Recovering three-quarters of an /8 delays the moment of truth by less
than a month. Work hard and you might gain a year or even more, but
would that year really make a difference?
And that is why there will never be a market for IPv4 addresses. Any
trading activity can only ever buy a few
[EMAIL PROTECTED] wrote:
Can you show me real examples of an RIR repossessing address
space? If
so, what is stopping them from reclaiming some of those /8s?
ARIN regularly repossesses address space according to their treasurer.
Can you show me real examples of an RIR repossessing address
space? If
so, what is stopping them from reclaiming some of those /8s?
ARIN regularly repossesses address space according to their treasurer.
http://lists.arin.net/pipermail/ppml/2007-March/006129.html
This fact is well known to
On Wed, Mar 14, 2007 at 04:31:40PM -0800, David Morris wrote:
So I got curious and checked the 'current' list. Looks to me like the
question revolving around MIT is small potatoes compared with some
other organizations ... HP now owns two /8 blocks ... their own and DECs.
HP is down
Darryl \(Dassa\) Lynch writes:
Hallam-Baker, Phillip wrote:
There is a major difference between a NAT box plugged into
the real Internet and a NAT box plugged into another NAT
box. It is a pretty ugly one for the residential user.
I'm afraid it is already happening on a large scale in some
Tony Hain writes:
On top of that look closely at the graph I referenced yesterday and
you will note that the RIPE region is burning through space the
fastest. The last I looked Geoff's numbers showed the APnic region
having the fastest growth in the routing system, so where are all
those
]
Sent: Friday, March 09, 2007 11:16 PM
To: ietf@ietf.org
Subject: RE: NATs as firewalls
From: David Morris [mailto:[EMAIL PROTECTED] On Fri, 9 Mar 2007, Nick
Staff wrote:
I think the thing that would help IPv6 the most would be
the setting
of a
hard date when no new IPv4
On Mar 9, 2007, at 10:17 PM, David Morris wrote:
In the low end bandwidth space I play, a extra 192 bits on every
packet is significant to end user performance. As others have
noted, it seems like the fairly effective anti-spam technique of
associating reputations with network addresses
.
NAT sucks.
You suck.
/http://arstechnica.com/articles/paedia/ipv6.ars
-Thomas Gal
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 08, 2007 4:16 AM
To: [EMAIL PROTECTED]
Cc: ietf@ietf.org
Subject: Re: NATs as firewalls
On Thu, Mar 08, 2007 at 10:41:02AM -0800,
Hallam-Baker, Phillip [EMAIL PROTECTED] wrote
a message of 115 lines which said:
OK lets try code, at the moment to start up a TCP socket you have
code of the form:
In C. In every other language I know, it is at a much higher
level. (Even in C,
Cc: Harald Tveit Alvestrand; ietf@ietf.org
Subject: Re: DNS role (RE: NATs as firewalls, cryptography,
and curbing DDoS threats.)
Ah. Well I always learnt that an IP network was a
connectionless network. Maybe you'd like to define what you
mean by a connection.
Brian
On 2007-03-08 14:42
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
I still believe that the time is right for an IETF WG to define SOHO
gateway requirements for IPv6 networks because IPv4 wind-down will
cause
more people to take a serious look at how and why to deploy IPv6. One
single good idea in a SOHO
On Fri, 9 Mar 2007, Nick Staff wrote:
I think the thing that would help IPv6 the most would be the setting of a
hard date when no new IPv4 addresses would be issued. This would make it
real for everyone and ignite the IPv6/IPv4 gateway market (I think). Not to
mention we'd never have to
: Friday, March 09, 2007 11:18 AM
To: Nick Staff
Cc: ietf@ietf.org
Subject: RE: NATs as firewalls
On Fri, 9 Mar 2007, Nick Staff wrote:
I think the thing that would help IPv6 the most would be
the setting
of a hard date when no new IPv4 addresses would be issued.
