Can Large Scale NAT Save IPv4?

Julie188 writes "The sales pitch was that IPv6, with its zillions of new IP addresses, would eliminate the need for network address translation altogether. But Jeff Doyle, one of the guys who literally wrote the book on IPv6, suggests that not only will NAT be needed, but it will be needed to save IPv4 at the tipping point of IPv6 adoption. 'I've written previously that as we make the slow — and long overdue — transition from IPv4 to IPv6, we will soon be stuck with an awkward interim period in which the only new globally routable addresses we can get are IPv6, but most public content we want to reach is still IPv4. Large Scale NAT (LSN, also known as Carrier Grade NAT or CGN) is an essential tool for stretching a service provider's public IPv4 address space during this transitional period.'"

NOOOOOOO

[santax]

Stop the madness. Give us ip6. We (as a society) would gain so many productive hours without NAT and the shit that comes with it. (Portforwarding etc). We have the technology ready to go and give everything it's unique ip. Can we please use that tech? It's not like it's high-tech or to new to be implemented by now.

Re:NOOOOOOO

[bbn]

Except for all the people still on XP, which has no native IPv6 support...

Has too. You just need to enable it: http://ipv6int.net/systems/windows_xp-ipv6.html

Re:NOOOOOOO

[RobertLTux]

err windows xp does have ipv6 support but its not installed by default (in fact has had it since XP sp2)
now it may not have all the bells and whistles of say Vistas support (if anything can be supported by Vista) but you should at least be able to get an IP and get online.

Re:NOOOOOOO

[lanner]

I don't think non-networking guys really understand the harm that NAT/PAT/masq has done.

I am talking economic damage. NAT has cost you money. It's cost you a LOT of money. It cost your company money. It cost everyone who uses computer an ASS LOAD OF MONEY totally wasted on a cheap hack to get around the fact that we needed a better addressing system.

All the wasted software time which talented people worked for, and NAT is just a work-around.

All the money wasted PAYING for above mentioned software, salaries, time.

All of the needless hardware and software implementations related to NAT.

Anyone who runs a large Cisco PIX/ASA platform can bemoan the number of statics needed between network interfaces.

Think about the apps that had a really hard time working because of NAT. The games that could not peer-to-peer because both sides were behind NAT.

Think about all of the companies that have multiple DNS views -- inside, and then public. That's a ton of extra work.

Best thing of all that I look forward to in IPv6 is... the idiots that it will wring out of the IT/comp-sci sector. Idiot sysadmins that label their servers with IPv4 addresses, idiot programmers who won't learn IPv6 and will get the boot to the curb that they have long deserved.

If you can't handle it, GTFO lamers. You don't need to know your workstation's IP address -- you need to know it's hostname and how to use DNS. I can't tell you the number of places I've worked at where people hard-code IP addresses into config files and the damage that it has caused, along with labeling servers/printers/whatever with their IPv4 address.

Re:NOOOOOOO

[nacturation]

Support for XP has stopped, it's an old OS.

Windows XP is supported until 2014 if you keep up with service packs.

Re:NOOOOOOO

[PsychoSlashDot]

Your rant would be more compelling if your list didn't consist of "software time", "software, salaries, time", "software" (yes, again), "time setting it up (as if setting up a proper firewall ruleset was any less cumbersome)", and "games". Yes, games. Economic damage indeed.

Look, NAT isn't ideal. I'll grant that. IPv6 is right. But I'd like to point out something. If NAT is seriously as big a deal as you make it out to be, that's man-hours that kept someone employed. Software houses employ people to work in projects that need doing. Working around network realities/idiosyncrasies needs to be done. Remove those realities and the rampaging hordes you envision writing NAT code won't just get a memo saying "hey, we were going to have you work on this uber useful productive project but didn't because you were working on that NAT code but now that it's gone, you're a productive member of society again!"

There's some hyperbole in my post, but the point is clear. At my office we have a phrase, "scripting yourself out of a job". There are a lot of repetitive tasks like new user creation that I'm often tempted to script to save myself (billable) time. Sadly, when everything I do is scripted, I'm not needed. Anyone can punch in values and routine tasks are out of my hands. All that's left is sitting around waiting for something to go wrong. I can't charge for that. That being said, there's an ethical fine line between predatory billing - which we don't ever do - and scripting myself out of a job.

Point is the economic "impact" of NAT isn't something that's worth talking about. If anything it employ[s/ed] people.

Re:NOOOOOOO

[Pentium100]

Me too. I look forward to having no NAT and changing the IPs in my internal network every time I use a different ISP.

