| 1 |
On 03/11/2013 07:09 PM, Kevin Chadwick wrote: |
| 2 |
>> No, there was simply no useful result that came up. Incidentally, |
| 3 |
>> both links you provide *did* come up...but I dismissed them |
| 4 |
>> because I couldn't imagine anyone using them as a reference except |
| 5 |
>> in trying to deride Henning Brauer. |
| 6 |
>> |
| 7 |
>>> |
| 8 |
>>> http://marc.info/?l=openbsd-misc&m=129666298029771&w=2 |
| 9 |
>> |
| 10 |
>> He goes from advocating NAT444 to a spew of pejoratives about |
| 11 |
>> something. NAT444 is one of the nastiest, user-disempowering |
| 12 |
>> things to hit the Internet to date. The rest of this email is him |
| 13 |
>> bitching about having to parse CIDR notation. |
| 14 |
>> |
| 15 |
> |
| 16 |
> How disengenuous. He certainly doesn't. |
| 17 |
|
| 18 |
Advocacy of NAT444: |
| 19 |
|
| 20 |
" who sez that your made up isp has to hand out network-wide unique IPs |
| 21 |
" to his customers? |
| 22 |
|
| 23 |
Bitching about having to parse CIDR: |
| 24 |
|
| 25 |
" look at the oh so bright future yourself, look at the code required to |
| 26 |
" deal with that misdesigned piece of shit. |
| 27 |
" did i just say "designed"? sorry. it's obvious that nothing remotely |
| 28 |
" related to design was involved. |
| 29 |
|
| 30 |
|
| 31 |
> Did you miss the sarcasm. |
| 32 |
|
| 33 |
Pretty sure I didn't. |
| 34 |
|
| 35 |
> The only reason he advocates is because others using it allow him to |
| 36 |
> keep running ipv4 pure networks. |
| 37 |
|
| 38 |
That's some useful context. |
| 39 |
|
| 40 |
> |
| 41 |
> After that I'm sure you can forgive me if I note him to have |
| 42 |
> absolutely no reason to be biased and give him a bit more credit and |
| 43 |
> take his experience of writing one of the best and widely used |
| 44 |
> interrupt driven firewalls and so code to deal with ipv6, helping |
| 45 |
> get the netqmail patch sorted and runs his own decent sized network |
| 46 |
|
| 47 |
So he's a smart guy with a decent amount of experience. That doesn't |
| 48 |
make him right. |
| 49 |
|
| 50 |
Let me tell you about a similar guy I know. Let's start with my |
| 51 |
biological father. He started programming as a kid when he got his hands |
| 52 |
on a 6802 evaluation board, wrote his own operating systems, had a hand |
| 53 |
in designing the bar code format the US postal service uses for sorting |
| 54 |
and routing, and provided the local municipality with its first remote |
| 55 |
electronic monitoring of its water tower. He was one of the first people |
| 56 |
to jump into Windows NT, with Windows NT 3.51, as he understood the |
| 57 |
value the NT kernel offered over the DOS-based versions of Windows. |
| 58 |
|
| 59 |
He was quite a guy. But he wasn't always right. He *hated* the |
| 60 |
transition from MFM to IDE drives, as he wasn't able to perform the |
| 61 |
kinds of diagnostics he wanted to. Once he latched on to Windows NT, he |
| 62 |
never let go of Microsoft for a second. He didn't see a point to POSIX, |
| 63 |
UNIX or Linux, and I was never able to get him interested. With the |
| 64 |
exception of things written or distributed by Microsoft, he never used |
| 65 |
third-party tools, and had to write everything from the ground-up the |
| 66 |
way he wanted it. When given specs by other people, he would hand them a |
| 67 |
product that was what he thought they needed, not what they asked for. |
| 68 |
He further never felt the need to work with or learn from anyone else in |
| 69 |
his field. |
| 70 |
|
| 71 |
He's brilliant. Quite literally an accomplished genius...but once he got |
