Re: [midcom] WG scope/deliverables

2001-02-15 Thread Bernard D. Aboba 

 anyway, what's the half-life of a piece of network equipment?  2-3 years?

In the consumer space, it's probably the life of the customer's 
arrangement with the service provider. While turnover is high with dialup 
ISPs, it is presumably lower with xDSL and Cable modems. So I would be 
looking at more like 4-5 year lifetimes (roughly equal to a PC) without 
upgrading the NAT code load (which means that even if IPv6 native support 
were available, most customers would not do the upgrade). 

 existing NATs are going to be discarded, or at least upgraded, within a short
 time anyway.

I wish that were true -- but in the consumer space, people just aren't 
very interested in futzing with network equipment unless their provider 
tells them to. So it is more realistic to assume that equipment stays in 
place for a substantial period.

 
 NATs are more entrenched in people's minds than they are in reality. 
 

Today, NAT penetration among consumers isn't very high because networked 
multi-PC homes are relatively rare. However, as multiple device homes 
proliferate along with home networking, I would expect the majority of 
consumer PCs to be behind NATs by 2005. Unless we start thinking now 
about the minimal NAT functionality necessary to deploy IPv6, and get 
this into shipping  NATs soon, we will face very substantial barriers to 
IPv6 adoption down the road. 

 It's being worked on. Watch the I-D directory. 

I'm watching ;)

RE: Number of Firewall/NAT Users

2001-01-20 Thread Bernard D. Aboba 



 what about business users, bernard?
 
 vint
 

My understanding is that the fraction of enterprises deploying NAT is 
much larger than in consumer households. Almost all commercial firewall 
products now support NAT. In comparison, fewer firewall products support 
competing approaches (such as SOCKS, or RSIP). 

And of course, as the address space continues to run out it is likely 
that enterprise and perhaps even ISP NAT deployment will increase 
substantially over the next few years. 

What is worth thinking about is what this will imply for the future 
internet architecture. It is one thing to address issues brought up by a 
single well functioning NAT within the same administrative domain. It is 
another thing to deal with multiple layers of perhaps not so well 
implemented NATs which may not even support tunneling of IPv6. 
And that is where we appear to be headed over the next few years.