This would
make
[EMAIL PROTECTED] wrote:
On Thu, Mar 08, 2007 at 11:22:05AM -, [EMAIL PROTECTED] wrote:
In any case, I don't have any examples to present since most of the
reclamation that has been done over the past few years was done
without
any fanfare. The RIRs and the organizations involved are
Nick Staff wrote:
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
I still believe that the time is right for an IETF WG to define SOHO
gateway requirements for IPv6 networks because IPv4 wind-down will
cause
more people to take a serious look at how and why to deploy IPv6. One
single
On Mar 9, 2007, at 2:41 AM, Brian E Carpenter wrote:
Phill,
I'm not playing with words. The style of 'connection' involved in a
SIP session with proxies is very different from that of a classical
TCP session or a SOAP/HTTP/TCP session, or something using SCTP for
some signalling
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
We have IPv6 Locally Assigned Local Addresses.
Doesn't this presume that if people used these locally assigned
addresses they would then NAT to a public address space?
I think the main thing folks might miss is that a lot of people really
For better or worse, the centralized means of control you mention
may well come in the form of
the latest IPTV networks being built by large telco providers. As
telco battles cable for couch
potatoes, they've realized that mucking with television reception is
perhaps the best way to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I think the main thing folks might miss is that a lot of people really
want all of this on a single address--while having multiple addresses
concurrent on a single machine is acceptable for larger machines,
specifically servers, having multiples
From: David Morris [mailto:[EMAIL PROTECTED]
On Fri, 9 Mar 2007, Nick Staff wrote:
I think the thing that would help IPv6 the most would be the setting
of a
hard date when no new IPv4 addresses would be issued. This would
make it
real for everyone and ignite the IPv6/IPv4 gateway
Well we don't yet know that the FCC deadline will actually stick when
society recognizes that many folks of low economic means are suddenly
w/o TV.
Secondly, the FCC's span of control is geographic ... not quite the same
as dictating an end to IPV4 addresses on a world wide basis.
In the low end
On 2007-03-08 02:06, Hallam-Baker, Phillip wrote:
OK I will restate.
All connection initiation should be exclusively mediated through the DNS and
only the DNS.
Would that include connections to one's DHCP server, SLP server, default
gateway,
and DNS server?
Hmm...
Brian
IPv6 is not inevitable, the issue is how to make it so.
Yes, and I believe that the way to make it so is to define the standard
for connecting to the IPv6 Internet. That standard should NOT be to
connect a computer via dialup modem or to connect a computer via its USB
port. Instead, it should
Can you show me real examples of an RIR repossessing
address space? If
so, what is stopping them from reclaiming some of those /8s?
The legal costs... While ARIN would have one hell of a court
battle trying
to reclaim 18/8, the MIT Office of the President would have no trouble
Also this appears to be tied to the US business model where the ISP
supplies you with the box and you don't get to change it (or
even own it).
For example in the UK we are already down the path of selling
such a DSL
+ NAT/fireewall + router box (I have one here) but the ISP
just sells
One approach for name based authorization would place an encoded
hash label of the domain name being authorized within the
authorizing
domain. Client validation can be as simple as resolving the name of
the client, where this name can then be utilized in conjunction with
a name
On Thu, Mar 08, 2007 at 11:22:05AM -, [EMAIL PROTECTED] wrote:
In any case, I don't have any examples to present since most of the
reclamation that has been done over the past few years was done without
any fanfare. The RIRs and the organizations involved are really the only
ones who
PROTECTED]
Sent: Thursday, March 08, 2007 5:13 AM
To: Hallam-Baker, Phillip
Cc: Harald Tveit Alvestrand; ietf@ietf.org
Subject: Re: DNS role (RE: NATs as firewalls, cryptography,
and curbing DDoS threats.)
On 2007-03-08 02:06, Hallam-Baker, Phillip wrote:
OK I will restate.
