Vint Cerf on Why TCP/IP Was So Long in Coming

whitehartstag writes "TCP/IP is 25 years old this year. Vint Cerf says there was a long development cycle for both TCP/IP and for X.25, and we'd have been using TCP/IP much sooner if TCP/IP had been more marketable. 'Over the years, we can come up with many examples both of where the best technology did (or did not) win and of how marketing has defined a service. For example, many of the "best" features of frame relay, such as the ability to use Switched Virtual Circuits (SVC) in addition to Permanent Virtual Circuits (PVC) were never widely marketed because the pricing was too complex. Rather, the PVC was a simple replacement for a leased line at a fraction of the cost with better performance.'"

where's the content?

[jessecurry]

I know that there isn't much real content on the web anymore, but that's not even an article. Where the hell is the content?

Re:where's the content?

[jd]

You need to run the article through a ROT13 filter, followed by the Bible Code decoder and finally the Redneck filter, to get the URL of the real article. This encryption technique was developed to prevent the real server being slashdotted.

Re:where's the content?

[Tablizer]

I know that there isn't much real content on the web anymore, but that's not even an article. Where the hell is the content?

It's split up. One packet went to Australia, another to Zimbabwe, and another to

Re:where's the content?

[xoundmind]

Slashdot: "Content-free since 1997"

Seems normal.

[jd]

Pricing complexities are why multicast is taking so long to reach the home, even though it has been enabled clear across the entire backbone up to the local ISP level for over a decade. The virtual circuits costing issue is presumably part of why MPLS is also somewhat of a rarity. Of course, this does raise some questions, one of which is why - when the early Internet and IPSS were Government-funded, mostly Government-run, intended to be fault-tolerent and suitable for military use - cost was a factor at all. Big business did not enter the X.25 or TCP/IP markets until very late in the game, and most initially used gateways off their own internal network protocol. The Internet's native protocols should have had no impact at that time.

So why is it normal for the immaterial to matter more than the significant? It is normal, but it is also irrational and nonsensical.

Re:Seems normal.

[somersault]

I guess this moderator thinks that 'troll' means "I didn't understand a word you just said".

Re:Seems normal.

[techpawn]

I guess this moderator thinks that 'troll' means "I didn't understand a word you just said".

No no no! Didn't you get the memo? For the time being Moderators are to use Overrated, Flamebate, and Troll until the new options of -1 Unpopular, -1 Shut-up, and -1 I-just-don't-like-you are rolled out. It's just a workaround, so be patient.

Re:Seems normal.

[OeLeWaPpErKe]

In case anyone wants to know. Let's have some calculations, shall we ? IF we were to bring multicast (like people here want, random senders, random receivers) to the home, we'd need the following resources in the router's memory.

-> A place to put a multicast address (that'd be 4 bytes for ipv4, 16 bytes for ipv6)
-> A place to put, associated with each multicast address, a series of interfaces to replicate the traffic to (that'd be a bit per interface in the router and per multicast address) (let's say we could do this in 4 bytes for a nice big router)

Now this may seem like nothing, however it doesn't scale for the central routers of the internet. In ipv4 the multicast space is 224.0.0.0/4, that's 268435454 addresses. We need 4 bytes per address (and no we can't use routes to optimize this like for normal hosts), so we're talking 2 GIGS of memory, and not just any memory but "fast" memory, memory that needs to be adressable in at best a few millisecs.

For ipv6 we have ff00::/8 as multicast addresses. `nuff said ? That's 2^120*8 = 2^123 bytes of address space required.

Multicast is ... a bitch. It can't be aggregated, it can't be split, it can't be simplified, ... it sucks. It'll never work.

Re:Seems normal.

That's what happens when you let a Digg user have moderating powers.

Re:Seems normal.

[jd]

I think you may have missed the -1 CowboyNeil option.

Re:Seems normal.

[jd]

You only need an address for each group address subscribed to by a downstream node. Since you have access to port numbers, you can place as many streams on a single address as you like (up to 65535), although obviously you lose some benefit from the multicasting if you overload too many streams onto a single group address. Well, unless you use source-specific multicast (SSM), in which case so long as the content is differentiated by source address, you can stuff everything onto a single group if you really want.

Re:Seems normal.

It's "CowboyNeal," you insensitive clod.

Re:Seems normal.

