Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On 2-okt-2007, at 16:53, Mark Newton wrote: By focussing on the mechanics of inbound NAT traversal, you're ignoring the fact that applications work regardless. Web, VoIP, P2P utilities, games, IM, Google Earth, you name it, it works. O really? When was the last time you successfully transferred a file using IM? It only works half the time for me and I don't even use NAT on my main system myself. Some audio/video chat applications work well, others decidedly less so. The only reason most stuff works most of the time is because applications tell NAT devices to open up incoming ports using uPnP or NAT-PMP. IPv6 will happen. Eventually. And it'll have deficiencies which some believe are severe, just like the IPv4 Internet. Such as NAT. Deal with it. If you want NAT, please come up with a standards document that describes how it works and how applications can work around it. Just implementing it and letting the broken applications fall where they may is so 1990s. If you believe that v4 exhaustion is a pressing problem, then I'd humbly suggest that 2007 is a good time to shut the hell up about how bad NAT is and get on with fixing the most pressing problem. NAT is not a problem and running out of IPv4 address space is a problem can't both be true at the same time. With enough NAT lubrication you can basically extend the IPv4 address space by 16 bits so you don't need IPv6. If we're successful, there'll be plenty of time to go back and re-evaluate NAT afterwards when IPv6 exhaustion is a distant memory. Right. Building something that can't meet reasonable requirements first and then getting rid of the holes worked so well for the email spam problem.
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On 2-okt-2007, at 16:55, Mark Newton wrote: ALGs are not the solution. They turn the internet into a telco-like network where you only get to deploy new applications when the powers that be permit you to. No, they turn the Intenret into a network where you only get to deploy new IPv4 applications when the powers that be permit you to. So everyone will deploy IPv6 applications, which require no ALGs, instead. Isn't that a solution that everyone can be happy with? Well, I can think of a couple of things that make me unhappy: - IPv4 vs IPv6 is completely invisible to the user. I regularly run netstat or tcpdump to see which I'm using, I doubt many people will do that. So if IPv6 works and IPv4 doesn't, that will look like random breakage to the untrained user rather than something they can do something about. - If we do NAT-PT and the ALGs are implemented and then the application workarounds around the ALGs, it's only a very small step to wide scale IPv6 NAT.
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On 2-okt-2007, at 15:56, Stephen Sprunk wrote: Second, the ALGs will have to be (re)written anyways to deal with IPv6 stateful firewalls, whether or not NAT-PT happens. That's one solution. I like the hole punching better because it's more general purpose and better adheres to the principle of least astonishment. That's the purpose of an ALG. Requiring users to modify their home router config or put in a change request with their IT department for a firewall exception is a non-starter if you want your app to be accepted. Hence uPnP and NAT-PMP plus about half a dozen protocols the IETF is working on. Huh? They both do, that's the point. (Although the former doesn't work for everything and the latter removes the IPv6-only status from the host if not from the network it connects to.) The former only handles outbound TCP traffic, which works through pure NAT boxes as it is. BitTorrent is TCP, but it sure doesn't like NAT because it gets in the way of incoming sessions. The latter solution ignores the problem space by telling people to not be v4-only anymore. Decoding IPv4 packets on a host is trivial, they already have all the necessary code on board. It's building an IPv4 network that's a burden. Could you please explain what problems you see with the proxy/tunnel approach and why you think NAT-PT doesn't have these problems? NAT-PT works for more apps/protocols. Disagree. Tunneling gives you actual IPv4 so obviously that will always be better than translation. One of the problems with a proxy is that you have to configure hosts to use it, and all traffic flows through it whether it's needed or not. Obviously we could make the clients smarter, but then you're back to the decade problem. It's too late for that. Automatic proxy configuration already exists. I agree that having IPv6 traffic go through a proxy is unnecessary but that can be fixed. And there's no such thing as too late (if there were, the IETF would have been out of business long ago): problems stick around until you fix them. There is a difference between the networks and the hosts. Upgrading networks to dual stack isn't that hard, because it's built of only a limited number of different devices. *giggle* You mean like the 90% of hosts that will be running Vista (which has v6 enabled by default) within a couple years? Or the other 10% of hosts that have had v6 enabled for