[arin-ppml] An article of interest to the community....

Paul Vixie paul at redbarn.org
Sat Sep 3 05:49:12 EDT 2011 

On Fri, 2 Sep 2011 10:38:16 -0400
"Mike Burns" <mike at nationwideinc.com> wrote:

> > ...
> > because if not, i don't see your observations as relevant to the
> > ipv6 transition, wherein we need to preserve an end to end packet
> > transport as the basis of "the essence of the internet".  which way
> > we as a community decide to move on this, which vision we treat as
> > consensus, will inform "the market" as well as make "history".
> > -- 
> > Paul Vixie
> 
> I think this worship of end-to-end connectivity has to stop.
> It's an idealistic view of the Internet that is incompatible with
> reality. I don't even hold with the idea that end-to-end was ever
> that important. ...

I suggest that if you want to promote a non-end-to-end model you should
write and speak very much more widely than just posting to the ARIN
PPML.  In particular I suggest that you reach out to the IETF and
especially the IAB.

See also Itojun's remarks on the matter:

http://ipv6samurais.com/ipv6samurais/demystified/end-to-end-principle.html

Noting more simply and immediately;

> ...
> But then reality quickly set in, and people outside ivory towers and 
> Internet governance organizations realized that the benefits of
> end-to-end were outweighed by the downsides.

My experience of history differs significantly from your accounting
here.  I'm not disagreeing with you that most hosts are behind
firewalls.  I've used NAT sometimes to effect a security policy.  But I
am very glad that this is left to me as an option, and that it's not
a mandatory part of the architecture of all networks, and that I can
move to different specific solutions as time goes by, knowing that the
packet based end to end connectivity model will be my building block.

> ...
> I asked Mr. Vixie what applications he thought were being prevented
> by NAT, and did not get an answer. ...

My apologies for this oversight.  My answer is: we cannot know because
those applications never existed.  If your question was, what
applications did I personally investigate until I was stopped by NAT, I
could answer.  I think NAT could be made robust enough for the kind of
datagram (voice, gaming, kerberos) applications I'd like more of, for
example we could arrange some kind of gateway RPC protocol so that an
application could learn the IP address and UDP port number that its
distant peers will see when we transmit toward them.  Making that kind
of thing work portably across all platforms is as large a problem
statement as just deploying IPv6, however.

> If I could pick up my magic wand again and replace IPv4 with IPv6 in
> toto, I don't believe there would be any new applications taking
> advantage of end-to-end, because people would be too busy getting
> their IPv6 firewalls to work.

I would never want to take away the option of running firewalls or NAT
or ALG.  One of the beneficial aspects of the packet based end to end
architecture of the Internet is that it makes such technologies possible
for those who want them.  I don't think that such tools could have been
created had the world adopted a global virtual circuit standard for
internetworking rather than a global packet standard like we have now.
In fact I believe that the flexibility of the end to end packet model
was the key strength that allowed it to outcompete other proposals.

> I will ask again. Suppose I waved my wand and IPv6 was the only
> extant protocol on the Internet. What applications could I look
> forward to that I don't already have?

So, this time I'm going to reject your question explicitly.  We do not
know and cannot know what applications are not being created because of
the pervasiveness of NAT.  My preference for the packet based end to
end model is based on the strengths already demonstrated by that model,
including datagram based systems such as DNS, NTP, RDP, and Kerberos,
and the flexibility already demonstrated by that model including load
balancing, firewalls, and NAT.

My unwillingness to attempt to prove a negative should not be taken as
agreement by me that we should be talking about the relative merits of
currently imaginable applications rather than the design strengths of
the underlying model.

> (Point being if there was one that people wanted, it could serve as
> the missing incentive to transition to IPv6.)

While I agree with you on this point, it's not a dispositive
observation.  I'm very glad that people keep thinking of and then
creating new technologies that I didn't know to ask for, it makes my
life better.  I think we should maximize the flexibility available to
those creative people.

> Our job at ARIN is not to push protocols based on a nearly religious
> view of the optimum network architecture. We are charged with
> carefully doling out the free pool addresses entrusted to us, trying
> to control route table growth, and ensuring the unique public
> registration of all addresses.

On this point I agree with you 100%.  And if you can think of a policy
change which will make ARIN better at those functions, I encourage you
to write it up and submit it to the policy development process.
-- 
Paul Vixie

More information about the ARIN-PPML mailing list