[jrumney]

Multicast is ... a bitch. It can't be aggregated, it can't be split, it can't be simplified, ... it sucks. It'll never work.

I'm glad you don't design routers.

Re:Seems normal.

[jd]

Maybe he does. I've not seen 3Com for a while and Bay went belly-up. If he was the chief designer for those two, it would explain what happened to them.

Re:Seems normal.

[charlesnw]

Um... Nortel bought Bay Networks. 3com is alive and well and while isn't the most common router by far, its still used a fair amount. Especially in smaller organizations.

Re:Seems normal.

[warrigal]

The simple facts are that X.25 didn't match the customers' topology needs and it wasn't reliable enough. Even during the early '90s a telecom's sales engineer told us (with disarming frankness) that he wouldn't recommend it for line of business applications. Too unreliable. All those Z80s out there on the network trying to cope.

About the same time I was given the job of proposing an X.25 backbone for a large client. Imagine trying to design a network with remote word processors running echoplex across it to implement screen formatting. That's right. Each keystroke was 2 packets. One each way. No PAD on earth would fix that.

Re:Seems normal.

[amorsen]

The virtual circuits costing issue is presumably part of why MPLS is also somewhat of a rarity.

Is MPLS that much of a rarity? Business point-to-point or point-to-multipoint lines around here tend to be delivered either by MPLS or 802.1ah. Most MPLS-based lines are generally more expensive than raw Internet lines, but that's simply because MPLS is awfully expensive per VRF, so providers don't like having lots of VRF's.

(Of course it's also possible to do virtual routing without MPLS. That's how I make a living)

A little more here...

[XanC]

Apparently the "article" is a response to a comment (the only comment, mind you) attached to this "article", which is similarly content-free.

Re:A little more here...

[Megaweapon]

Plus the submitter's name+link goes to the same site, so I'm guessing this is just more NetworkWorld clickbait for Slashdot.

Re:A little more here...

[LMacG]

NetworkWorld Accountant: Ad revenue seems to be off this week. Quick, somebody submit a story to Slashdot! (Before Computerworld does the same thing!)

Re:A little more here...

[houghi]

This scam only works if people visit the sites, so people please stop reading the articles.

TCP/IP still needs a rewrite

Unfortunately, for all of us, IPv6 is heading our way like some rusty old stream train. Its rickety and badly designed, but massive, and will squash anything in the way.

IPv4 at least was designed well, and has lasted a long time. However, IPv6 has no firewall/NAT support (if you are in a company, you have to have a firewall, else you run afoul of a lot of corporate regs like SOX, HIPAA, and if doing credit cards, PCI). You can't tunnel or VPN (if you do, you pretty much do IPv4 routing as a kludge.) Finally, it doesn't support a person having their own permanent IP range. You are forced to use a subset of the range of whomever you are connecting to, and if you change ISPs or peers, you have to completely re-IP your servers.

Of course, the opportunity was missed to have crypto at the IP level, rather than have it bolted/kludged on (like IPSec.)

Re:TCP/IP still needs a rewrite

[jd]

IPv6-over-IPv6 seems to work ok. Some of the earliest routing protocols provided firewalling and NATting within the routing protocol itself (Telebit's router provided superb NAT and Firewall capabilities as an integrated facility). Permanent addresses lead to fragmented heirarchies and exploding routing tables, which is a major problem with IPv4.

Re:TCP/IP still needs a rewrite

Sour grapes from Microsoft or IBM?

Re:TCP/IP still needs a rewrite

[bendodge]

It seems to me like most of the things you listed as missing were things IPv6 was specifically designed to get rid of.

Re:TCP/IP still needs a rewrite

[gclef]

So much misunderstanding crammed into such a small post. I'm impressed.

However, IPv6 has no firewall/NAT support

IPv6 partisans strongly discourage NAT, but there is nothing in IPv6 that will prevent it. Firewalling is still possible in IPv6, and is assumed to continue.

You can't tunnel or VPN

Where in the world did you get that from? There are several tunneling protocols supported as standard in IPv6. 6-in-6, IPSec, GRE...take your pick.

Finally, it doesn't support a person having their own permanent IP range. You are forced to use a subset of the range of whomever you are connecting to, and if you change ISPs or peers, you have to completely re-IP your servers.

