what they would be.

How about a thought experiment? Imagine humanity became telepathic and each 
human could communicate directly with any other. Imagine what we could do!
But then upon further reflection we could see that end-to-end communication 
can be a curse as well as a blessing, due to lack of protection from 
unwanted communications.
Very shortly, tools or techniques would be developed to provide some 
protection from intrusive, dangerous, or unwanted thoughts. Maybe firewall 
helmets, or maybe we would only open telepathic channels to a gatekeeper who 
would only let in the thoughts we want let in.

What the Internet organically developed into was not an end-to-end 
environment, but actually one more in keeping with normal human relations, 
involving walls and gates.

I asked Mr. Vixie what applications he thought were being prevented by NAT, 
and did not get an answer. I didn't ask which applications required 
finessing to enable them to safely pass through the walls and gates we have 
erected. Those that we wanted to happen did happen. VoIP was a problem, now 
it is not so much. Hosting services from a computer behind NAT was a 
problem, now, with rendezvous servers, not so much a problem.

If I could pick up my magic wand again and replace IPv4 with IPv6 in toto, I 
don't believe there would be any new applications taking advantage of 
end-to-end, because people would be too busy getting their IPv6 firewalls to 
work.

I foresee a layered architecture to the Internet as more compatible with 
human nature. The problems with Carrier Grade Nat, in my mind, revolve 
around control of the NAT boxes. It is true that currently NAT boxes are in 
the control of the gatekeeper who installed them. When this gatekeeper 
becomes the carrier, there is a loss of control downstream. What we need, 
and what the IETF has been thwarting, is a protocol which would allow a 
level of control of NAT ports external to one's own NAT box. If I want 
inbound traffic on port X, I should be able to communicate to NAT boxes 
upstream and arrange for the opening of that port and the directing of it to 
my NAT box.

I will ask again. Suppose I waved my wand and IPv6 was the only extant 
protocol on the Internet. What applications could I look forward to that I 
don't already have?
(Point being if there was one that people wanted, it could serve as the 
missing incentive to transition to IPv6.)

Oh, and this idea that NAT works only for ports 80 and 443 is ludicrous. 
Even without the help of the IETF in creating safe and effective NAT 
traversal protocols, the market has done this job, and games, Voip, video 
and nearly everything else we actually have a desire for works with NAT, 
even multilayer NAT, in my direct experience. This pooh-poohing of NAT as 
only good for web access reveals a lack of understanding of it.

Our job at ARIN is not to push protocols based on a nearly religious view of 
the optimum network architecture. We are charged with carefully doling out 
the free pool addresses entrusted to us, trying to control route table 
growth, and ensuring the unique public registration of all addresses.

Mr. Vixie is correct about the need for the community to decide, but for too 
long this ARIN community has been dominated by a single voice, the voice of 
the IPv6 evangelist.
This voice has been crying the same sad tune for over a decade, issuing the 
same dire warnings, and completely failing to move the needle on the 
adoption of IPv6.
It's time to listen to voices like John Curran's voice in 
1994,(http://tools.ietf.org/html/rfc1669) when he pointed out that 
technological transitions do not happen without economic motivations.
Normally the driver for technological transitions is customer demand, which 
has just never materialized for an IPv6 which has no effective purpose other 
than providing additional address space.
We were promised the Internet of Things, we were promised better security, 
we were promised exciting new applications which only IPv6 could enable. And 
we were warned, loudly and repeatedly, that NAT would degrade things, NAT 
would stifle innovation, NAT was a kludge and and incompatible with our 
vision of a perfect Internet. Except there are no new applications which 
demand IPv6, and lo and behold NAT does work, does allow for innovation, and 
is scalable.

Regards,

Mike