All connection
A prediction: Sooner or later, IPv4 addresses become so scarce that
renting a colo server with IPv4 becomes more expensive than IPv6. When
that happens, a few NAT-hating spoilsports will set up the first few
IPv6-only servers and a year later, the transition to IPv6 starts.
I wonder what kind
On 8-Mar-2007, at 10:17, Arnt Gulbrandsen wrote:
A prediction: Sooner or later, IPv4 addresses become so scarce that
renting a colo server with IPv4 becomes more expensive than IPv6.
When that happens, a few NAT-hating spoilsports will set up the
first few IPv6-only servers and a year
On Mar 8, 2007, at 2:13 AM, Brian E Carpenter wrote:
On 2007-03-08 02:06, Hallam-Baker, Phillip wrote:
OK I will restate. All connection initiation should be exclusively
mediated through the DNS and only the DNS.
Would that include connections to one's DHCP server, SLP server,
default
Harald Tveit Alvestrand wrote:
In my opinion, we should never introduce any function that involves the
DNS where:
- the answer is required to be different for different requestors
- the answer has to be different at two times separated by less than
~seconds
- a temporary failure of the
On Mar 6, 2007, at 1:39 PM, Jeff Young wrote:
For better or worse, the centralized means of control you mention
may well come in the form of the latest IPTV networks being built
by large telco providers. As telco battles cable for couch
potatoes, they've realized that mucking with
Klensin
Cc: ietf@ietf.org
Subject: Re: NATs as firewalls
John,
(after also reading Michael's response)
I don't disagree. I think there is scope for writing a list of
desirable properties for SOHO routers in the light of these
various inputs. I'm less certain it can be done
is a crisis to force action. That will occur sometime after
2010 when they need more than they already have and find that
the lease price per IPv4 address per day has been moving up
from its current averages of $1/day or $5/day depending on
contract length (a price service providers seem
[EMAIL PROTECTED] wrote:
is a crisis to force action. That will occur sometime after
2010 when they need more than they already have and find that
the lease price per IPv4 address per day has been moving up
from its current averages of $1/day or $5/day depending on
contract length (a price
(off list)
--On Tuesday, 06 March, 2007 15:46 -0800 Tony Hain
[EMAIL PROTECTED] wrote:
While I agree with Brian that the enterprise draft will be
difficult, I also believe the SOHO one will be virtually
impossible to get agreement over.
I agree, although I think we might disagree a bit about
--On Wednesday, 07 March, 2007 09:55 + [EMAIL PROTECTED]
wrote:
...
Also, even though there are only 3 years supply left in IANA,
to date none of the RIRs have changed their allocation policies
to deal with wind-down of IPv4 space or scarcity. Certainly
in some regions, there is the
: Wednesday, March 07, 2007 9:09 AM
To: [EMAIL PROTECTED]
Cc: ietf@ietf.org
Subject: RE: NATs as firewalls
(off list)
--On Tuesday, 06 March, 2007 15:46 -0800 Tony Hain
[EMAIL PROTECTED] wrote:
While I agree with Brian that the enterprise draft will be
difficult,
I also believe
--On Wednesday, 07 March, 2007 08:07 -0800 Hallam-Baker,
Phillip [EMAIL PROTECTED] wrote:
I agree with John's analysis of the constraints here.
[skipping the conjectures about US politics -- it is a much
longer discussion that isn't clearly suitable for the IETF list]
The ISPs face costs
(i) there is every reason to expect a run on remaining
addresses at some point, whether induced by public
coverage, larcenous providers, ISP or RIR anxieties,
or something else.
In other words HIGH PUBLIC PROFILE. Interestingly, this roughly
coincides with increased
From: John C Klensin [mailto:[EMAIL PROTECTED]
And, when I conclude that IPv6 is inevitable
(unless someone comes up with another scheme for global
unique addresses RSN),
Here we disagree, I don't think that IPv6 is inevitable. When I model the
pressures on the various parties in the
The idea that the US is not affected by IPv4 address space exhaustion is a
canard. The US runs out of addresses the same day as everywhere else.