This is untrue. ARIN (and most other RIRs) changed their allocation policy a year and a half ago. At present, if you qualify for Provider-Independent space in IPv4, you will also qualify for PI-space in IPv6.

Re:TCP/IP still needs a rewrite

[QuantumRiff]

There is no personal IP range, which is a darn good thing. Can you imagine the load that would put on routers, having a few billion routes changing constantly? However, with the "autoconfiguration" if I'm not mistaken, the last 64 bits of your IP would pretty much always stay the same, its the first bits that would change.

Besides, in a way your IP address will always be the same, and much shorter.. ::1 is much shorter than 127.0.0.1 to type!

Re:TCP/IP still needs a rewrite

[jo42]

IPv6 has no firewall/NAT support Let's see...

[gawd@mssux:~] rpm -qa | grep iptables
iptables-1.3.5-1.2.1
iptables-ipv6-1.3.5-1.2.1
[root@ws01:~]

Horse Poop.

Re:TCP/IP still needs a rewrite

[TheBracket]

A lot of your "missing" features of IPv6 are exactly what it was meant to eliminate! You absolutely can firewall IPv6 (just as you can firewall a regular routed IPv4 space; a default stateful "outbound only" IPv6 firewall is every bit as secure as a similar IPv4/NAT setup). OpenBSD's pf has supported firewalling IPv6 for years; I'm pretty sure ipfw on FreeBSD has it, too. Iptables on Linux also seems to support it.

NAT isn't something to be missed. The number of nasty kludges required to get protocols that require two peers each behind a NAT to communicate is ridiculous, and a lot of protocols (VOIP, P2P, most games, etc.) can be simplified quite a bit when you take out the various NAT-hole punch routines.

Juniper already ship IPv6 capable VPN kit, you can do it on various open source platforms with things like tinc, and Windows Server 2008 supports it.

In other words, IPv6 is taking a long time, but it's getting there - and support for essential features is developing decently well. I'd recommend getting familiar with it now; even if it never materializes in its current form, it's a good idea to play with lots of different setups and be ready for anything!

Re:TCP/IP still needs a rewrite

[myz24]

this is obviously chopped.

Re:TCP/IP still needs a rewrite

I think someone should examine your mental records. Consider:

IPv6 has no support of what you think is a 'firewall', however that does not stop you from using a firewall with IPv6.

Of course you can tunnel or use VPN with IPv6. I'm not sure what you're smoking.

IPv6 supports Stateless Address Autoconfiguration. According to RFC 4862: The stateless approach is used when a site is not particularly concerned with the exact addresses hosts use, so long as they are unique and properly routable. On the other hand, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) [RFC3315] is used when a site requires tighter control over exact address assignments. Both stateless address autoconfiguration and DHCPv6 may be used simultaneously.

IPv6 has IPSec at the network layer, so again I am not sure what medication you're taking.

Re:TCP/IP still needs a rewrite

[rickb928]

"if you change ISPs or peers, you have to completely re-IP your servers"

I missed that the first time. Sounds like we got another IPv6-slam in TFA.

And this is different than IPv4 how? In the US, this is the norm. I know, my dear friends that manage my access like to change ISPs about 4 times more often than they change cell phone providers. And for even dumber reasons. They don't even geta free CSU/DSU most of the time, and of course the new provider needs us to use 'theirs', so they can manage it. And leave it to us to reboot it every month when it gets pissy about something that doesn't leave a log entry. grrr... But that's the wonderful world of T-1s and telcos.

IPv6 doesn't help you unless you're PI, and damned few of us are. We know it, when we are, too.

Re:TCP/IP still needs a rewrite

[petermgreen]

can be simplified quite a bit when you take out the various NAT-hole punch routines.
Assuming people use statefull packet inspection firewalls with a "outbound and replies to outbound only" policy the hole punch routines will have to stay.

Re:TCP/IP still needs a rewrite

[Watson+Ladd]

You are just wrong half the time, and half wrong all the time. First off, a firewall is a piece of software that prevents packets from getting through. It can work with IPv6 just fine. Tunneling and VPN is what IPSec is for in tunnel mode. IPv6 mandates IPSec support, so I don't see how that is a kludge. Finally the mobility of IP addresses across ISPs leads to exploding routing tables. It's just not an option.

Re:TCP/IP still needs a rewrite

[modmans2ndcoming]

umm...a firewall is not the same thing as a Nat.