years? The problem isn't the hosts. It isn't even really the core network. It's all the middleboxes between the two that are v4-only and come from dozens of different clue-impaired vendors. You forget that the majority of applications need to be changed to work over IPv6. If I turn off IPv4 on my Mac and use some magic to go from v6 to v4, I can get to the web and do stuff like ssh and ftp, but most other applications don't work because they don't support IPv6 yet. On 2-okt-2007, at 16:10, Stephen Sprunk wrote: You just open up a hole in the firewall where appropriate. You obviously have no experience working in security. Who wants those headaches? You can't trust the OS (Microsoft? hah!), you can't trust the application (malware), and you sure as heck can't trust the user (industrial espionage and/or social engineering). The only way that address-embedding protocols can work through a firewall, whether it's doing NAT or not, is to use an ALG. You assume a model where some trusted party is in charge of a firewall that separates an untrustworthy outside and an untrustworthy inside. This isn't exactly the trust model for most consumer networks. Also, why would you be able to trust what's inside the control protocol that the ALG looks at any better than anything else? The defense and healthcare industries will force vendors to write those ALGs (actually, make minor changes to existing ones) if they care about the protocols in question because they have no choice -- security is the law. Seems to work well, that law. But these people don't complain when their video streaming/chatting doesn't work out of the box. These are highly specialized setups that are really beyond what general purpose hard- and software can be expected to cope with. Even for home users, most have zero clue how to open a hole in their home firewall. Repeat after me: uPnP, NAT-PMP.
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007, Iljitsch van Beijnum wrote: On 2-okt-2007, at 16:53, Mark Newton wrote: By focussing on the mechanics of inbound NAT traversal, you're ignoring the fact that applications work regardless. Web, VoIP, P2P utilities, games, IM, Google Earth, you name it, it works. O really? When was the last time you successfully transferred a file using IM? It only works half the time for me and I don't even use NAT on my main system myself. Some audio/video chat applications work well, others decidedly less so. The only reason most stuff works most of the time is because applications tell NAT devices to open up incoming ports using uPnP or NAT-PMP. Ah, god damn Microsoft MSN client. Just send it via gmail already. People deal with slightly broken crap all day, every day. If they had a low tolerance for it then we'd be running OSF/1+Motif on multi-core Alphas cause Windows on whiteboxes wouldn't have cut the mustard. Right. Building something that can't meet reasonable requirements first and then getting rid of the holes worked so well for the email spam problem. Ah, but: * y'all didn't know what were reasonable requirements when SMTP was built; and * You're not trying to do a forklift upgrade of SMTP protocol (which, arguably, would include reasonable anti-spam methods!) Whereas: * Y'all know the issues involved in migrating from ipv4 to ipv6, as you've got operational experience with both now, and * You're trying to do a forklift upgrade of the IP protocol. Adrian
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007 at 09:50:09PM +0200, Iljitsch van Beijnum wrote: On 2-okt-2007, at 16:55, Mark Newton wrote: So everyone will deploy IPv6 applications, which require no ALGs, instead. Isn't that a solution that everyone can be happy with? Well, I can think of a couple of things that make me unhappy: Doubtless. - IPv4 vs IPv6 is completely invisible to the user. I regularly run netstat or tcpdump to see which I'm using, I doubt many people will do that. So if IPv6 works and IPv4 doesn't, that will look like random breakage to the untrained user rather than something they can do something about. With respect, that's why a bunch of us have been suggesting using techniques such as NAT-PT to make sure taht IPv6 works _and_ IPv4 works. If the mechanisms used lack sufficient quantities of perfection, they'll be modified until they're good enough. - If we do NAT-PT and the ALGs are implemented and then the application workarounds around the ALGs, it's only a very small step to wide scale IPv6 NAT. And thus the sky falls. Perhaps it's a perspective issue, but I really don't see a problem with that. If the network works, who cares? Perhaps you'd be happier if, in recognition of the fact that NAT appears to be a dirty word, we called it something else. The IPv6 people have already jumped on this bandwagon, so it shouldn't be a huge gulf to bridge: SHIM6 is basically wide-scale highly automated NAT, in which layer-3 addresses are transparently rewritten for policy purposes (a SHIM6 middlebox, if it ever existed, would be indistinguishable from a NAT box), so we have a start here: If we rename NAT, it becomes acceptable to IPv6 proponents. So my proposal is this: Instead of saying, NAT, from now on we should