1 |
On 03/11/2013 07:09 PM, Kevin Chadwick wrote: |
2 |
>> No, there was simply no useful result that came up. Incidentally, |
3 |
>> both links you provide *did* come up...but I dismissed them |
4 |
>> because I couldn't imagine anyone using them as a reference except |
5 |
>> in trying to deride Henning Brauer. |
6 |
>> |
7 |
>>> |
8 |
>>> http://marc.info/?l=openbsd-misc&m=129666298029771&w=2 |
9 |
>> |
10 |
>> He goes from advocating NAT444 to a spew of pejoratives about |
11 |
>> something. NAT444 is one of the nastiest, user-disempowering |
12 |
>> things to hit the Internet to date. The rest of this email is him |
13 |
>> bitching about having to parse CIDR notation. |
14 |
>> |
15 |
> |
16 |
> How disengenuous. He certainly doesn't. |
17 |
|
18 |
Advocacy of NAT444: |
19 |
|
20 |
" who sez that your made up isp has to hand out network-wide unique IPs |
21 |
" to his customers? |
22 |
|
23 |
Bitching about having to parse CIDR: |
24 |
|
25 |
" look at the oh so bright future yourself, look at the code required to |
26 |
" deal with that misdesigned piece of shit. |
27 |
" did i just say "designed"? sorry. it's obvious that nothing remotely |
28 |
" related to design was involved. |
29 |
|
30 |
|
31 |
> Did you miss the sarcasm. |
32 |
|
33 |
Pretty sure I didn't. |
34 |
|
35 |
> The only reason he advocates is because others using it allow him to |
36 |
> keep running ipv4 pure networks. |
37 |
|
38 |
That's some useful context. |
39 |
|
40 |
> |
41 |
> After that I'm sure you can forgive me if I note him to have |
42 |
> absolutely no reason to be biased and give him a bit more credit and |
43 |
> take his experience of writing one of the best and widely used |
44 |
> interrupt driven firewalls and so code to deal with ipv6, helping |
45 |
> get the netqmail patch sorted and runs his own decent sized network |
46 |
|
47 |
So he's a smart guy with a decent amount of experience. That doesn't |
48 |
make him right. |
49 |
|
50 |
Let me tell you about a similar guy I know. Let's start with my |
51 |
biological father. He started programming as a kid when he got his hands |
52 |
on a 6802 evaluation board, wrote his own operating systems, had a hand |
53 |
in designing the bar code format the US postal service uses for sorting |
54 |
and routing, and provided the local municipality with its first remote |
55 |
electronic monitoring of its water tower. He was one of the first people |
56 |
to jump into Windows NT, with Windows NT 3.51, as he understood the |
57 |
value the NT kernel offered over the DOS-based versions of Windows. |
58 |
|
59 |
He was quite a guy. But he wasn't always right. He *hated* the |
60 |
transition from MFM to IDE drives, as he wasn't able to perform the |
61 |
kinds of diagnostics he wanted to. Once he latched on to Windows NT, he |
62 |
never let go of Microsoft for a second. He didn't see a point to POSIX, |
63 |
UNIX or Linux, and I was never able to get him interested. With the |
64 |
exception of things written or distributed by Microsoft, he never used |
65 |
third-party tools, and had to write everything from the ground-up the |
66 |
way he wanted it. When given specs by other people, he would hand them a |
67 |
product that was what he thought they needed, not what they asked for. |
68 |
He further never felt the need to work with or learn from anyone else in |
69 |
his field. |
70 |
|
71 |
He's brilliant. Quite literally an accomplished genius...but once he got |
72 |
it in his head that he knew what needed to be known, there wasn't room |
73 |
for much new, and there wasn't room for much new. I've tried working |
74 |
with him in architecting web services, and I couldn't. He rejected the |
75 |
idea of using any existing data serialization or transport format, |
76 |
because it wouldn't be as efficient as something he could write. His |
77 |
system architecture relied on a central synchronous component, but the |
78 |
goal of the system was supposed to support scaling. (It couldn't.) |
79 |
|
80 |
Just because he was amazing and awesome among his contemporaries in the |
81 |
past doesn't say anything about his relative skill and knowledge in the |
82 |
present. |
83 |
|
84 |
|
85 |
> over yours who I am sure is genuine but could well be partial to |
86 |
> ipv6 because as you say you teach setting up ipv6 networks. |
87 |
|
88 |
You need to analyze things on their technical merits, not just on who |
89 |
says them. I won't ask someone to use IPv6 where it's inappropriate. I |
90 |
do believe in pragmatic solutions (systemd and merged /usr |
91 |
notwithstanding ;) ). I don't generally hold for Ludditism. |
