End Of the Line for SpeakFreely: NATed to Death

Arun writes "John Walker (of AutoDesk and Fourmilab fame), primary author of SpeakFreely, has decided to EOL the program (a pioneering network telephony effort), come January 15th, 2004. He cites difficulty in maintaining a decade-old code base, lack of appropriate developer support and a fundamental change in the peer-to-peer nature of the Internet upon which SF is dependent as motivating factors behind his decision. While the last release of the program will continue to be available from SourceForge, the main web site, mailing list, and web forum will be shut down on the aforementioned date." He's got some good points too, like how once IPv6 is more common, most users probably won't go back to one address per machine. I know I enjoy the added security of a NATed firewall, and without a really good reason, I won't be quick to give it up.

Why, oh why?

[Leffe]

Why did I discover this cool application in a discontinuation announcement?

I wish I had discovered it earlier.

Oh well, I can only hope that I can repent this mistake in my next life.

NAT to death.

[pr0ntab]

192.168.0.5/16!

No...

172.18.1.3/12!

No, please, stop

10.255.255.255/8!

AAAAAHHAHAHRRRGGNO CARRIER

In Europe ISPs do not NAT their customers!

Here in the netherlands at least, both the major broadband providers (UPC adn KPN)give all customers a generically routable IP.

Customers using a cable modem or dsl modem get a live wild-side IP and a unique hostname such as:
node139a2z.xs4all.nl
by which they're already DNS addresable.

Most commodity OS's and even the cheap (horrific!) home-router products I've seen have port forwarding capablity,so there's really no such problem as he describes here.

Does anyone have different experience elsewhere?
The States, for instance? I'd like to hear.

Liam.

Why should every device be accesible?

[fermion]

I have to disagree that not having every computer connected directly to 'The Internet' is a bad thing. The first definition from google for the internet, taken from the american heritage dictionary, is
An interconnected system of networks that connects computers around the world via the TCP/IP protocol..

This means that the Internet is made up of networks which may themselves may be made up of networks, etc. These networks use a common protocol. Most would say that not every device on the network, or even every sub network on the network has to be connected to the Internet. It is quite arguable that there are benefits, both personal and for the commons, to not have every device connected to the Internet.

What is for sure is that for the Internet to run, everyone who uses it must contribute to it's well being. There has to be enough devices connected directly to the Intent to process and forward all the packets in an efficient and timely manner. I personally pay a number of services that manage such activity on my behalf. My personal machines, which are not in the primary bussiness of routing packets, are behind a NAT, which is.

Being behind a NAT allows me to manage my network with less effect on the rest of the community. There are still many security issues, and i can still flood others if I get infected, but it is a first step. I would argue that assuming every computer on every network to be directly addressable from every other computer on the every other network might not be the best design decision. It certainly fits in well with the TelCo desire to sell at least one IP per device, as they tried to do in the past with telephones, but other than that I do not see the benifit.

Re:Why is this a Problem?

[Bookwyrm]

It is not a matter of (just) static port mapping, it is more a fundamental problem in the way DNS works with Internet addressing -- or more specifically, the way way applications interact with Internet addressing. (This will no doubt invite flames from those outraged at the idea that there might be a fundamental problem/mistake in the Internet.)

More specifically, what happens when you have multiple machines behind the NAT device? How do you map the ports statically to multiple machines *and* also communicate this information to devices on the outside of the NAT device? (That is, port 80 on the NAT device maps to server1, port 81 on the NAT device maps to server2, etc.)

The key issue is that applications are using network level addressing (IP addresses) rather than application level addresses (URLs) to establish the network connection -- we have network specific information far too embedded in the applications, which is why the transition from IPv4 to IPv6 is such a nuisance. At the moment, the DNS SRV record could help with some of these matters by specifying a port number to use for a specific service and host/domain.

A better design for applications would be for them to be completely unaware of 'IP addresses' and function purely on URLs or hostnames + service name, and link to libraries or network drivers on the machine that handle the network aspects. Really -- excepting network mangement tools, what application bothers about the MAC addresses of machines or PPP negotiation details? IP addresses should not matter to the applications, either -- at that point, much of the arguments against NAT go away.

Honestly, the fact that NAT causes applications to break is more a reflection on mistakes in the architecture/application. IP packets themselves don't fall over and die just because they transition from a PPP link to wireless to ethernet to SONET to etc. The differing layers are independent of one another -- the applications have not yet been weaned off directly diddling with the IP layer.