"Hmm, my internet connection failed, better connect the backup one. OK, now this ISP gives me xxx:yyy:zzz:xxyz::0 IP, so I now have to go and change the addresses of all my PCs, since they won't be able to access the internet. If only there could be some way to keep the internal IPs constant..."

Currently, the internal IPs of my computers do not depend on which ISP I am connected to.

Re:NOOOOOOO

[Dagger2]

And NAT is the bomb. It is the best kind of firewall you can have - ie one that doesn't slow down your computer with bloatware. It really is not difficult to forward a router.

No, it's not. The best kind of firewall you can have is a firewall -- which can also be done on your router device, so that it "doesn't slow down your computer with bloatware".

The part I don't like about it though, is the addresses. How easy is it to remember 192.168.2.31 compared to 2001:0db8:ac10:fe01:0000:00000:00000:0000?

If you don't like that address, why did you pick it? For a start, redundant zeros are redundant, so write 2001:db8:ac10:fe01::. Secondly, you are assigned a /48, meaning you can pick the rest of the bits freely. If you didn't want to remember it, why did you pick fe01 instead of, say, 0, letting you write 2001:db8:ac10::?

And in case you hadn't noticed, 2001:db8:ac10:: is shorter than the IPv4 equivalent, where you have to remember both 192.168.2.31 and your external address, 192.0.2.172. What's the problem with IPv6 again?

Re:Hasn't it already?

[santax]

You know... you really should upgrade your toaster.

Useless investement

[JonySuede]

at work we use NAT behind a whole public class B and it work great. But as a customer I would not put up with it. I want to act as a server not only a dumb host. So please stop the carrier grade nating madness.

Re:Fuck you.

[hedwards]

Probably because he doesn't own the infrastructure. The problem is that in the US we heavily subsidized the industry, but didn't require them to really do anything to deserve the money. We didn't require neutrality, we didn't require them to keep building out broad band, or enhance the speeds in urban areas either.

Considering that ultimately they're using public resources to provide a service, I do think they owe us at least something in exchange for making profits using our right of way or airwaves.

Part of the solution

[bbn]

Large scale or ISP wide NAT is part of the solution. It will not "save" IPv4, whatever that means. It will make it possible to transition to IPv6 and still access all the old sites, that have not yet made the transition.

It is not really important that slashdot.org is still IPv4 only. You can access it just fine. And slashdot.org has no need to access you.

You use IPv6 in all the cases where you wanted that nice static IPv4 address before: When running peer to peer software. Setting up your small hobby server. Using direct peer to peer VoIP. And so on.

All the consumer ISPs will transition soon enough during the next few years. We will fairly quickly be able to assume consumers will in fact be able to access IPv6 only sites. For the next 10 years you can also assume consumers will be able to access IPv4 only sites - is anyone really surprised by that?

If all your gaming friends got IPv6, playing on your private IPv6 only game server - what do you care that some backwards dialup only ISP, in a country you never heard of, still is IPv4 only?

Large scale NAT is completely moronic.

[Kaz+Kylheku]

There are only 65536 port numbers, so there is only so thin that you can spread a single IP address. Remember that some clients open many ports. There are also questions of reuse; you can't simply cram the 65536 space close to full. When a TCP connection terminates, you don't want to start reusing the port number right away. It's tricky.

People are not going to be happy to be NAT ed. Will large scale NAT also come with large scale port forwarding? Large scale UPnP? What do you do about port number abuses?

Dynamic DNS goes out the window. People can't have a quasi static IP any more with their own port 80, port 22, port 25 mail server or whatever.

If I were to be NATed, I would not want to pay more than 5 dollars a month for such a crippled connection, regardless of bandwidth. So you will automatically have to sell the service to ten subscribers like me instead of just one to make the same revenue.

As long as I can get non-NAT-ted service somewhere, than that is where I will be.

NAT == CRIPPLED_INTERNET. Impose that next door. Next city. Next country. NIMBY: not in my backyard.

And remember that if EVERYONE is NATted, then nobody can talk to anyone. Because you have to connect somewhere to use the Internet. That means resolving DNS to some IP address.

To reach a DNS server you need an IP address. So the DNS server can't be NATed. That DNS server has to hand you the IP address of a host such as a web server. Are all web servers going to be NAT ed? That means they can't be all on port 80 any more. You are looking at redirects! There will have to be a port 80 service sitting on those NAT nodes, which will intercept web traffic, parse the HTTP request and forward to the appropriate node behind the NAT.