| 72 |
it in his head that he knew what needed to be known, there wasn't room |
| 73 |
for much new, and there wasn't room for much new. I've tried working |
| 74 |
with him in architecting web services, and I couldn't. He rejected the |
| 75 |
idea of using any existing data serialization or transport format, |
| 76 |
because it wouldn't be as efficient as something he could write. His |
| 77 |
system architecture relied on a central synchronous component, but the |
| 78 |
goal of the system was supposed to support scaling. (It couldn't.) |
| 79 |
|
| 80 |
Just because he was amazing and awesome among his contemporaries in the |
| 81 |
past doesn't say anything about his relative skill and knowledge in the |
| 82 |
present. |
| 83 |
|
| 84 |
|
| 85 |
> over yours who I am sure is genuine but could well be partial to |
| 86 |
> ipv6 because as you say you teach setting up ipv6 networks. |
| 87 |
|
| 88 |
You need to analyze things on their technical merits, not just on who |
| 89 |
says them. I won't ask someone to use IPv6 where it's inappropriate. I |
| 90 |
do believe in pragmatic solutions (systemd and merged /usr |
| 91 |
notwithstanding ;) ). I don't generally hold for Ludditism. |
| 92 |
|
| 93 |
If someone wants to actively reject a technology, I'd like to at least |
| 94 |
make sure it's for the right reasons. |
| 95 |
|
| 96 |
> |
| 97 |
> http://marc.info/?l=openbsd-misc&m=124536321827774&w=2 |
| 98 |
|
| 99 |
True enough. And since we're there, it's critical that people learn how |
| 100 |
to handle their problems. |
| 101 |
|
| 102 |
> |
| 103 |
>>> |
| 104 |
>>> http://marc.info/?l=openbsd-misc&m=135325826302392&w=2 |
| 105 |
>>> |
| 106 |
>> |
| 107 |
>> This email has absolutely no technical content whatsoever. |
| 108 |
> |
| 109 |
> Did you not follow the threads? |
| 110 |
|
| 111 |
No. If you want me to read something, you need to point at what I should |
| 112 |
read. You didn't indicate I should be reading a thread (as opposed to an |
| 113 |
individual message...) |
| 114 |
|
| 115 |
> |
| 116 |
> I couldn't find the juicier threads about client troubles due to |
| 117 |
> added complexity but here's some relevent ones and many by very |
| 118 |
> competent devs. (and if I'm honest who tend to shadow every other |
| 119 |
> list I've come across so far as long as you are not timid and can |
| 120 |
> take a hit, though Gentoo is up there). |
| 121 |
> |
| 122 |
> http://marc.info/?l=openbsd-misc&m=128822984018595&w=2 |
| 123 |
|
| 124 |
Re: ARP -- Sure, they don't like ND. That's fine; we covered that earlier. |
| 125 |
|
| 126 |
Re: IPv6 routing -- That's, er, pretty comfortably solved. For a *long* |
| 127 |
time. About the only real problem right now is the spat between a couple |
| 128 |
of the tier 1 backbones...but that's not a problem with IPv6 per se. |
| 129 |
|
| 130 |
Re: Sockaddr size and alignment...I don't see the problem; alignment and |
| 131 |
padding is de jure in software development these days, if only for |
| 132 |
performance reasons. That said, |
| 133 |
|
| 134 |
> http://marc.info/?l=openbsd-misc&m=135325736302228&w=2 |
| 135 |
|
| 136 |
Peltola is making arguments I've never heard discussed in practice, and |
| 137 |
Brauer is rightfully reading him the riot act. |
| 138 |
|
| 139 |
> http://marc.info/?l=openbsd-misc&m=128825496411711&w=2 |
| 140 |
|
| 141 |
Honestly, if they set up a donation drive, I'm willing to bet they could |
| 142 |
have pulled together enough money to get in. However, they either didn't |
| 143 |
think of this, didn't think they could pull together enough money, or |