say, Layer-4 switch. I don't know about you, but I feel comfortable deploying a network which has layer-4 switches in it. I already have layer-2 and layer-3 switches, so I might as well collect the whole set. That solution to this quagmire also solves the other great problem that you seem to have in gaining acceptance: There are legitimate uses for NAT right now, and there will be in the future, so arguing for the elimination of a useful tool before we can move the Internet forward strikes me as a fundamentally regressive argument. Perhaps in years to come we'll look at the people who argue for the elimination of layer-4 switches in the same way that we look at 1980's campus network administrators who thought the whole organization should be one big broadcast domain, with no place for layer-3 switches. Ah, look at that, he doesn't like NAT. How... quaint. :-) - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007 at 10:07:19PM +0200, Iljitsch van Beijnum wrote: IPv6 will happen. Eventually. And it'll have deficiencies which some believe are severe, just like the IPv4 Internet. Such as NAT. Deal with it. If you want NAT, please come up with a standards document that describes how it works and how applications can work around it. Just implementing it and letting the broken applications fall where they may is so 1990s. Ah, how obstructive of you. We can't possibly do this until a multi-volume standards document has been written which encompasses and solves every conceivable problem with absolute perfection. Have it on my desk by 5pm. No, that's not how we do things on the Internet. It _is_ how they do things on those old-school telco networks you keep telling us to avoid emulating, but it's not our way. Never has been, likely never will be (and, indeed, I'd put it to you that the reason we're all talking about IPv6 in 2007 instead of _using_ it is because the IETF tried the old-school way instead of the Internet way to solve the running-out-of-addresses problem) If you believe that v4 exhaustion is a pressing problem, then I'd humbly suggest that 2007 is a good time to shut the hell up about how bad NAT is and get on with fixing the most pressing problem. NAT is not a problem and running out of IPv4 address space is a problem can't both be true at the same time. With enough NAT lubrication you can basically extend the IPv4 address space by 16 bits so you don't need IPv6. Don't you think that's a bit of an oversimplification? With respect, Iljitsch, if you want a long and bloody argument about IPv6 NAT, and you engineer one by constructing straw men to argue against, my guess is that the blood on the walls at the end of the process will be yours. If we're successful, there'll be plenty of time to go back and re-evaluate NAT afterwards when IPv6 exhaustion is a distant memory. Right. Building something that can't meet reasonable requirements first and then getting rid of the holes worked so well for the email spam problem. My email works. How about yours? - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
- IPv4 vs IPv6 is completely invisible to the user. I regularly run netstat or tcpdump to see which I'm using, I doubt many people will do that. So if IPv6 works and IPv4 doesn't, that will look like random breakage to the untrained user rather than something they can do something about. but the reality is ipv4 works and ipv6 doesn't. and unless the ivory tower purists get off their doomed thrones, ipv6 will die stillborn. in fact, that is what is happening now. there are more ipv4 nats within a 1km radius of here than there are v6-enabled networks on the planet. and i am at the nexus of ipv6 deployment in the world, networking central in tokyo. - If we do NAT-PT and the ALGs are implemented and then the application workarounds around the ALGs, it's only a very small step to wide scale IPv6 NAT. the reality is you have a choice. nat-pt or ipv4 with massive natting forever. it's not a choice i like, but it's life. get over it. randy
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007 at 10:33:43PM +0200, Iljitsch van Beijnum wrote: On 2-okt-2007, at 16:10, Stephen Sprunk wrote: You can't trust the OS (Microsoft? hah!), you can't trust the application (malware), and you sure as heck can't trust the user (industrial espionage and/or social engineering). The only way that address-embedding protocols can work through a firewall, whether it's doing NAT or not, is to use an ALG. You assume a model where some trusted party is in charge of a firewall that separates an untrustworthy outside and an untrustworthy inside. This isn't exactly the trust model for most consumer networks. Err, it is. Really, it is. Residential-grade customers employ trusted parties like DLink, Alloy, Alcatel, Linksys, and various others to be in charge of the firewall that separates the untrustworthy internet from their inside network. Corporate-grade customers employ trusted parties as staff. SMEs are somewhere in between, often substituting their ISP as a proxy for staff. Ether way you cut it, the model you've just dismissed is _exactly_ the way the real world works. Also, why would you be able to trust