On Tue, 2 Oct 2007 19:15:27 -0700 David Conrad <drc@virtualized.org> wrote:
Mark,
On Oct 2, 2007, at 3:52 PM, Mark Smith wrote:
As far as I can tell, IPv6 is at least theoretically capable of offering exactly two things that IPv4 does not offer and can't easily be made to offer:
1. More addresses. 2. Provider independent addresses
At the customer level, #1 has been thoroughly mitigated by NAT, eliminating demand. Indeed, the lack of IPv6 NAT creates a negative demand: folks used to NAT don't want to give it up.
Those people don't know any better, because they probably haven't used a NAT free Internet.
It isn't that simple. The fact that NAT exists and is seen as useful by many people (whether or not they are even aware of it) means services and applications need to be aware of it.
This is a hidden cost of NAT. Why hack many applications to work around a network layer problem ? The best place to fix a problem is where it actually exists. The problem NAT tries to solve, but doesn't solve very well (see the earlier list), exists in the network layer. IPv6 fixes the network layer problem that IPv4 has, and it fixes it better than NAT does. IPv6 isn't perfect, but nothing ever is.
You cannot simply wave a magic wand and say "there shall be no NAT".
Of course you can't. If I had that wand I'd have already waved it years ago! I think there has to be a "compelling" reason to adopt something. I think the thing that will compel people to move to IPv6 will be the eventual and inevitable squeeze on IPv4 public addresses. At a certain point I think people will ask themselves "why are we going to such effort (and maybe expense) to get a few IPv4 public addresses when we could move to IPv6 and immediately get millions for the same or less effort and cost?" The fact that nearly most of their networking infrastructure will likely to have been IPv6 enabled in the preceeding years will help it be compelling. (We got a new colour photocopier at work today - it's IPv6 capable. None of us techs asked for it as a feature, and I don't think any of us actually got a look at the datasheet for it before it was bought. The first we knew of it supporting IPv6 was when the photocopier tech asked us if we wanted it enabled. I suspect the photocopier tech didn't even quite appreciate what he was asking. To him, it was probably just another photocopier networking option that the customer might want turned on.)
Even if there weren't NAT, folks interested in security would argue and/or insist on stateful firewalls.
Who said anything about getting rid of stateful firewalls? I didn't and never have.
Have you used a NAT free Internet?
Yes, actually.
So if more addresses was "thoroughly mitigated by NAT", when were these problems that NAT creates fixed?
It would seem the market has determined that the issues Keith had concerns with were less important than the advantages NAT provided.
I don't think the market was aware of the hidden costs of NAT. I wasn't in 1995 when I first learned of it, implemented it and recommended it as a solution. I, my employers and my customers over the years have since paid those hidden costs on a number of occasions, which caused me to start questioning why it was "such a great solution" when the limitations it imposes didn't exist in a NAT free Internet. I was fortunate enough to experience a few years of NAT free Internet before NAT came along. Even today, you look at current technical network training materials, when they describe NAT, very rarely do they list the draw backs. I happen to be currently reading the quite well known book, "Diffusion of Innovations". From what I've read the "market" doesn't seem to be all that good at selecting the best solution (Heard of 100baseVG aka. 100VG Anylan? Technically much better than 100BASE-T from what I remember, but even the technical field of networking didn't choose the best technical solution. For many years I've wondered why). The majority of it are followers who base their opinions on what others within the market/social system say. "Change Agents" introduce new innovations, and "Opinion Leaders" influence whether and how that innovation is diffused. I think the change agents were the NAT equipment vendors. With the Internet being a relatively new thing in the mid 90s, when NAT came along, the opinion leaders ended up just assuming that the change agents/vendors, who commonly knew far more about the Internet, were making good and trustworthy recommendations. Maybe even the change agents/vendors thought they were too, at the time. Regards, Mark. -- "Sheep are slow and tasty, and therefore must remain constantly alert." - Bruce Schneier, "Beyond Fear"