| 144 |
didn't really want to have to associate with the committees they're so |
| 145 |
angry with. (I think it's most likely a combination of those last two.) |
| 146 |
|
| 147 |
> http://marc.info/?l=openbsd-misc&m=129665675320651&w=2 |
| 148 |
|
| 149 |
Here, Brauer is advocating something that's not really possible (AFAIK) |
| 150 |
per ARIN, APNIC, LAPNIC and RIPE policies. |
| 151 |
|
| 152 |
It'd start with "Hey, APNIC, we see you haven't been assigning many |
| 153 |
netblocks. We're going to take a few of those back." |
| 154 |
|
| 155 |
For ARIN, LAPNIC and RIPE, it'd be "Hey, entity that paid for a |
| 156 |
perpetual license to that net block. We don't think you're using your |
| 157 |
address space efficiently enough, so we're going to take some of those |
| 158 |
blocks back." |
| 159 |
|
| 160 |
That'd go over *real* well. Start with holding back technological |
| 161 |
development on Africa, continue with making it uncertain whether or not |
| 162 |
one gets to keep their IP range after they've paid for it. I can just |
| 163 |
picture all the rule lawyering and metric gaming as IP block holders |
| 164 |
examine qualification rules and contort their networks to behave less |
| 165 |
efficiently (but more efficiently per the qual rules!) so things hold |
| 166 |
together. |
| 167 |
|
| 168 |
> http://marc.info/?l=openbsd-misc&m=135111069427240&w=2 |
| 169 |
|
| 170 |
" Ha ha ha ha, this will work for a single host but how will you manage |
| 171 |
" multiple ones. Bonus question, how do you think the host router with " |
| 172 |
no knowledge of the underlying network topology will choose a route? |
| 173 |
|
| 174 |
To start with, RAs include route preference metrics as well as route |
| 175 |
packing; the network router can not only declare the prefix it's |
| 176 |
responsible for, but it can also announce that it has more-specific |
| 177 |
routes for other address ranges, too. I use this at home, where I've |
| 178 |
given my wired network and my wireless network different /64s out of the |
| 179 |
same /48. The RA for my wired network also announces that the router has |
| 180 |
a specific route for the /64 for the wireless network, and the RA for |
| 181 |
the wireless network announces that the router has a specific route for |
| 182 |
the /64 for the wired network. |
| 183 |
|
| 184 |
Basically, the host router has as much topology knowledge as the |
| 185 |
router's RA is configured to include. |
| 186 |
|
| 187 |
Claudo goes on to assert that SCTP is over-engineered. I guess that |
| 188 |
might be true if you believe that separate UDP and TCP streams are |
| 189 |
sufficient...but I've had to cope with scenarios where they aren't. SCTP |
| 190 |
solves problems that exist in the real world. |
| 191 |
|
| 192 |
He then goes on to assert that end hosts can't handle the truth of the |
| 193 |
network around them. I don't buy it... |
| 194 |
|
| 195 |
> http://marc.info/?l=openbsd-misc&m=135110983026959&w=2 |
| 196 |
|
| 197 |
RIPE's allocation policy was screwy. OK, sure. Not sure what that has to |
| 198 |
do with anything. |
| 199 |
|
| 200 |
> http://marc.info/?l=openbsd-misc&m=135110833526455&w=2 |
| 201 |
|
| 202 |
" As someone working for a 'Carrier' vendor - I can tell you straight |
| 203 |
" up that LSN(Large Scale) or CGN(Carrier Grad) NAT are big sell points |
| 204 |
" (i.e customers are asking for them). |
| 205 |
|
| 206 |
So, as a guy who sells NAT solutions, he can say that customers are |
| 207 |
asking for NAT solutions. (Well, I should hope so for logic's sake, or |
| 208 |