92 |
|
93 |
If someone wants to actively reject a technology, I'd like to at least |
94 |
make sure it's for the right reasons. |
95 |
|
96 |
> |
97 |
> http://marc.info/?l=openbsd-misc&m=124536321827774&w=2 |
98 |
|
99 |
True enough. And since we're there, it's critical that people learn how |
100 |
to handle their problems. |
101 |
|
102 |
> |
103 |
>>> |
104 |
>>> http://marc.info/?l=openbsd-misc&m=135325826302392&w=2 |
105 |
>>> |
106 |
>> |
107 |
>> This email has absolutely no technical content whatsoever. |
108 |
> |
109 |
> Did you not follow the threads? |
110 |
|
111 |
No. If you want me to read something, you need to point at what I should |
112 |
read. You didn't indicate I should be reading a thread (as opposed to an |
113 |
individual message...) |
114 |
|
115 |
> |
116 |
> I couldn't find the juicier threads about client troubles due to |
117 |
> added complexity but here's some relevent ones and many by very |
118 |
> competent devs. (and if I'm honest who tend to shadow every other |
119 |
> list I've come across so far as long as you are not timid and can |
120 |
> take a hit, though Gentoo is up there). |
121 |
> |
122 |
> http://marc.info/?l=openbsd-misc&m=128822984018595&w=2 |
123 |
|
124 |
Re: ARP -- Sure, they don't like ND. That's fine; we covered that earlier. |
125 |
|
126 |
Re: IPv6 routing -- That's, er, pretty comfortably solved. For a *long* |
127 |
time. About the only real problem right now is the spat between a couple |
128 |
of the tier 1 backbones...but that's not a problem with IPv6 per se. |
129 |
|
130 |
Re: Sockaddr size and alignment...I don't see the problem; alignment and |
131 |
padding is de jure in software development these days, if only for |
132 |
performance reasons. That said, |
133 |
|
134 |
> http://marc.info/?l=openbsd-misc&m=135325736302228&w=2 |
135 |
|
136 |
Peltola is making arguments I've never heard discussed in practice, and |
137 |
Brauer is rightfully reading him the riot act. |
138 |
|
139 |
> http://marc.info/?l=openbsd-misc&m=128825496411711&w=2 |
140 |
|
141 |
Honestly, if they set up a donation drive, I'm willing to bet they could |
142 |
have pulled together enough money to get in. However, they either didn't |
143 |
think of this, didn't think they could pull together enough money, or |
144 |
didn't really want to have to associate with the committees they're so |
145 |
angry with. (I think it's most likely a combination of those last two.) |
146 |
|
147 |
> http://marc.info/?l=openbsd-misc&m=129665675320651&w=2 |
148 |
|
149 |
Here, Brauer is advocating something that's not really possible (AFAIK) |
150 |
per ARIN, APNIC, LAPNIC and RIPE policies. |
151 |
|
152 |
It'd start with "Hey, APNIC, we see you haven't been assigning many |
153 |
netblocks. We're going to take a few of those back." |
154 |
|
155 |
For ARIN, LAPNIC and RIPE, it'd be "Hey, entity that paid for a |
156 |
perpetual license to that net block. We don't think you're using your |
157 |
address space efficiently enough, so we're going to take some of those |
158 |
blocks back." |
159 |
|
160 |
That'd go over *real* well. Start with holding back technological |
161 |
development on Africa, continue with making it uncertain whether or not |
162 |
one gets to keep their IP range after they've paid for it. I can just |
163 |
picture all the rule lawyering and metric gaming as IP block holders |
164 |
examine qualification rules and contort their networks to behave less |
165 |
efficiently (but more efficiently per the qual rules!) so things hold |
166 |
together. |
167 |
|
168 |
> http://marc.info/?l=openbsd-misc&m=135111069427240&w=2 |
169 |
|
170 |
" Ha ha ha ha, this will work for a single host but how will you manage |
171 |
" multiple ones. Bonus question, how do you think the host router with " |
172 |
no knowledge of the underlying network topology will choose a route? |
173 |
|
174 |
To start with, RAs include route preference metrics as well as route |
175 |
packing; the network router can not only declare the prefix it's |
176 |
responsible for, but it can also announce that it has more-specific |
177 |
routes for other address ranges, too. I use this at home, where I've |
178 |
given my wired network and my wireless network different /64s out of the |
179 |
same /48. The RA for my wired network also announces that the router has |
180 |
a specific route for the /64 for the wireless network, and the RA for |
181 |
the wireless network announces that the router has a specific route for |
182 |
the /64 for the wired network. |
183 |
|
184 |
Basically, the host router has as much topology knowledge as the |
