| 1 |
On 03/11/2013 06:45 PM, Walter Dnes wrote: |
| 2 |
> On Mon, Mar 11, 2013 at 10:22:39AM +0200, Alan McKinnon wrote |
| 3 |
> |
| 4 |
>> You are being over-simplistic. |
| 5 |
>> |
| 6 |
>> Lack of IPv4 address space *caused* NAT to happen, the two are |
| 7 |
>> inextricably intertwined. |
| 8 |
> |
| 9 |
> Agreed. But we shouldn't be pointing out that NAT has partially |
| 10 |
> solved the problem, and giving people false hope that NAT will solve |
| 11 |
> the shortage problem forever. |
| 12 |
|
| 13 |
The truth of the matter is that it kinda does, for most of these people. |
| 14 |
For most of those for whom it doesn't, there are (and will be) plenty of |
| 15 |
third-party services looking to allow them to throw money at the problem |
| 16 |
for an opaque solution. (It's like sausage; it works, it's nutritious, |
| 17 |
it tastes great...but YMMV if you see how it's made.) |
| 18 |
|
| 19 |
For small businesses for whom the IP shortage already crowded out of |
| 20 |
traditional network management, the Cloud was born. Large businesses |
| 21 |
make a mess of their networks, but hobble along. |
| 22 |
|
| 23 |
So workarounds were developed. What NAT has *done*, though, is force a |
| 24 |
stratification and classification of services, making vast swaths of |
| 25 |
network applications impossible or incredibly niche. |
| 26 |
|
| 27 |
If one doesn't acknowledge the truth of the matter, one gets nailed to |
| 28 |
the wall with it when someone smart enough to consider it brings it up |
| 29 |
as a counterpoint. |
| 30 |
|
| 31 |
> We should be pounding away on the fact that we're running out of IP |
| 32 |
> addresses... period... end of story. If people ask about NAT, then |
| 33 |
> mention that the undersupply will be so bad that even NAT won't |
| 34 |
> help. |
| 35 |
|
| 36 |
In my presentations, I've stopped bothering to wait for people to ask |
| 37 |
about NAT, because it starts off in their minds from nearly the |
| 38 |
beginning--and until they get that question answered, most of what I say |
| 39 |
washes past them as ancillary and not as important as the question |
| 40 |
pressing on their minds. |
| 41 |
|
| 42 |
> |
| 43 |
>> Even worse, people now have NAT conflated with all sorts of other |
| 44 |
>> things. Like for example NAT and security. |
| 45 |
> |
| 46 |
> That's why I wwant to avoid that propaganda battle. It's been lost |
| 47 |
> already. Deal with it. Don't waste time and effort on it. Put your |
| 48 |
> effort into pounding away on a simple issue that people do |
| 49 |
> understand... we're running out of IP addresses. |
| 50 |
|
| 51 |
That's the thing. We're running out, we've *run* out. Past tense. I keep |
| 52 |
pointing to my friend whose ISP hands him RFC1918 addresses as an |
| 53 |
example, because that's just the way things are. I can also point to |
| 54 |
mobile carriers--most local network regions hand out RFC1918 addresses |
| 55 |
for IPv4, which means you're double-NATting if you use your phone to |
| 56 |
share your network connection. |
| 57 |
|
| 58 |
At one point a couple *years* ago, my T-Mobile phone told me it had what |
| 59 |
I thought was a public IPv4 address...but it turned out to be an address |
| 60 |
owned by some security-related branch of the British government who |
| 61 |
didn't advertise routes, and so T-Mobile was able to use British |
| 62 |
government netblocks internally as a kind of extension to RFC1918 space. |
| 63 |
|
| 64 |
Around the same time, a friend's Verizon phone in the area had a legit |
| 65 |
public IPv4 address if and only if he was sharing his network connection |
| 66 |
at that moment...otherwise Verizon would switch him back to an RFC1918 |
| 67 |
address. |
| 68 |
|
| 69 |
So, I say again, we've run out of IPv4 addresses. Past tense. What's |
| 70 |
left after that is to explain why most of the people you'll ever talk to |
| 71 |
don't feel pain from it, and explain to them why their anaesthetic is |
| 72 |
keeping them from realizing their network is paraplegic. |
| 73 |
|
| 74 |
> |
| 75 |
>> NAT is the context of an IPv6 discussion is *very* relevant, it's |
| 76 |
>> one of the points you have to raise to illustrate what bits inside |
| 77 |
>> people's heads needs to be identified and changed. |
| 78 |
>> |
| 79 |
>> Until you change the content of people's heads, IPv6 is just not |
| 80 |
>> going to happen. |
| 81 |
> |
| 82 |
> I disagree with you there. IPV6 adoption will be driven by shortage |
| 83 |
> of addresses, which people can understand. |
| 84 |
|
| 85 |
I agree. The problem is that the IPv4 network as it exists today is |
| 86 |
highly optimized for asymmetric client-server topologies, and the pains |
| 87 |
and breakages will largely go unnoticed or unattributed due to the |
| 88 |
layers upon layers of abstractions, band-aids and jerry-rigging. |
| 89 |
|
| 90 |
As a consequence, it's necessary to help people understand what they're |
| 91 |
missing. |
| 92 |
|
| 93 |
> It will not be accomplished by sermons about the evils of NAT whilst |
| 94 |
> people's eyes glaze over. "A preachment, dear friends, you are about |
| 95 |
> to receive, is on John Barleycorn, Nicotine, and the Temptations of |
| 96 |
> NAT". |
| 97 |
|
| 98 |
I don't tend to encounter peoples' eyes glazing over. All my |
| 99 |
presentations are in Q&A format. There's one guy who's gone to four of |
| 100 |
them, because, as he told me, "it's different every time." |
| 101 |
|
| 102 |
> |
| 103 |
> And if it comes down to it, I'd much rather have IPV6 with IPV6 NAT |
| 104 |
> being available, rather than no IPV6. |
| 105 |
|
| 106 |
Sure. I think IPv6 NAT has its place, but I personally feel it should be |
| 107 |
done above layer 3, in application-layer gateways. If you're in a |
| 108 |
scenario where you need IPv6 NAT, you're almost certainly in a scenario |
| 109 |
where you would benefit from the additional features an ALG would give you. |
Archives