what's inside the control protocol that the ALG looks at any better than anything else? You can't. So if the control protocol can possibly do anything bad, the firewall administrator says, Well, can't let this take control of my network, I'll just block it. ... which breaks end-to-end reachability every bit as effectively as a NAT box does, regardless of whether or not the firewall employs NAT. Which is why various correspondents in this thread have repeatedly pointed out that any assertion that an IPv6 Internet is going to be any more end-to-end than an IPv4 Internet is delusional. The defense and healthcare industries will force vendors to write those ALGs (actually, make minor changes to existing ones) if they care about the protocols in question because they have no choice -- security is the law. Seems to work well, that law. But these people don't complain when their video streaming/chatting doesn't work out of the box. splutter Oh yes they do. You better believe it. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
- If we do NAT-PT and the ALGs are implemented and then the application workarounds around the ALGs, it's only a very small step to wide scale IPv6 NAT. Perhaps it's a perspective issue, but I really don't see a problem with that. If the network works, who cares? well, the thing is that nats in the middle really do cause problems. and we do care about those problems. it's just that inability to have a usable transition toward the wonderfully incompatible ipv6 protocol is a far worse problem. so, as this is engineering, not religion, we will make the trade-off and put up with the mostly hackable problems of nat-pt rather than the much more serious problems living with ipv4 only and a jillion nats for ever and ever. some of the older of us may be more used to such lesser of two evil compromises. heck, i voted for hubert the whore. randy
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On 3-okt-2007, at 9:42, Randy Bush wrote: but the reality is ipv4 works and ipv6 doesn't. It has very little deployment at this point in time, that's something different. and unless the ivory tower purists get off their doomed thrones, ipv6 will die stillborn. And unless the purists, whatever their living arrangements, get to keep out at least some of the bad stuff that's in IPv4, the entire effort to move to IPv6 will be a waste of time because we'll all be in the exact same mess only with harder to remember addresses. there are more ipv4 nats within a 1km radius of here than there are v6-enabled networks on the planet. and i am at the nexus of ipv6 deployment in the world, networking central in tokyo. So? Still 1157 million IPv4 addresses to burn, can't realistically expect people to upgrade to IPv6 unless they have to. the reality is you have a choice. nat-pt or ipv4 with massive natting forever. it's not a choice i like, but it's life. get over it. I'd rather have IPv4 with massive NAT and IPv6 without NAT than both IPv4 and IPv6 with moderate levels of NAT. The tricky part is that we're not going to agree on that as a community, so the status quo will persist until someone cares enough to do something drastic that moves the entire industry in one direction or another.
Re: Access to the IPv4 net for IPv6-only systems
At 12:02 PM +0200 10/3/07, Iljitsch van Beijnum wrote: On 3-okt-2007, at 9:42, Randy Bush wrote: but the reality is ipv4 works and ipv6 doesn't. It has very little deployment at this point in time, that's something different. I'm with Randy on this one... While we will have increased IPv6 deployment as we get closer to IPv4 free pool depletion, the size of the IPv4 installed base is very impressive and the task of moving it all to dual-stack may not be achievable w/o NAT-PT and a set of defined ALG's. the reality is you have a choice. nat-pt or ipv4 with massive natting forever. it's not a choice i like, but it's life. get over it. I'd rather have IPv4 with massive NAT and IPv6 without NAT than both IPv4 and IPv6 with moderate levels of NAT. That's great, guys, if IPv4 with massive levels of NAT actually resembles today's Internet and is actually a viable choice. Once free pool depletion occurs and address reuse enters the equation, we've got high demand for block fragmentation and a tragedy of the commons situation where everyone's motivations are to inject their longer prefixes and yell at others not to do the same. It's a very different circumstance that we have today with NAT and it only gets worse as utilization increases. /John
RE: Access to the IPv4 net for IPv6-only systems
