Re: Why IPv6 is a must?
One question. > 1) Cell phones (historically <2 yr replacement cycle) > 2) PCs with IPv6 installed (less than 5 yr replacement cycle) > 3) new devices that plug into residential networks (mostly new) What stops the new devices from having v4 with NAT to translate between the internet and the house. I understand there's a security issues but then so what. I'm concerned that if this does happen then the migration to v6 will slow down. > We should note IPv6 has been planned, products have been built and > deployment will occur. It is being driven by people who have a vested > interest in having a solution to the address run-out problem. > > (good news in the last 10 years is that Internet has gotten really good > at deploying HTTP proxies, something we did not really bet on back in > 1991/1992. This is going to aid transition immensely as we move > forward). > > I concur that the routing guys have some work in front of them. May I > suggest people take a closer look at hierarchical routing, combined > provider and geographic hierarchies, and adult supervision? > > Regards, peter > >
Re: Why IPv6 is a must?
> 3) new devices that plug into residential networks (mostly new) > > What stops the new devices from having v4 with NAT to translate between the > internet and the house. nothing stops them, but if you want to access the devices from outside the house (and in many cases that's the point of such devices) then NAT gets in the way. Keith
Re: Why IPv6 is a must?
Please can you help me understand how it gets in the way. As I understand these devices would: - accept (authenticated) commands - perhaps snmp (there's some thought of using sip proxy commands) format. - send status/traps (snmp again). Any NAT would be able to translate both ways - OK it would stumble if there was end-to-end encryption but a small device may not have encryption capability. It should be easy to add NAT (one would need a router, firewall, gateway/gatekeeper anyway). If the issue is only that of encryption then I accept your point. But perhaps I'm missing something. I'm looking for reasons why NAT/v4 cannot/will not address the needs of the new devices. >>> Keith Moore <[EMAIL PROTECTED]> 11/26/01 7:17:38 PM >>> > 3) new devices that plug into residential networks (mostly new) > > What stops the new devices from having v4 with NAT to translate between the > internet and the house. nothing stops them, but if you want to access the devices from outside the house (and in many cases that's the point of such devices) then NAT gets in the way. Keith
Re: Splitting the IETF-Announce list?
On Fri, 23 Nov 2001, Harald Alvestrand wrote: > FWIW, the ietf-announce list had 4717 subscribers (some of which are > sublists, news gateways and the like) - so any category where you get more > than 400 subscribers is probably proof positive that a "market" exists for > a special list for that category. And this has been completed. The subscription information will be sent in a seperate message. I must admit to being rather embarrassed by the whole affair, as my personal (australian) based machine was meant to be restored to functionality at the time of making the promise. My apologies for the time this has taken. -- Bruce CampbellRIPE NCC I do not speak for my employer Operations
Re: Why IPv6 is a must?
Rinka Singh wrote: > > Please can you help me understand how it gets in the way. > > As I understand these devices would: > - accept (authenticated) commands - perhaps snmp (there's some thought > of using sip proxy commands) format. > - send status/traps (snmp again). > > Any NAT would be able to translate both ways - OK it would stumble if > there was end-to-end encryption but a small device may not have > encryption capability. It should be easy to add NAT (one would need a > router, firewall, gateway/gatekeeper anyway). > > If the issue is only that of encryption then I accept your point. But > perhaps I'm missing something. I'm looking for reasons why NAT/v4 > cannot/will not address the needs of the new devices. If you have a few hundred devices in your house that need to act as peers (not clients) to devices outside, they need to be addressable. [we could have a digression on my choice of word, but I think it's beside the point.] If they are all hidden behind one IPv4 address, then a sub-addressing system is needed, and I'm not sure what you think it will be, unless you want to use a well-known port number for each device. It will just be *easier* to use IPv6 as the addressing scheme - initially via RFC 3056, I expect. It also solves the e2e encryption problem, as you say. Brian
announcing a mailing list to discuss anonymous forwarding IDs
HT Kung & I have been working on some IDs dealing with anonymous forwarders for signaling applications - we have established a mailing list to talk about the IDs to subscribe - send mail to [EMAIL PROTECTED] with the word "subscribe" (no quotes) as the subject the IDs are draft-bradner-annfwd-req-00.txt draft-kung-annfwd-framework-00.txt we are new to this topic - we have published the IDs and created the mailing list to get discussion going and to get some help bringing other work in the area to our attention and to further develop these IDs and additional IDs to follow. Scott
Re: Splitting the IETF-Announce list?
