1 |
On 03/11/2013 06:45 PM, Walter Dnes wrote: |
2 |
> On Mon, Mar 11, 2013 at 10:22:39AM +0200, Alan McKinnon wrote |
3 |
> |
4 |
>> You are being over-simplistic. |
5 |
>> |
6 |
>> Lack of IPv4 address space *caused* NAT to happen, the two are |
7 |
>> inextricably intertwined. |
8 |
> |
9 |
> Agreed. But we shouldn't be pointing out that NAT has partially |
10 |
> solved the problem, and giving people false hope that NAT will solve |
11 |
> the shortage problem forever. |
12 |
|
13 |
The truth of the matter is that it kinda does, for most of these people. |
14 |
For most of those for whom it doesn't, there are (and will be) plenty of |
15 |
third-party services looking to allow them to throw money at the problem |
16 |
for an opaque solution. (It's like sausage; it works, it's nutritious, |
17 |
it tastes great...but YMMV if you see how it's made.) |
18 |
|
19 |
For small businesses for whom the IP shortage already crowded out of |
20 |
traditional network management, the Cloud was born. Large businesses |
21 |
make a mess of their networks, but hobble along. |
22 |
|
23 |
So workarounds were developed. What NAT has *done*, though, is force a |
24 |
stratification and classification of services, making vast swaths of |
25 |
network applications impossible or incredibly niche. |
26 |
|
27 |
If one doesn't acknowledge the truth of the matter, one gets nailed to |
28 |
the wall with it when someone smart enough to consider it brings it up |
29 |
as a counterpoint. |
30 |
|
31 |
> We should be pounding away on the fact that we're running out of IP |
32 |
> addresses... period... end of story. If people ask about NAT, then |
33 |
> mention that the undersupply will be so bad that even NAT won't |
34 |
> help. |
35 |
|
36 |
In my presentations, I've stopped bothering to wait for people to ask |
37 |
about NAT, because it starts off in their minds from nearly the |
38 |
beginning--and until they get that question answered, most of what I say |
39 |
washes past them as ancillary and not as important as the question |
40 |
pressing on their minds. |
41 |
|
42 |
> |
43 |
>> Even worse, people now have NAT conflated with all sorts of other |
44 |
>> things. Like for example NAT and security. |
45 |
> |
46 |
> That's why I wwant to avoid that propaganda battle. It's been lost |
47 |
> already. Deal with it. Don't waste time and effort on it. Put your |
48 |
> effort into pounding away on a simple issue that people do |
49 |
> understand... we're running out of IP addresses. |
50 |
|
51 |
That's the thing. We're running out, we've *run* out. Past tense. I keep |
52 |
pointing to my friend whose ISP hands him RFC1918 addresses as an |
53 |
example, because that's just the way things are. I can also point to |
54 |
mobile carriers--most local network regions hand out RFC1918 addresses |
55 |
for IPv4, which means you're double-NATting if you use your phone to |
56 |
share your network connection. |
57 |
|
58 |
At one point a couple *years* ago, my T-Mobile phone told me it had what |
59 |
I thought was a public IPv4 address...but it turned out to be an address |
60 |
owned by some security-related branch of the British government who |
61 |
didn't advertise routes, and so T-Mobile was able to use British |
62 |
government netblocks internally as a kind of extension to RFC1918 space. |
63 |
|
64 |
Around the same time, a friend's Verizon phone in the area had a legit |
65 |
public IPv4 address if and only if he was sharing his network connection |
66 |
at that moment...otherwise Verizon would switch him back to an RFC1918 |
67 |
address. |
68 |
|
69 |
So, I say again, we've run out of IPv4 addresses. Past tense. What's |
70 |
left after that is to explain why most of the people you'll ever talk to |
71 |
don't feel pain from it, and explain to them why their anaesthetic is |
72 |
keeping them from realizing their network is paraplegic. |
73 |
|
74 |
> |
75 |
>> NAT is the context of an IPv6 discussion is *very* relevant, it's |
76 |
>> one of the points you have to raise to illustrate what bits inside |
77 |
>> people's heads needs to be identified and changed. |
78 |
>> |
79 |
>> Until you change the content of people's heads, IPv6 is just not |
80 |
>> going to happen. |
81 |
> |
82 |
> I disagree with you there. IPV6 adoption will be driven by shortage |
83 |
> of addresses, which people can understand. |
84 |
|
85 |
I agree. The problem is that the IPv4 network as it exists today is |
86 |
highly optimized for asymmetric client-server topologies, and the pains |
87 |
and breakages will largely go unnoticed or unattributed due to the |
88 |
layers upon layers of abstractions, band-aids and jerry-rigging. |
89 |
|
90 |
As a consequence, it's necessary to help people understand what they're |
91 |
missing. |
92 |
|
93 |
> It will not be accomplished by sermons about the evils of NAT whilst |
94 |
> people's eyes glaze over. "A preachment, dear friends, you are about |
95 |
> to receive, is on John Barleycorn, Nicotine, and the Temptations of |
96 |
> NAT". |
97 |
|
98 |
I don't tend to encounter peoples' eyes glazing over. All my |
99 |
presentations are in Q&A format. There's one guy who's gone to four of |
100 |
them, because, as he told me, "it's different every time." |
101 |
|
102 |
> |
103 |
> And if it comes down to it, I'd much rather have IPV6 with IPV6 NAT |
104 |
> being available, rather than no IPV6. |
105 |
|
106 |
Sure. I think IPv6 NAT has its place, but I personally feel it should be |
107 |
done above layer 3, in application-layer gateways. If you're in a |
108 |
scenario where you need IPv6 NAT, you're almost certainly in a scenario |
109 |
where you would benefit from the additional features an ALG would give you. |