Or else DNS will have to be re-architected so that it returns not only IP's but port numbers, so when you go to www.somewhere.com, it resolves to x.y.z.w:n, and the host x.y.z.w has port n forwarded to the right server.

Good grief, and good luck with that.

Yup, just crazy

[Midnight+Thunder]

Add to this how many more NAT workarounds we will need to have in software. We already have to deal with NAT busting solutions, now we will have to deal with double NAT busting solutions. Believe me, NAT was a workaround to a limitation and we shouldn't be using this workaround at any more levels than necessary.

There is only so much duct tape you can use before it is time to just accept you will have to install the new solution.

If IPv6 appears so hard, its because people keep on waiting for someone else to take the plunge. If you are an IT professional, then is should be your business to understand and embrace IPv6, whether that is in your network or in your software. If your issue is with your router not supporting IPv6, then make some noise to your router's manufacturer, install a third-party firmware or go with a company already offering an IPv6 capable router.

Re:Hasn't it already?

[CRC'99]

Joke aside, my network printers don't support IPv6, my 802.11 access point doesn't support IPv6, my SIP phone doesn't support IPv6, my ADSL modem/router doesn't support IPv6.

Tell me again, how is this transition supposed to work if a good 50% of equipment doesn't support IPv6?

Even if all these devices actually did support IPv6, why would I want them on publicly accessible IP addresses? The truth is, IPv6 hasn't taken off because really there is no huge need for it. Private networks (and there is gobs of IP space for those) are the norm, and in 90% of cases are more than acceptable with a device doing NAT to the rest of the world.

There is nothing stopping people having both public and private IPs (like I have) for things that don't behave behind NAT. That is unless your ISP won't give you addresses....

You mean like ipv6porn ?

[lullabud]

http://www.ipv6porn.co.nz/ is giving away free porn to anybody who can access it with an ipv6 address

Pirates rejoice

[lullabud]

This would be great for pirates, who the hell would the MPAA and RIAA sue if everybody in one region shared a single IP#?

Re:Hasn't it already?

[DeadBeef]

I don't know where you have been getting your predictions. It is pretty certain that IANA is going to run out of space about the middle of next year.

We have 14 /8's left in the IANA free pool, we use up almost 2 /8's every month.

Are you betting on the ipv4 space usage magically decreasing ( right when everyone will start freaking out about getting their last allocations )?

Port scanning posters; TOS server ban

[tepples]

slashdot.org has no need to access you.

As far as I know, Slashdot does a short port scan on your IPv4 address when you preview or post a comment in order to make sure that your machine isn't an open proxy that might be abused for vandalism. That's why your first preview of the day from a given machine is so slow: it has to wait for the connections to time out.

You use IPv6 in all the cases where you wanted that nice static IPv4 address before: When running peer to peer software. Setting up your small hobby server.

In other words, things that cable and phone companies don't really want customers on the residential plan doing in the first place, as explained in the terms of service.

If all your gaming friends got IPv6, playing on your private IPv6 only game server

By the time that happens in several years, you may have grown out of online gaming. Which of the current video game consoles supports IPv6?

Re:Hasn't it already?

[bbn]

Are you betting on the ipv4 space usage magically decreasing ( right when everyone will start freaking out about getting their last allocations )?

No no, there is always more to be found. That link of yours only show the _known_ reserves of addresses. They continue to find new fields of IP addresses and existing fields continue to find more than initially expected. This "peak IP" is never going to happen and you know it!

Re:Hasn't it already?

[j+h+woodyatt]

Haven't you heard? The IAB has known for decades that the default-free zone is continually making new IPv4 addresses as a natural function of the BGP protocol. The reason you've never heard about it is the evil telecom companies control the media and the NRO, and they don't want you to know the truth.

NAT is a money maker!!!

[DigiShaman]

ISPs are licking their chops for this. They want to roll out NAT for all default consumer grade ISP connections. It solves problems with scarcity, they profit from scarcity (want public IP? You pay extra for it), and it will jack with routing of P2P data and thus cut down on the leeches. It's a WIN-WIN-WIN for the Telco and cable companies.

If you guys think IP6 will be adopted, just wait till they find huge money in artificial scarcity of IP4 blocks. There will be no where to run and escape it! Unless you pay that premium...

Re:Hasn't it already?

[asdfghjklqwertyuiop]

why would I want them on publicly accessible IP addresses

Because they're globally unique. You'll never have a conflict of address when you start doing business with other entities with large networks or because the hotel just so happens to be using the same private addresses as a network you're trying to make a VPN connection to from your laptop.

And just because they're public addresses doesn't mean they're publicly accessible.