IPv6 supports firewalls... AKA, the ability to create a checkpoint that looks at all packets entering/exiting the local network and deciding if that packet should be allowed to enter. What it does not allow is Network Address Translation, AKA, handing the mail off to a guy at the gate and letting that guy look up on a list what the mail address translates to as far as his system, and then delivering it.

Cisco seems to think you are wrong as well.

Re:TCP/IP still needs a rewrite

[Agripa]

Assuming people use statefull packet inspection firewalls with a "outbound and replies to outbound only" policy the hole punch routines will have to stay.

Sure. But without network address translation, protocols like IPSEC will work end to end and proxies for inspecting and rewriting packet payload will not be necessary. UPNP will no doubt still be used (and a serious security risk) for punching holes in the firewall but at least the few-to-many address mapping problem which breaks many protocols will be gone. FTP will of course still be broken.

Routers that support NAT act like a stateful firewall as a side effect of the NAT process itself. There is nothing to preclude building a stateful firewall without NAT that provides all of the same security functions and as other posters have pointed out they are the rule rather then the exception. Set the firewall to block all incoming connections and pass/track all outgoing connections. Then add selective incoming pass/track rules where appropriate. At least with BSD, you have to go out of your way NOT to track state. The only difference is the lack of address and port translation/fowarding which become obsolete since every device had a dedicated routable IP address.

Poor article

[Quato]

This is a poor article, the slashdot summary is 95% directly quoted from the one page article.

That aside, the reason virtual circuits have never taken off is lack of physical media and field equipment. An ISP/Cable Company/Local Bell is not going to support running lines out to homes and businesses if they don't have subscribers for all their investment.

I've never seen an implementation where statistical multiplexing was implemented properly. I think it is just one of those things that look good on paper, but will never come into general use unless the technology and infrastructure support it.
            Look at what they do now they run a T1 out to a DSLAM and split it up all to hell and oversell the bandwith going from the DSLAM to the ISP. Show me someone with 7MB burstable speed actually transmit at that speed and I'll do a goddamn backflip.

Historical analysis

[rjamestaylor]

To read the historical analysis on the adoption rate of TCP/IP versus....??...is interesting to, well, um... you know, ... crap. No one.

Anyway, thank Gore we're not stuck in an X.25 world!

no

[Lanboy]

The ARPANET was an accademic network for sharing defense research. The story about its survivability for nuclear war is simply untrue.

Please name the "Local ISPs" that have multicast configured. I count Two out of Five core providers with multicast enabled.

I wouldn't call MPLS somewhat of a rarity. Simply put I disagree entirely.

Re:no

[jd]

Any ISP that uses RIPv2, OSPFv3 or ISIS on their internal network - or to connect to other networks - uses multicast for the routing protocol. Core providers broadcasting multicast services that are visible to AmericaFree.tv are listed in table format. It's longer than two entries. Translations of BGP entries to providers are . Local ISPs that actually provide multicast to the home are a rarity, but as of 2002, there are a handful.

I never said anything about nuclear war, I specified fault tolerence. There's a big difference. Several tens of megatonnes of difference. Providers offering virtual circuits for extranets sometimes use MPLS, but not all. Service guarantees are over time and can be provided by packet marking and QoS. Isolation likewise. When providing full mesh services, which is what many corporate ISPs are moving towards, something like MPLS is a disadvantage. Containment and QoS is only safe at endpoints, and running anything heavier than you need on a full mesh (which itself is insanely hard on routers) is asking for trouble.

Re:no

[Tim+the+Gecko]

Any ISP that uses RIPv2, OSPFv3 or ISIS on their internal network - or to connect to other networks - uses multicast for the routing protocol.

True, but irrelevant in considering whether a customer might one day get IP multicast on an ISP connection. The routing protocols you mention (and OSPFv2 as well) use multicast packets with TTL=1 to exchange information across a LAN. Not at all the same thing - no multicast forwarding tree in sight!

as of 2002.

Which says everything you need to know about interdomain IP Multicast on the public internet. In contrast, it's doing pretty well on private VPNs (CEO "egocasts" and that kind of thing).