On Mon, 26 Nov 2001, Bruce Campbell wrote: > And this has been completed. The subscription information will be sent in > a seperate message. As [EMAIL PROTECTED] seems intent on reading afore-mentioned seperate and complete message and then complaining about invalid commands[1], the relevant information is: Email [EMAIL PROTECTED] with 'lists' in the message body. Reply back to message received with the appropriate 'subscribe' commands as desired. -- Bruce CampbellRIPE NCC I do not speak for my employer Operations [1] Yes, I know about administrivia and sent mails to compensate for that behaviour.
Re: Why IPv6 is a must?
>That's exactly why you want NAT/firewalling and other existing mechanisms. Red herring alert: firewalling and NAT are orthogonal. Many NATs include a firewall, but that's a market decision, not a technical necessity. >These are devices that do not require global addressability. Think water meters. Utility companies would love to be able to stop sending out expensive humans just to read one dial at each customer each month. You *could* have a reverse proxy in your home NAT, but that gets harder to standardize; "does customer X have a compatible NAT?" is a harder question than "does customer X have an IPv6 network?". Besides, if you've got an end-to-end connection to the meter, it's easier to verify that the customer isn't munging the data in order to reduce their bill. >In fact they >SHOULD NOT be globally addressable. Why not? If you've got proper security, you can make them available to the right people, and block them from the wrong people. /==\ |John Stracke |Principal Engineer| |[EMAIL PROTECTED] |Incentive Systems, Inc. | |http://www.incentivesystems.com|My opinions are my own. | |==| |News flash: Linux now implements RFC-1149, IP over Carrier| |Pigeon! | \==/
Re: Why IPv6 is a must?
> > > IPv6 needs to be justified on the number of nodes that truly need a > > > globally accessible public address, not by insisting on counting devices > > > that should remain anonymous or under limited (and controlled) visibility. > > > > you appear to be confusing visibility with accessibility. > > > > No, that is exactly what I am not confusing. > > If a node only requires accessibility by a few specialized nodes (such > as a water meter) then making it *visible* to more is just creating > a security hole that has to be plugged. that's simply false. security and visibility are largely orthogonal. the fact that a resource is visible to the network simply means that it is potentially accessible, with appropriate credentials, by another party on the network. the common mistake is assuming that accessibility should have something to do with network topology, or more precisely, with source IP address. this works only for a limited subset of applications and user communities. while it might be reasonable to trust such mechanisms for limited-purpose networks, it's simply naive to insist that such mechanisms are generally applicable. > Yes, the hole can be plugged easily. again, that's simply false. in general, if an application or an end-system has a security hole that allows access by unauthorized parties, you can't plug that hole by external means. you may be able to work around the problem using a firewall by exploiting network access patterns - for instance, if you know in advance that the only legitimate users of a resource are located within a particular subnet and you can ensure that the only traffic with that subnet's source address actually originated from within that subnet. but this is an exception, not a general rule. to insist that application security realms should be constrained to reflect network topologies is either to severely limit that kinds of applications that can be run or to make your network much more expensive than it needs to be. and this strategy doesn't hold up in a world in which the devices you use access those resources may be attached to the network via any of a variety of provider networks - and may also need to be able to access resources on multiple networks. folks aren't going to carry separate PDAs to access the office email, the baby cam at the day care center, and the home security system. they're going to carry a single PDA and expect it to authenticate to each, independently of their current location. > I am merely pointing out that the opportunity to add more rules to > an IPv6 firewall to plug a security hole that IPv6 created is *not* > an argument for IPv6. IPv6 doesn't create any new security holes. to the extent that holes exist in applications (and of course they do) that are worked around by firewalls, it becomes necessary to apply the same filters for IPv6 that exist for IPv4. but the holes existed already. > Further, NAT boxes are very friendly to meter-type devices. false. many such devices need to be accessible from outside the NAT. furthermore, meter-type devices are only one kind of application that would benefit from global addressibility. > They can receive their IPv4 address via DHCP (eliminating the need > to administer addresses) DHCP is orthogonal to NAT. You can have DHCP (for better or worse) without NAT. > and then they can contact the collection server. The upper-layer > protocols will identify the meter, which they would have done for > authentication reasons anyway. true, but it's irrelevant to your argument - unless you were somehow presuming that the address would have been used for authentication. > There are also a large number of solutions using L2 tunneling. not if you want them to work in arbitrary remote environments. > My point remains, a globally meaningful address is something that > should only be applied when it is useful for that endpoint to > be globally addressable. you haven't said anything to support such an outrageous assertion. Keith p.s. of course there are some vulnerabilities that are introduced whenever you make a network accessible - these include the ability to exploit security holes on hosts, the ability to scan for potential targets, and the ability to attack the network itself. but to the extent that you can use firewalls to thwart such attacks, you can do so without NAT. about the only thing that NAT does for you is to hide an "inside" client host's source address as seen from the outside. so you could say it provides a measure of privacy. but it does this in a very inflexible way - it constrains all applications (regardless of their needs) on all hosts behind the NAT. and once you install a NAT, it's very difficult to fix the problems that the NATs caused.