It's a very different circumstance that we have today with NAT and it only gets worse as utilization increases. Does it really get worse? Or do the ISPs with the eyeballs point at their 6to4, Teredo, ALG installations and happy customers with IPv6 access lines? And do the ISPs with the content point at their native IPv6 servers, and 6to4 relays and ALG installations? And do the people making the purchasing decisions cut short the NAT over NAT party before it has barely begun? Let's face it, this is not a technical problem. IPv4 is running out soon. IPv6 does not suffer from this brick wall problem and makes future network design/deployment easier to do without contortions. The economic imperative is for companies to go with whatever is simpler in the long run because that is how they recover costs. Spend some capital to build something, rake in recurring fees for a few years, and either profit from it or lose. The capital cost is less important than the operating cost because operating cost eats into margins. Simpler is better when it comes to operating costs. It is true that telcos have, in the past, been able to warp the market economics and get away with very high recurring fees that could cover the high operating costs of complex infrastructure. But does anyone believe this will happen again within the lifetimes of those people who wielded their purchasing power and pushed recurring fees down, down, down? Fact is, that IPv6 is more of a known quantity than IPv4 super NAT with ever longer prefixes and scraping the barrel for reusable IP addresses. And IPv6 is a more constraint-free environment to play in than the IPv4 endgame. If everybody had to play with the same constraints it would be different. But the fact is that some companies have already made the decision to shift their activity to IPv6 along with rising market demand for IPv6. They are hoping to get some of *YOUR* choice customers when contract renewal time comes around because those choice customers are beginning to fear that your company will go bankrupt in 2010/2011 when the demand for IPv6 goes through the roof. Of course it is better for everybody if there are only a few such shortsighted companies because the shift to IPv6 will be enough work without an exponential increase in customers fleeing from other providers. And even an IPv6 network needs peers so it is in everyone's interests that most of us get IPv6 up and running very soon now. --Michael Dillon
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Wed, Oct 03, 2007 at 12:02:31PM +0200, Iljitsch van Beijnum wrote: The tricky part is that we're not going to agree on that as a community, so the status quo will persist until someone cares enough to do something drastic that moves the entire industry in one direction or another. That isn't actually true. I could move to IPv6 and deploy a NAT-PT box to give my customers access to the v4 Internet regardless of whatever the rest of the community thinks. This whole debate is a complete waste of time, because everyone, yourself included, knows that regardless of what consensus we end up with, at the end of the day if NAT makes sense NAT will be deployed. End of story, game over. This whole meme that says we need the entire industry to move in the same direction at the same time is yet another delaying fallacy, and yet another example of you proposing that we all behave like old-skool telcos inside the exact same 24 hour period when you decry any suggestion that we act like old-skool telcos. Whatever. - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
RE: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
That isn't actually true. I could move to IPv6 and deploy a NAT-PT box to give my customers access to the v4 Internet regardless of whatever the rest of the community thinks. This whole debate is a complete waste of time, Yup. It would be more productive for everyone in the debate to build an IPv6 router based on Linux, add NAT-PT and trial it for their own Internet access for a few weeks. Instructions are here: http://tomicki.net/ipv6.router.php The proof of the pudding is in the tasting. --Michael Dillon
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On 3-okt-2007, at 15:52, Mark Newton wrote: The tricky part is that we're not going to agree on that as a community, so the status quo will persist until someone cares enough to do something drastic that moves the entire industry in one direction or another. That isn't actually true. I could move to IPv6 and deploy a NAT-PT box to give my customers access to the v4 Internet regardless of whatever the rest of the community thinks. And then you'll see your active FTP sessions, SIP calls, RTSP sessions, etc fail. This whole debate is a complete waste of time, because everyone, yourself included, knows that regardless of what consensus we end up with, at the end of the day if NAT makes sense NAT will be deployed. End of story, game over. Few things in today's internet are universal. I don't think the answer to the question whether NAT makes sense is one of them. This whole meme that says we need the entire industry to move in the same direction at the same time is yet another delaying fallacy, and yet another example of you proposing that we all behave like old-skool telcos inside the exact same 24 hour period when you decry any suggestion that we act like old-skool telcos. It takes two to tango. If you deploy something that doesn't work with what everyone else has deployed, in most cases, it's you who has the problem. In that sense, the industry must move fairly coherently. Unfortunately, this is true regardless of any underlying merit. Current path MTU discovery practices are insane but use a smaller- than-1500-byte MTU at your peril.