US organizations are certainly over-represented in the list of organizations
holding underutilized IPv4 address blocks. But the fact that MIT has net
Eliot Lear wrote:
[EMAIL PROTECTED] wrote:
is a crisis to force action. That will occur sometime after
2010 when they need more than they already have and find that
the lease price per IPv4 address per day has been moving up
from its current averages of $1/day or $5/day depending on
JFC Morfin wrote:
Dear Phillip,
I do not think USA will have any say into this. For several reasons.
They are the last to be harmed by IPv4 addresses shortage and most
probably the home of the addressquatters.
This is BS that just has to stop. The ARIN region continues to burn through
~30%
On Mar 7, 2007, at 9:01 AM, John C Klensin wrote:
It is true that I tend to be pessimistic about changes to deployed
applications that can't be sold in terms of clear value. I'm
also negative about changing the architecture to accommodate short-
term problems. As examples of the latter,
On Mar 7, 2007, at 11:38 AM, Elwyn Davies wrote:
Also this appears to be tied to the US business model where the ISP
supplies you with the box and you don't get to change it (or even
own it).
Do they do that in the US? I'm not aware of it...
Hallam-Baker, Phillip wrote:
From: John C Klensin [mailto:[EMAIL PROTECTED]
And, when I conclude that IPv6 is inevitable (unless someone comes
up with another scheme for global unique addresses RSN),
Here we disagree, I don't think that IPv6 is inevitable.
When I model the pressures on
layer beneath it.
-Original Message-
From: Douglas Otis [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 07, 2007 2:33 PM
To: John C Klensin
Cc: ietf@ietf.org
Subject: Re: NATs as firewalls, cryptography, and curbing
DDoS threats.
On Mar 7, 2007, at 9:01 AM, John C Klensin
as the end-to-end signalling infrastructure rather than
viewing this as being shared between the DNS and the IP layer beneath it.
-Original Message-
From: Douglas Otis [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 07, 2007 2:33 PM
To: John C Klensin
Cc: ietf@ietf.org
Subject: Re: NATs
On Mar 7, 2007, at 3:00 PM, Harald Tveit Alvestrand wrote:
Here I was thinking that the DNS needs to be an useful name lookup
service for the Internet to function, and now PHB tells me it's a
signalling layer.
Either I have seriously misunderstood the nature of signalling,
seriously
:53 PM
To: ietf@ietf.org
Subject: RE: NATs as firewalls
Hallam-Baker, Phillip wrote:
From: John C Klensin [mailto:[EMAIL PROTECTED]
And, when I conclude that IPv6 is inevitable (unless
someone comes
up with another scheme for global unique addresses RSN),
Here we disagree, I
On Wednesday, March 07, 2007 04:23:20 PM -0800 Hallam-Baker, Phillip
[EMAIL PROTECTED] wrote:
We do need to revise the architecture description. Using IP addresses as
implicit signalling
You keep using that word. I do not think it means what you think it means.
Another instance that
07, 2007 6:01 PM
To: Hallam-Baker, Phillip
Cc: ietf@ietf.org
Subject: DNS role (RE: NATs as firewalls, cryptography, and
curbing DDoS threats.)
Here I was thinking that the DNS needs to be an useful name
lookup service for the Internet to function, and now PHB
tells me it's a signalling
Wildcards are not permitted in the new Extended Validation certificates.