Re: Why IPv6 is a must?
Caitlin Bestler wrote: >>>IPv6 needs to be justified on the number of nodes that truly need a >>>globally accessible public address, not by insisting on counting devices >>>that should remain anonymous or under limited (and controlled) visibility. >>> >>you appear to be confusing visibility with accessibility. > > No, that is exactly what I am not confusing. > > If a node only requires accessibility by a few specialized nodes (such > as a water meter) then making it *visible* to more is just creating > a security hole that has to be plugged. How do you control visibility? Authentication. How do you control accessibility? Authentication. What's the difference? Silently ignoring unauthenticated peers vs. replying "go away". Limiting visibility does not make a service more secure. > My point remains, a globally meaningful address is something that > should only be applied when it is useful for that endpoint to > be globally addressable. I have a hard time coming up with *any* service that should be restricted to local-only at all times. If you believe that authentication works, you may as well make everything world-visible. I do agree that firewalls can reduce the risk of exposing buggy service implementations to the world, e.g. risking buffer overflow attacks, etc. This has nothing to do with NATs, however, as others have already pointed out. Lars -- Lars Eggert <[EMAIL PROTECTED]> Information Sciences Institute http://www.isi.edu/larse/ University of Southern California
Re: Why IPv6 is a must?
> Devices that are meant to be local-use only can use local scope > addresses. the whole concept of a local-use-only device is somewhat odd. how can the device manufacturer make assumptions about his customers' network topology? or about the placement of security threats relative to that topology? > In addition, to get to an IPv6 node such as a water meter, > you need to get the address right -- the whole 128 bits of it. If a > device uses the "privacy addresses" of IPv6, then the low level 64 bits > are essentially random. Getting to the device by some form of net-scan > can prove to be very long, will plenty of opportunity for the network > police to detect the attack. the nice thing about "privacy addresses" is that they can be used when appropriate for a device or application, and avoided when they're not appropriate. ideally this should happen on a per-application basis. Keith
Re: Why IPv6 is a must?
*> *> My point remains, a globally meaningful address is something that *> should only be applied when it is useful for that endpoint to *> be globally addressable. *> That sounds like an appealing statement, but it hides the potential cost of giving up generality. Back when TCP/IP was young, the operating systems researchers in Computer Science departments had just found a new playpen -- distributed operating systems. They disdained TCP/IP, choosing to implement their OS mechanisms on "bare" Ethernets. Their statement was that a globally meaningful protocol is something that should be applied only when it is useful for the endpoints to be globally reachable. Since all their boxes were local, and for efficiency, they insisted on running directly over the link layer. (And BTW, there was only one link layer, Ethernet ;-)) We told them that the day would come when they would want the general connectivity of IP, but they were, as I said, disdainful. It took a few years for them the realize the error of their approach, but they did eventually. So there is a trade-off here. In general, I think one can say that the Internet has benefited hugely in the past from taking the approach of maximum flexibility whenever feasible. Bob Braden
RE: Why IPv6 is a must?