Re:no

[jd]

Customers are almost certain never to get IP Multicast, but (probably) not for technological reasons. It's easy to bill per stream, for unicast streams, but harder for multicast. And, let's face it, there are certain segments of the entertainment industry - not just the *AA's - that have a vested interest in providing heavily metered audio/video streams. Multicasting has the potential to slash revenue by an order or two of magnitude. It's also easier to guague interest (for advertising reasons) for unicast connections than for multicast. And since unicast demands more on the CPU and on the pipe, machine manufacturers and ISPs have financial incentives to encourage customers to use the least-efficient delivery format possible.

If the customers are the only ones who could gain, and everyone else would lose, then who is going to be insane enough to switch on multicast routing to the home?

Re:no

[Drishmung]

The benefit of multicast is to the network provider. Where the same stream needs to be sent to many (thousands) of customers, multicast has a huge benefit. In fact, for 'push' content delivery it is the only viable means of networking.

And cable has been able to deal with the pricing issues for decades. The content is encrypted, with multiple keys---one for each subscriber. Anyone else can receive the multicast, but it does them no good without the key. When you join the stream, you not only join at an IP level, you authorise against the broadcaster and your key is enabled. For which you are sent a bill.

So, content provider gets to sell content to consumer, and network provider reduces costs. Content provider also knows exactly who has received the content.

For unencrypted content your points are valid, however even there a strong economic case can be made for multicast. Each consumer pays for bandwidth, so there is no direct cost benefit of multicast for them. But, it is in the network provider's interest to reduce costs, and by reducing bandwidth, multicast does this. Finally however, the content provider also has to buy bandwidth from somewhere, namely their upstream provider. They also have to serve that content. The economic benefits of a single server and 100Mbps (multicast) vs tens/hundreds of servers and 10Gbps (unicast) are fairly compelling to potential video content providers, if not to traditional text/web providers.

Re:no

[jd]

I guess you are correct, but then we get back to the problem of why this option doesn't currently exist for consumers. Hang on, I think my brain is going to explode.

ethernet

He's overrated and forgotten a few things.

TCP/IP became big because there was no license.. unlike XNS and Appletalk.
and because it ran over Ethernet, all one had to do was drill a hole in a wire and tap into it with you AUI.

TCP/IP wastes bandwidth

[EmbeddedJanitor]

A very significant factor for the slow uptake of TCP/IP was that most early networks were slow and point-to-point (head office to branches for realtime links and uucp etc for emial). IP wrapping is relatively expensive in terms of extra bytes etc, but that wrapping gives flexibility. When you only had 1200 baud point-to-point connections then you didn't need the flexibility of IP nor the extra wrapping cost.

IP only started to shine once significant numbers of networks got interconnected.

Re:TCP/IP wastes bandwidth

[morgan_greywolf]

WANs, yes. LANs based on 10MBit Ethernet was fairly popular -- but most of them ran proprietary protocols like IBM's NetBIOS and, later, Novell's IPX/SPX.

And anyway, by your logic X/Y/Zmodem wouldn't have existed because these protocols also wasted bandwidth. These were the basis of early store-and-forward networks like FidoNet.

Re:TCP/IP wastes bandwidth

[warrigal]

When you look at TCP/IP you have to wonder if it was ever intended for WAN use. The extravagant use of bandwidth in contrast with IBM's SNA/SDLC is a pointer. It wasn't all that long ago that you tied datacenters together with 64K links.

Obligatory

Queue the "because it took Al Gore so long to take the initiative in creating it" jokes...

Re:Obligatory

[Guppy06]

And cue the Grammar Nazis while you're at it.

Re:Obligatory

[mini+me]

If he had spent more time developing TCP/IP, Manbearpig would still be out there.

Amen Brother.

[Lanboy]

I personally believe it will never be adopted. The government keeps having meetings where they set dates for implementation, that get turned into dates to have implementation plans. Meanwhile the clock is ticking and its ten years later. The internet has changed from when they drafted IPv6, who is going to make thier customers flash thier home routers?

Time to punt and send folks back to committee. It is just as crufty as the OSI network stack. If they had just gone with the first draft and added more address space and a few header changes this would have all been taken care of a few years ago.

Re:frist pork

This thread needs more Christian Furries.

PVC tubes

[Nonillion]

So I guess we can look forward to Ted (series of tubes) Stevens describe the Internet as a "series of PVC tubes". :P

The Da Vinci Codec

Only to find out that the original TCP/IP specification was designed by Leonardo Da Vinci and hidden in a strangely effeminate painting.

