On 03/11/2013 06:45 PM, Walter Dnes wrote: > On Mon, Mar 11, 2013 at 10:22:39AM +0200, Alan McKinnon wrote > >> You are being over-simplistic. >> >> Lack of IPv4 address space *caused* NAT to happen, the two are >> inextricably intertwined. > > Agreed. But we shouldn't be pointing out that NAT has partially > solved the problem, and giving people false hope that NAT will solve > the shortage problem forever.
The truth of the matter is that it kinda does, for most of these people. For most of those for whom it doesn't, there are (and will be) plenty of third-party services looking to allow them to throw money at the problem for an opaque solution. (It's like sausage; it works, it's nutritious, it tastes great...but YMMV if you see how it's made.) For small businesses for whom the IP shortage already crowded out of traditional network management, the Cloud was born. Large businesses make a mess of their networks, but hobble along. So workarounds were developed. What NAT has *done*, though, is force a stratification and classification of services, making vast swaths of network applications impossible or incredibly niche. If one doesn't acknowledge the truth of the matter, one gets nailed to the wall with it when someone smart enough to consider it brings it up as a counterpoint. > We should be pounding away on the fact that we're running out of IP > addresses... period... end of story. If people ask about NAT, then > mention that the undersupply will be so bad that even NAT won't > help. In my presentations, I've stopped bothering to wait for people to ask about NAT, because it starts off in their minds from nearly the beginning--and until they get that question answered, most of what I say washes past them as ancillary and not as important as the question pressing on their minds. > >> Even worse, people now have NAT conflated with all sorts of other >> things. Like for example NAT and security. > > That's why I wwant to avoid that propaganda battle. It's been lost > already. Deal with it. Don't waste time and effort on it. Put your > effort into pounding away on a simple issue that people do > understand... we're running out of IP addresses. That's the thing. We're running out, we've *run* out. Past tense. I keep pointing to my friend whose ISP hands him RFC1918 addresses as an example, because that's just the way things are. I can also point to mobile carriers--most local network regions hand out RFC1918 addresses for IPv4, which means you're double-NATting if you use your phone to share your network connection. At one point a couple *years* ago, my T-Mobile phone told me it had what I thought was a public IPv4 address...but it turned out to be an address owned by some security-related branch of the British government who didn't advertise routes, and so T-Mobile was able to use British government netblocks internally as a kind of extension to RFC1918 space. Around the same time, a friend's Verizon phone in the area had a legit public IPv4 address if and only if he was sharing his network connection at that moment...otherwise Verizon would switch him back to an RFC1918 address. So, I say again, we've run out of IPv4 addresses. Past tense. What's left after that is to explain why most of the people you'll ever talk to don't feel pain from it, and explain to them why their anaesthetic is keeping them from realizing their network is paraplegic. > >> NAT is the context of an IPv6 discussion is *very* relevant, it's >> one of the points you have to raise to illustrate what bits inside >> people's heads needs to be identified and changed. >> >> Until you change the content of people's heads, IPv6 is just not >> going to happen. > > I disagree with you there. IPV6 adoption will be driven by shortage > of addresses, which people can understand. I agree. The problem is that the IPv4 network as it exists today is highly optimized for asymmetric client-server topologies, and the pains and breakages will largely go unnoticed or unattributed due to the layers upon layers of abstractions, band-aids and jerry-rigging. As a consequence, it's necessary to help people understand what they're missing. > It will not be accomplished by sermons about the evils of NAT whilst > people's eyes glaze over. "A preachment, dear friends, you are about > to receive, is on John Barleycorn, Nicotine, and the Temptations of > NAT". I don't tend to encounter peoples' eyes glazing over. All my presentations are in Q&A format. There's one guy who's gone to four of them, because, as he told me, "it's different every time." > > And if it comes down to it, I'd much rather have IPV6 with IPV6 NAT > being available, rather than no IPV6. Sure. I think IPv6 NAT has its place, but I personally feel it should be done above layer 3, in application-layer gateways. If you're in a scenario where you need IPv6 NAT, you're almost certainly in a scenario where you would benefit from the additional features an ALG would give you.
signature.asc
Description: OpenPGP digital signature