Caitlin Bestler wrote: > My point remains, a globally meaningful address is something that > should only be applied when it is useful for that endpoint to > be globally addressable. This is your only valid point, and has nothing to do with NAT, Firewalls, or anything else on this thread today... There are cases where an application context calls for local scope addresses (like I may not want my light switch available outside the home), but that is exactly why IPv6 provides local link & site scope addresses. If you have a device that is being used in a local scope application context, then it should not acquire a global scope prefix. At the same time there may be other applications sharing the wire that are global scope (like my son and I run independent web servers). For this context the global scope IPv6 addresses are exactly what is required, because sharing a port doesn't work. >From my observations over time, the hardest thing for network technologists to wrap their heads around is the fact that with IPv6 nodes are capable of multiple addresses simultaneously, and those addresses have different scopes of applicability. It is a matter of local policy which addresses get used, so match the address scope to the use policy. In any case, stop saying that NAT is required to keep a node hidden, because it is not. Also by definition if a NAT is aware of the 'hidden' device, the device is no longer hidden from the world. Tony
Re: Why IPv6 is a must?
On Mon, 26 Nov 2001, Rinka Singh wrote: > Any NAT would be able to translate both ways - OK it would stumble if > there was end-to-end encryption but a small device may not have > encryption capability. It should be easy to add NAT (one would need a > router, firewall, gateway/gatekeeper anyway). Not as easy as one may initially imagine. Think of complicated application level protocols as H.323 which carry ip information in packets. Adding support to NAT gateways would involve integrating gatekeeper/H.323 proxies to routers. End-to-end encription is other area where NAT would be very difficult to implement. There are many examples of "difficult to be accomplished with NAT tasks" (like P2P networks) that could be easily solved by expanding the amount of available addresses (like IPv6). Not talking about the specific capabilities IPv6 integrates (AH, for example). I'm not saying that almost same things could be performed by clever NAT under IPv4, but let's use Occam's razor and follow the simplest way of implementing things... Regards, Flavio.
Re: Why IPv6 is a must?
Caitlin writes: > That's exactly why you want NAT/firewalling and > other existing mechanisms. These are devices > that do not require global addressability. In > fact they SHOULD NOT be globally addressable. That's exactly why you only need one telephone per family. These are people who don't need to be individually reachable. The head of the household can have one telephone, and he or she can just physically seek out whoever else in the family is wanted and put that person in front of the telephone. That's also exactly why you only need one telephone per business. These are employees who don't need to be individually reachable. The receptionist can have one telephone, and he or she can just physically bring any other employee who needs to be contacted to the phone in the reception area. > IPv6 needs to be justified on the number of nodes > that truly need a globally accessible public > address ... IPv6, like any other expansion of the address space, is ultimately not something that has to be justified, but simply something that cannot be avoided. Additionally, the mere need for a unique public address doesn't even necessarily justify IPv4. After all, we don't yet have four billion computers on the Internet. But because of convenient but space-wasteful allocation policies for the existing address space, we will appear to run out of addresses long before the actual theoretical address space is exhausted, unless we resort to allocating them sequentially until every slot is gone. The allocation for IPv6 will inevitably be far more space-wasteful than that for IPv4, human beings being the way they are, and so it will eventually be exhausted as well, as hard as it may be to believe that now. > ... not by insisting on counting devices that should > remain anonymous or under limited (and controlled) > visibility. Similar arguments were advanced against private telephone lines. The most consistent and serious error made by engineers in designing new systems is dramatic underestimation of the capacity that will ultimately be required.
Re: Why IPv6 is a must?
John Stracke writes: > Utility companies would love to be able to stop > sending out expensive humans just to read one > dial at each customer each month. Where I live, they already have. The new meters are individually addressable and will report the consumption they record on demand from a central controller. They don't require any special wiring; I was told that they use the pipes of the water system to communicate with the controller--apparently the usable bandwidth of that channel is enough to allow the very limited communication required by the application. Of course, with low-cost IP dialtone or something similar, such a device could be connected to the Internet. I would not want it to be a device that could accept commands to turn off the water or some such, because of the danger of abuse, but certainly reporting the water consumption seems quite reasonable. One can imagine the same for soft-drink machines, copying machines, and all sorts of other appliances. Right now some of them already work in this way, except that, like the water meter, they rely on out-of-band communication methods (from the Internet point of view).
Re: Why IPv6 is a must?
Caitlin writes: > If a node only requires accessibility by a > few specialized nodes (such as a water meter) > then making it *visible* to more is just > creating a security hole that has to be plugged. Only if the information made thus available itself constitutes a security breach, which is not necessarily the case. Knowing how much water someone consumes or how many cans of Coke remain in a distributing machine would probably not be a security issue for most users, just as answering a ping on the Internet today is not considered to be a security breach by most people (and those who do consider it so can block it). > My point remains, a globally meaningful address > is something that should only be applied when it > is useful for that endpoint to be globally addressable. Unfortunately, if no provision has been made for a global address in the first place, it may not be possible to put anything in place as quickly as required if the need arises, and for critical applications, this is not acceptable.