Re: ISP support for Email (was Re: DDoS Question)
Why should ISPs still pay to support subscriber e-mail either inhouse or outsourced, any more than paying to support USENET, Chat, FTP/HTTP Hosting, etc? Let subscribers choose whichever free or fee-based supplier, and wash your hands of both the support issues and the legal compliance issues. For better or worse, whatever hoops you can make a customer have to jump through to leave may keep them your customer 'by force'. Its hard to change your email address and notify everyone on your address book and the sites you may have used it to sign up with. It may not be right, but it does seem to work. Also, having your domain on that customers email address is low cost advertising. sam
Re: Creating demand for IPv6, and saving the planet
Thus spake Daniel Senie [EMAIL PROTECTED] A number of people have bemoaned the lack of any IPv6-only killer-content that would drive a demand for IPv6. I've thought about this, and about the government's push to make IPv6 a reality. What occurred to me is there is a satellite sitting in storage that would provide such content: http://en.wikipedia.org/wiki/Triana_(satellite) Al Gore pushed for this satellite, Triana, to provide those on earth with a view of the planet among its scientific goals. The Republicans referred to it as an overpriced screen saver, though the effect even of just the camera component on people's lives and how they treat the planet could be considerable. By combining the launch of Triana with feeding the still images and video from servers only connected to native IPv6 bandwidth, the government would provide both a strong incentive for end users to want to move to IPv6, and a way to get the people of this planet to stop from time to time and ponder the future of the earth. Here's a simple question that applies to every killer app that's been proposed for IPv6: if you're going to the trouble of making a killer app and giving/selling it to the public, why wouldn't you include support for IPv4? Virtually every unique feature of IPv6, except the number of bits in the address, has been back-ported to IPv4. There is simply no other advantage left, and thus no room for apps that require IPv6. S Stephen Sprunk God does not play dice. --Albert Einstein CCIE #3723 God is an inveterate gambler, and He throws the K5SSSdice at every possible opportunity. --Stephen Hawking
RE: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
It's seems we're always confusing NAT with PAT (or NAT overload, or whatever else you want to call it). One to one NAT rarely breaks stuff. NAT-PT would need to follow that model, otherwise, yes, things will break. It seems like an IPv6-only ISP would need to operate the NAT-PT boxes, and dedicate a block of v4 addresses the size of the expected concurrent online users to the NAT-PT box. Keep in mind that a v6 ISP with 1 million customers won't need a million v4 addresses, for obvious reasons. It's going to be considerably less than if each customer got a v4 address. NAT-PT does seem like a viable short term solution. I'm not sure though how to get current v4-only content providers to dual-stack their stuff. Increased domain fees maybe for v4-only domains... Chuck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Iljitsch van Beijnum And then you'll see your active FTP sessions, SIP calls, RTSP sessions, etc fail.
RE: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
break. It seems like an IPv6-only ISP would need to operate the NAT-PT boxes, and dedicate a block of v4 addresses the size of the expected concurrent online users to the NAT-PT box. Keep in mind that a v6 ISP with 1 million customers won't need a million v4 addresses, for obvious reasons. It's going to be considerably less than if each customer got a v4 address. NAT-PT does seem like a viable short term solution. I'm An IPv6-only ISP with enough IPv4 addresses for its concurrent online users seems strange. Why wouldn't that ISP give those v4 addresses to the online users instead of the NAT-PT box? And why do you call it IPv6-only? Andras
RE: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
-Original Message- From: JAKO Andras [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 03, 2007 8:59 PM To: Church, Charles Cc: nanog@merit.edu Subject: RE: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6) An IPv6-only ISP with enough IPv4 addresses for its concurrent online users seems strange. Why wouldn't that ISP give those v4 addresses to the online users instead of the NAT-PT box? And why do you call it IPv6-only? Andras Because not all users are online at the same time. Think back to the days where you had x number of dialup lines for y number of subscribers. It might be a 2:1 ratio. Maybe more, depending on how many time zones an ISP serves. It's not a huge plus, but once IPv4 content providers can see where x% of their web hits are coming from these NAT-PT blocks, they might be more motivated to go dual-stack. Chuck