-Original Message-
From: Jeffrey Hutzelman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 07, 2007 7:59 PM
To: Hallam-Baker, Phillip; ietf@ietf.org
Cc: Jeffrey Hutzelman
Subject: RE: NATs as firewalls
On Thu, 8 Mar 2007, Darryl (Dassa) Lynch wrote:
Hallam-Baker, Phillip wrote:
From: John C Klensin [mailto:[EMAIL PROTECTED]
There is a major difference between a NAT box plugged into
the real Internet and a NAT box plugged into another NAT
box. It is a pretty ugly one for the
On Thu, 8 Mar 2007, Darryl (Dassa) Lynch wrote:
Hallam-Baker, Phillip wrote:
From: John C Klensin [mailto:[EMAIL PROTECTED]
There is a major difference between a NAT box plugged into
the real Internet and a NAT box plugged into another NAT
box. It is a pretty ugly one for the
--On Wednesday, 07 March, 2007 10:14 -0800 Hallam-Baker,
Phillip [EMAIL PROTECTED] wrote:
...
IPv6 is not inevitable, the issue is how to make it so. I
believe that we need a branding scheme that tells the user
that they are getting a next generation Internet hookup, that
they have a next
--On 7. mars 2007 17:06 -0800 Hallam-Baker, Phillip [EMAIL PROTECTED]
wrote:
OK I will restate.
All connection initiation should be exclusively mediated through the DNS
and only the DNS.
OK, I'll restate too.
In my opinion, we should never introduce any function that involves the DNS
How do we establish the political coalition necessary to act?
1. Form a political coalition.
2. Get an existing coalition such as MAAWG to take on the work.
3. Get the USISPA to take on the work http://www.usispa.org/
4. Get the USIIA to take on the work http://www.usiia.org/
5. Get the USISPA,
On Mar 5, 2007, at 5:51 PM, Hallam-Baker, Phillip wrote:
Quite, the technical part of my proposal is essentially a
generalization of the emergent principle of port 25 blocking. While
people were doing this before SUBMIT was proposed the SUBMIT
proposal made it possible to do so without
No real disagreement here but I do see a way forward.
First, clarify the
terminology. Second publish a pair of RFCs rather like 1009 entitled
Requirements for Consumer Internet Gateways and Requirements for
Enterprise Internet Gateways.
Are you aware of RFC 4084 Terminology for
Noel,
On 2007-03-04 22:36, Noel Chiappa wrote:
From: Brian E Carpenter [EMAIL PROTECTED]
the problems that NAT causes, and that having suffcient address space
(a.k.a. IPv6) solves
This comment seems to posit that insufficient address space is the only thing
driving deployment
John,
(after also reading Michael's response)
I don't disagree. I think there is scope for writing a list of
desirable properties for SOHO routers in the light of these
various inputs. I'm less certain it can be done for enterprise
boundary routers. But it would be a tricky and contentious job
--On Monday, 05 March, 2007 11:44 +0100 Brian E Carpenter
[EMAIL PROTECTED] wrote:
John,
(after also reading Michael's response)
I don't disagree. I think there is scope for writing a list of
desirable properties for SOHO routers in the light of these
various inputs. I'm less certain
From: Noel Chiappa [mailto:[EMAIL PROTECTED]
From: Brian E Carpenter [EMAIL PROTECTED]
the problems that NAT causes, and that having suffcient
address space
(a.k.a. IPv6) solves
This comment seems to posit that insufficient address space
is the only thing driving
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
IPv6 is also a technology refresh, i.e. it forces vendors to
reimplement their boxes. It forces people to buy new systems.
If the only thing that they get is a new protocol with wider
addresses, then they will see this as a generally
From: Brian E Carpenter [mailto:[EMAIL PROTECTED]
John,
(after also reading Michael's response)
I don't disagree. I think there is scope for writing a list
of desirable properties for SOHO routers in the light of
these various inputs. I'm less certain it can be done for
enterprise
--On Monday, 05 March, 2007 09:15 -0800 Hallam-Baker, Phillip
[EMAIL PROTECTED] wrote:
From: Brian E Carpenter [mailto:[EMAIL PROTECTED]
John,
(after also reading Michael's response)
I don't disagree. I think there is scope for writing a list
of desirable properties for SOHO
We have IPv6 Locally Assigned Local Addresses.