Re: Why IPv6 is a must?
Keith writes: > the whole concept of a local-use-only device is > somewhat odd. how can the device manufacturer > make assumptions about his customers' network > topology? Imagine where we would be if this assumption were made in the assignment of MAC addresses for Ethernet cards. The Net would be a much different and much more confusing place, if it existed at all.
>about 802.1x
v6 at Salt Lake
I was wondering who at our host was going to be running the v6 router/tunnels for the SLC IETF meeting... -- Perry E. Metzger[EMAIL PROTECTED] -- NetBSD Development, Support & CDs. http://www.wasabisystems.com/
Re: v6 at Salt Lake
looks like itojun, so you should have nothing to fear ;) ... joelja On 26 Nov 2001, Perry E. Metzger wrote: > > I was wondering who at our host was going to be running the v6 > router/tunnels for the SLC IETF meeting... > > -- > Perry E. Metzger [EMAIL PROTECTED] > -- > NetBSD Development, Support & CDs. http://www.wasabisystems.com/ > -- -- Joel Jaeggli [EMAIL PROTECTED] Academic User Services [EMAIL PROTECTED] PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- It is clear that the arm of criticism cannot replace the criticism of arms. Karl Marx -- Introduction to the critique of Hegel's Philosophy of the right, 1843.
Re: Why IPv6 is a must?
> > 3) new devices that plug into residential networks (mostly new) > > > > What stops the new devices from having v4 with NAT to translate between the > > internet and the house. > > nothing stops them, but if you want to access the devices from outside the > house (and in many cases that's the point of such devices) then NAT gets > in the way. > > Keith > That's exactly why you want NAT/firewalling and other existing mechanisms. These are devices that do not require global addressability. In fact they SHOULD NOT be globally addressable. IPv6 needs to be justified on the number of nodes that truly need a globally accessible public address, not by insisting on counting devices that should remain anonymous or under limited (and controlled) visibility. At times I suspect an administrative standard for uniquely referring to a private IP address is a specific private IP network would have been the only required improvement in global addressing.
Re: Why IPv6 is a must?
> That's exactly why you want NAT/firewalling and other existing mechanisms. > These are devices that do not require global addressability. In fact they > SHOULD NOT be globally addressable. first, don't confuse NAT with firewalls.they have entirely separate functions which often happen to be provided in the same box. NAT provides very little additional security by itself, and you can implement any firewall function without doing address translation. second, firewalls are not a general-purpose security mechanism. at best they are a means of decreasing the effort required to analye potential security threats. they are not a substitute for implementing security at the end system. third, it seems quite presumptious for you to declare that someone else's device or application does not, or should not, require global addressability. in fact there are numerous cases where global addressability is desirable. the needs of the network are more diverse than your security model can accomodate. > IPv6 needs to be justified on the number of nodes that truly need a > globally accessible public address, not by insisting on counting devices > that should remain anonymous or under limited (and controlled) visibility. you appear to be confusing visibility with accessibility. > At times I suspect an administrative standard for uniquely referring > to a private IP address is a specific private IP network would have > been the only required improvement in global addressing. that's because you aren't bothering to consider the needs of applications. Keith
Re: Why IPv6 is a must?
> > > IPv6 needs to be justified on the number of nodes that truly need a > > globally accessible public address, not by insisting on counting devices > > that should remain anonymous or under limited (and controlled) visibility. > > you appear to be confusing visibility with accessibility. > No, that is exactly what I am not confusing. If a node only requires accessibility by a few specialized nodes (such as a water meter) then making it *visible* to more is just creating a security hole that has to be plugged. Yes, the hole can be plugged easily. I am merely pointing out that the opportunity to add more rules to an IPv6 firewall to plug a security hole that IPv6 created is *not* an argument for IPv6. Further, NAT boxes are very friendly to meter-type devices. They can receive their IPv4 address via DHCP (eliminating the need to administer addresses) and then they can contact the collection server. The upper-layer protocols will identify the meter, which they would have done for authentication reasons anyway. There are also a large number of solutions using L2 tunneling. My point remains, a globally meaningful address is something that should only be applied when it is useful for that endpoint to be globally addressable.
