Sean Doran wrote:
The thing that amazes me about people who are fans of IPv6 is that they have realized that NAT is THE fundamental scaling technology for the Internet.
You are of course correct, but you also say...
The technical goal is that end to end services will work, period, in all cases.
<DELIBERATELY PROVOCATIVE> ... indeed. But this can be accomplished at an even higher layer than NAT uses. EG It's entirely possible to implement a web browsing service without an IPv4 globally routable address space, and without NAT, just by using caching proxy technology (*). An entire ISP serving millions of users could live on a single class C. Not so long ago, we saw one IP address per web site. HTTP extensions now make one address per server possible. Running a provider-side proxy you could theoretically have 1 IP address per farm. An application layer solution is thus also doable. (*)=scalability of this vs NAT is another argument of course. Many applications can be fixed up the same way. Mail? Who needs to talk to anything but a local SMTP/POP server? We had a lot of talk at NANOG about how in general allowing users to talk to arbitrary SMTP servers was a bad thing. Fine. Dual home your SMTP server and run your users on private address space. They can't spam any more. In a world where the internet industry is becoming more and more like the telecoms industry, the necessity of users to have protocol level access to the network is diminishing, and the dangers of doing so are becoming greater. Which telcos will blithely hand out SS7 interconnects to users? Without (routable) IP access, there would be no SYN floods of distant networks, no source spoofing, less hacking, easier traceability, and the BGP table need only be OTO 1 entry per non-leaf node on a provider interconnection graph. Of course there would be applications that would suffer. No telnet for instance, except through a telnet gateway at each end (and, urm, that's probably not a bad thing). Risk of snooping by ISPs on private data (well they can do that anyway, and if you really care, send it encrypted). No IPv4 intranet applications between customers of different providers (hang on, didn't IPv6 require tunnels anyway?). No broken protocols which encapsulate network addresses within the payload (oh well - rewrite the protocols). Sean seems to predicts death of end to end network layer addressing. How about the death of end to end internet? Instead run with a core of IPv4 numbered routers and application layer gateways. Run everything else in private address space. 10.0.0.0/8 has pleny of room. </DELIBERATELY PROVOCATIVE> -- Alex Bligh GX Networks (formerly Xara Networks)