Doesn't this presume that if people used these locally assigned
addresses they would then NAT to a public address space?
No. Locally Assigned Local Addresses are for talking to
other machines within the locally assigned
From: John C Klensin [mailto:[EMAIL PROTECTED]
--On Monday, 05 March, 2007 09:15 -0800 Hallam-Baker, Phillip
[EMAIL PROTECTED] wrote:
While I have disagreed with many of the other things Phillip
has said in this thread, I am in complete agreement with this
one and taken much the same
Michael,
On 2007-03-02 16:19, [EMAIL PROTECTED] wrote:
...
No real disagreement here but I do see a way forward. First, clarify the
terminology. Second publish a pair of RFCs rather like 1009 entitled
Requirements for Consumer Internet Gateways and Requirements for
Enterprise Internet Gateways.
On 2007-03-02 17:09, Hallam-Baker, Phillip wrote:
From: Brian E Carpenter [mailto:[EMAIL PROTECTED]
This is of course one of the major motivations for
draft-ietf-v6ops-nap-06.txt, which is now in the RFC Editor's
queue. While it doesn't tell SOHO gateway vendors exactly
what to do, it does
From: Brian E Carpenter [EMAIL PROTECTED]
the problems that NAT causes, and that having suffcient address space
(a.k.a. IPv6) solves
This comment seems to posit that insufficient address space is the only thing
driving deployment of NATs (other than the modestly effective
--On Sunday, 04 March, 2007 20:05 +0100 Brian E Carpenter
[EMAIL PROTECTED] wrote:
Michael,
On 2007-03-02 16:19, [EMAIL PROTECTED] wrote:
...
No real disagreement here but I do see a way forward. First,
clarify the terminology. Second publish a pair of RFCs rather
like 1009 entitled
From: Brian E Carpenter [EMAIL PROTECTED]
the problems that NAT causes, and that having suffcient address space
(a.k.a. IPv6) solves
This comment seems to posit that insufficient address space is the only thing
driving deployment of NATs (other than the modestly effective
On Mar 4, 2007, at 11:11 AM, Brian E Carpenter wrote:
But irrelevant - the problems that NAT causes, and that having
sufficient address space (a.k.a. IPv6) solves, are orthogonal to
security. That is the whole point in this thread.
Of course stateful firewalls and NATs offer protection,
On 2007-03-01 18:57, John C Klensin wrote:
...
I continue to believe that, until and unless we come up with
models that can satisfy the underlying problems that NATs
address in the above two cases and implementations of those
models in mass-market hardware, NATs are here to stay, even if
we
(2) NATs provide a huge advantage for customer support
organizations of ISPs supporting such lower-end (in terms of
financial returns, at least) connections. With a standardized
NAT setup, the setups of all of their customers are pretty much
the same, including the address ranges used by
From: Brian E Carpenter [mailto:[EMAIL PROTECTED]
This is of course one of the major motivations for
draft-ietf-v6ops-nap-06.txt, which is now in the RFC Editor's
queue. While it doesn't tell SOHO gateway vendors exactly
what to do, it does I think make it clear that there is a
secure
Paul,
Without going down the NAThole my real intent here is simply to motivate
people who think they're bad to please look at the management
complexities of renumbering. I know I am looking.
Eliot
___
Ietf mailing list
Ietf@ietf.org
--On Thursday, 01 March, 2007 08:07 -0800 Paul Hoffman
[EMAIL PROTECTED] wrote:
On a thread now unrelated to the topic of NATs,
At 9:42 AM +0100 3/1/07, Eliot Lear wrote:
With IPv4 the impetus for NAT was a combination of address
exhaustion concerns and routing issues.
It is far
On Mar 1, 2007, at 9:57 AM, John C Klensin wrote:
I continue to believe that, until and unless we come up with models
that can satisfy the underlying problems that NATs address in the
above two cases and implementations of those models in mass-market
hardware, NATs are here to stay, even
84 matches
Mail list logo