Which, of course, explains why it took so long to get implemented.

Best feature but no market?

[Lanboy]

Frame SVCs wore never in huge demand. As Vint says, customers wanted cheap leased line replacements, and the ability to do hub and spoke and mesh networks cheaply. What do SVCs buy you? you already have to pay for the local loop. Cheaper Virtual circuits? Eventually the market moved to zero cir pvcs, which were as cheap as you needed.

Besides, there were carrier SVC networks, the protocol was called SMDS, and no one bought it.

Frame Relay faster????

[Whitemice]

"Rather, the PVC was a simple replacement for a leased line at a fraction of the cost with better performance."

Eh? I'll take a leased line over a PVC anyday in regards to performance. My experience with Frame Relay has been that performance is subpar, the provider overbills, burst capability is crap [and doesn't work with most QoS scenarios - as in you have to disable bursting]. I also question the cheaper part as we just switched from a 15 location frame-relay (256/512) WAN to point-to-point T1s for 1/3 the price.

But maybe it depends on your location and the competence of your local bell.

Re:Frame Relay faster????

[misleb]

Do you really have a point-to-point between each location or just a hub and spoke?

Re:Frame Relay faster????

[Whitemice]

Hub-n-Spoke, just like we had with frame-relay. It should have been a mesh given that it was frame-relay but the telco wanted basically the same monthly fee for each additional PVC as it was for the frame-connection itself. An additional PVC was "effectively" an additional circuit. So it was really point-to-point over a frame-relay cloud where you couldn't burst and with crappy latency just for extra fun.

To be fair they fixed the latency issue after a couple of years. Wow, I was impressed.

United States of America's Government Conspiracy

[Hucko]

Well, someone has intercepted the Australian packet because it hasn't made it here yet. I've been waiting patiently at the end of our pipe.

Argh! Typo!

[jd]

The translation list is here.

Ack - Hi Vint

[asleeplessmalice]

Apparently Vint Cerf wasn't consulted for the original article, yet he commented on it by 7:42 am on the day it was published: 1/22/08 (although the article URL includes a datestamp of 1/21/08).

I wonder if his advanced monitoring capabilities include /.?

Are you sure?

[Sits]

I've had very little luck trying to make a BSD use NAT on site local packets (which are explicitly defined as not being internet routable). However given how big the typical ipv6 subnet seems to be this issue falls by the wayside the moment you get one.

Your point still stands though - ipv6 is trying to do away with NAT and rightly so. If you don't have an address squeeze it seems horrible that you would use NAT - better to use a decent firewall...

Re:Are you sure?

[TheThiefMaster]

Yeah, you can use an IPv6 firewall that blocks all incoming traffic except for replies to outgoing traffic and exceptions made for specific servers, and you have the same "firewall" protection as an IPv4 NAT with none of the protocol breakage caused by NAT. Two machines could use the same port without one or both getting changed by NAPT for example, and having the server's own IP be the same one that clients have to connect to helps as well.

Tech

[Teflon_Jeff]

It's just another example of the less effective technology winning out.

Can you say Beta max?

Mod parent up - Grandparent retarded.

[bdwebb]

I read the grandparent post and literally began to experience physical pain. I'd say a good 60% of every enterprise WAN I configure or interact with on a daily basis is MPLS or is in the process of migrating to MPLS.

The multicast argument was the portion that really brought the pain train, Terry Tate style. I don't even want to begin to discuss why that argument is so wholly retarded. It looks like you had the same opinion so I'll plagarize your comment and say that I, also, "disagree entirely" but I would like to indicate that my lack of agreement should be considered +1 Vehemence.

Re:United States of America's Government Conspirac

[charlesnw]

Don't you mean at the end of your tube? Cause the internet is a series of tubes. :) Congress said so. It must be true.

Where's the beef?

[jd]

If you're using MPLS on a WAN, I'm scared. MPLS is for extranets, the WAN is concealed. MPLS on a WAN is therefore a contradiction in terms. Either you're dealing with a WAN or you are dealing with an extranet. You are never dealing with both at the same time. You are almost never dealing with MPLS at the enterprise-level, because that level of detail is normally hidden. You have an entry point onto the extranet, but how that extranet is formed is transparent.