185 |
router's RA is configured to include. |
186 |
|
187 |
Claudo goes on to assert that SCTP is over-engineered. I guess that |
188 |
might be true if you believe that separate UDP and TCP streams are |
189 |
sufficient...but I've had to cope with scenarios where they aren't. SCTP |
190 |
solves problems that exist in the real world. |
191 |
|
192 |
He then goes on to assert that end hosts can't handle the truth of the |
193 |
network around them. I don't buy it... |
194 |
|
195 |
> http://marc.info/?l=openbsd-misc&m=135110983026959&w=2 |
196 |
|
197 |
RIPE's allocation policy was screwy. OK, sure. Not sure what that has to |
198 |
do with anything. |
199 |
|
200 |
> http://marc.info/?l=openbsd-misc&m=135110833526455&w=2 |
201 |
|
202 |
" As someone working for a 'Carrier' vendor - I can tell you straight |
203 |
" up that LSN(Large Scale) or CGN(Carrier Grad) NAT are big sell points |
204 |
" (i.e customers are asking for them). |
205 |
|
206 |
So, as a guy who sells NAT solutions, he can say that customers are |
207 |
asking for NAT solutions. (Well, I should hope so for logic's sake, or |
208 |
they wouldn't be customers...) |
209 |
|
210 |
The rest of the email is spot on. NAT64 is an excellent transition |
211 |
mechanism. But it's exactly that: A *transition* mechanism. |
212 |
|
213 |
> http://marc.info/?l=openbsd-misc&m=135110805826344&w=2 |
214 |
|
215 |
Peltola is arguing that NAT66 is possible (it is). |
216 |
|
217 |
Theo is dismissing Peltola, saying that in IPv6, applications should |
218 |
handle address changes. (They should.) |
219 |
|
220 |
Both are correct. |
221 |
|
222 |
Theo goes on to say that not everything roams. (He's correct.) |
223 |
|
224 |
> http://marc.info/?l=openbsd-misc&m=135110703125929&w=2 |
225 |
|
226 |
I don't understand the network context Theo is describing. It sounds |
227 |
like he's describing a scenario where a network has two IPv4 ISPs who |
228 |
allow same IP range (controlled by the network admin, presumably PI |
229 |
space), but where that same network has two IPv6 ISPs who each demand |
230 |
the network admin only send traffic out using IPv6 prefixes they're |
231 |
delegating. |
232 |
|
233 |
This is a retarded arrangement; the ISPs should offer parity between |
234 |
IPv4 and IPv6, meaning they should allow PI space in both cases. |
235 |
|
236 |
Even if you assume Theo is talking about IPv4 NAT here, IPv4 NAT isn't |
237 |
going to solve the problem. When your NATting router has to switch from |
238 |
one ISP to the other, it'd have to switch from one IPv4 IP to another, |
239 |
resulting in the exact same scenario he's claiming IPv6 would uniquely |
240 |
require him to solve. |
241 |
|
242 |
Finally, if you assume that Theo is talking about some kind of |
243 |
connection to another host that doesn't require ISP routing (so it might |
244 |
be via a VPN tunnel or on the local network), then it almost makes |
245 |
sense; the IPv4 context would assume you're in RFC1918 space thanks to |
246 |
your NAT, so your IPv4 addresses wouldn't change as your upstream |
247 |
network connection changes. Meanwhile, your IPv6 context would change, |
248 |
because one of your two prefixes would drop out, and anything using it |
249 |
would fail. |
250 |
|
251 |
Except Theo's solution to this is also silly. In this final scenario, |
252 |
there's already a solution at hand: ULA addresses. They're IPv6's |
253 |
equivalent to IPv4's RFC1918 space, and it's generally suggested that |
254 |
you use ULA on your internal network in order to provide stable |
255 |
addressing within your network to services on your network--which neatly |
256 |
(and by design) avoids the problem Theo claims he's forced to solve. |
257 |
|
258 |
Remember that in IPv6, you can (and will) have multiple IP addresses |
259 |
with different prefixes attached to each NIC. At the very least, you'll |
260 |
have a link-local IPv6 address. You will probably also have a |
261 |
global-scope IPv6 address--possibly many. You may have an address |
262 |
derived from a ULA prefix--possibly many such prefixes. Your network can |
263 |
be as complex or as simple as you choose to make it, but the ULA address |
264 |
space is there to solve this kind of problem. |
265 |
|
266 |
> http://marc.info/?l=openbsd-misc&m=135110533625263&w=2 |
267 |
|
268 |
I expect PI space will become more attainable; it simply must. Other |
269 |
than that, I don't agree with anything Simon or Theo say here. |
270 |
|
271 |
> http://marc.info/?l=openbsd-misc&m=124537193506202&w=2 |
272 |
|
273 |
Again, no technical content... |