they wouldn't be customers...) |
| 209 |
|
| 210 |
The rest of the email is spot on. NAT64 is an excellent transition |
| 211 |
mechanism. But it's exactly that: A *transition* mechanism. |
| 212 |
|
| 213 |
> http://marc.info/?l=openbsd-misc&m=135110805826344&w=2 |
| 214 |
|
| 215 |
Peltola is arguing that NAT66 is possible (it is). |
| 216 |
|
| 217 |
Theo is dismissing Peltola, saying that in IPv6, applications should |
| 218 |
handle address changes. (They should.) |
| 219 |
|
| 220 |
Both are correct. |
| 221 |
|
| 222 |
Theo goes on to say that not everything roams. (He's correct.) |
| 223 |
|
| 224 |
> http://marc.info/?l=openbsd-misc&m=135110703125929&w=2 |
| 225 |
|
| 226 |
I don't understand the network context Theo is describing. It sounds |
| 227 |
like he's describing a scenario where a network has two IPv4 ISPs who |
| 228 |
allow same IP range (controlled by the network admin, presumably PI |
| 229 |
space), but where that same network has two IPv6 ISPs who each demand |
| 230 |
the network admin only send traffic out using IPv6 prefixes they're |
| 231 |
delegating. |
| 232 |
|
| 233 |
This is a retarded arrangement; the ISPs should offer parity between |
| 234 |
IPv4 and IPv6, meaning they should allow PI space in both cases. |
| 235 |
|
| 236 |
Even if you assume Theo is talking about IPv4 NAT here, IPv4 NAT isn't |
| 237 |
going to solve the problem. When your NATting router has to switch from |
| 238 |
one ISP to the other, it'd have to switch from one IPv4 IP to another, |
| 239 |
resulting in the exact same scenario he's claiming IPv6 would uniquely |
| 240 |
require him to solve. |
| 241 |
|
| 242 |
Finally, if you assume that Theo is talking about some kind of |
| 243 |
connection to another host that doesn't require ISP routing (so it might |
| 244 |
be via a VPN tunnel or on the local network), then it almost makes |
| 245 |
sense; the IPv4 context would assume you're in RFC1918 space thanks to |
| 246 |
your NAT, so your IPv4 addresses wouldn't change as your upstream |
| 247 |
network connection changes. Meanwhile, your IPv6 context would change, |
| 248 |
because one of your two prefixes would drop out, and anything using it |
| 249 |
would fail. |
| 250 |
|
| 251 |
Except Theo's solution to this is also silly. In this final scenario, |
| 252 |
there's already a solution at hand: ULA addresses. They're IPv6's |
| 253 |
equivalent to IPv4's RFC1918 space, and it's generally suggested that |
| 254 |
you use ULA on your internal network in order to provide stable |
| 255 |
addressing within your network to services on your network--which neatly |
| 256 |
(and by design) avoids the problem Theo claims he's forced to solve. |
| 257 |
|
| 258 |
Remember that in IPv6, you can (and will) have multiple IP addresses |
| 259 |
with different prefixes attached to each NIC. At the very least, you'll |
| 260 |
have a link-local IPv6 address. You will probably also have a |
| 261 |
global-scope IPv6 address--possibly many. You may have an address |
| 262 |
derived from a ULA prefix--possibly many such prefixes. Your network can |
| 263 |
be as complex or as simple as you choose to make it, but the ULA address |
| 264 |
space is there to solve this kind of problem. |
| 265 |
|
| 266 |
> http://marc.info/?l=openbsd-misc&m=135110533625263&w=2 |
| 267 |
|
| 268 |
I expect PI space will become more attainable; it simply must. Other |
| 269 |
than that, I don't agree with anything Simon or Theo say here. |
| 270 |
|
| 271 |
> http://marc.info/?l=openbsd-misc&m=124537193506202&w=2 |
| 272 |
|
| 273 |
Again, no technical content... |
Archives