Of course, none of this matters if you're not using extranets. Any Enterprise-level network that exists in one physical location or connects to other locations over the public Internet or connects to other locations via leased physical lines has no need of MPLS or any other virtual circuit technology. Metropoliton networks, such as GMING, tend to use leased physical lines and point-to-point protocols such as ATM. As do most of the smaller-scale backbones (such as national DSL providers) who bought up dark fibre in bulk. If you're using an ATM network, you don't waste time with IP-based virtual circuits.

I've admined my share of b2b, national and international Enterprise networks. I co-founded the IPv6 backbone in the UK. I've run large-scale X.25, IP and ATM networks. Before that, I designed my own LAN and WAN wire protocols. I'm no Vint Cerf, but let's be realistic here. Anyone can make a claim, but it takes more than that to make a difference.

As for your multicasting commentless comment, the announcement of the dissolution of the MBONE in the mid 90s is quite sufficient as a reply. It's you against the world, and the world declared many years ago that you lost. That war is over and the multicasters won. Give it up. Accept defeat gracefully. The only serious resistance left are the ISPs for SOHOs and individuals and the increasing number of multicasting applications in Windows mean they will submit soon enough. Even mobile phone companies, such as Nokia provide their services by multicast. They have surrendered to the only rational networking technology for distributed services. The Infiniband Consortium and the Open Fabrics Consortium depend heavily on the multicast capabilities of modern technologies. Resistance is futile, you will be IGMPv3'ed.

Re:Where's the beef?

[3vi1]

You may have a lot of experience, but I think you're generalizing your ATM vs. MPLS argument from the perspective of a small business. A lot of companies, including mine, have moved to MPLS for their WAN. (And, I don't miss the ATM days at all.)

Of course, our revenue is about the same as Microsoft, so I'm talking about a very large network (70+ large international manufacturing sites, multiple data centers, 10-20k users).

Goodbye NAT?

[fm6]

IPv6 partisans strongly discourage NAT...

My first response to this was, "Say what"? But I did a little Googling and it seems you're quite correct. I'm not as literate on IPv6 issues as I should be, but this strikes me as pretty dumb.

The main thesis of this argument seems to be that the primary purpose of NATs is to work around the IP address shortage, which IPv6 eliminates. But there's another big reason to want an IP address in a private space: security. Do you want every script kiddie on the planet banging on your firewall day in and day out? I certainly don't. I much prefer to expose exactly one (1) IP address to the public Internet, and to leave provisioning of that node either to my corporate IT department, or the developers of my off-the-shelf home route. Either of which can do a better job of fighting off the barbarians than I can.

Some pundits insist that they can actually provide better security if they have a true peer to peer link. Possibly true if you have a lot of development and maintenance resources. But for most users, the simple solution, having an IP address that doesn't resolve outside your network, would seem to be the best one. To quote Monty Python, if you don't want to be seen, don't stand up.

Re:Goodbye NAT?

[DaleGlass]

Huh?

You can do exactly the same stuff with a firewall as you do with NAT. If you want to forbid all incoming connections by default, and only allow specific ones, you can do so very easily with a firewall.

The only difference is that with NAT you have one IP address, and port 80 (for example) either is directed to a specific computer on the network, or isn't.

In comparison, with IPv6, no NAT, and a firewall you'd be able to control whether each computer on the internal network accepts connections on port 80 or not, separately. You can have this control done centrally from a single firewall, just like with NAT.

Re:Goodbye NAT?

I wonder if you don't understand what "firewall" means in the IPv6 partisan story. They don't mean your crappy windows desktop software firewall. There isn't any more or less "pounding" going on without NAT.

For all your home users, the device that provides NAT is actually just a Linux router with firewall filtering that is also rewriting addresses in addition to its other access-control features. Turn off NAT and the security is identical. You still manage which incoming data streams are allowed to which internal hosts, but each stream has a unique address instead of the nasty "forward with rewrite" behavior.

Re:United States of America's Government Conspirac

[Hucko]

I'm Australian and we just sacked the bloke who loved your Congress...... besides tubes are generally referred to as pipes here.

Re:frist pork

You put WAY too much effort into that troll post. Seriously, is this what you spend your life doing?

Re:United States of America's Government Conspirac

[SJ2000]

The packet was deemed 'inappropriate' by the new government internet censoring system, that's why you never received it :P