In short: Responding to Michael Py and to Geoff Huston's 2011-08-28
APNIC presentation which Richard Barnes cited.
Will the responses to IPv4 address space shortage (other
than everyone moving to IPv6) tie up the IPv4 Internet in a
swamp of degradations from which we may never escape?
If not, then there's no advantage to using IPv6 over IPv4,
since it seems (others have suggested this - I haven't
researched it) that some or many IPv6 hosts will be behind
the end-user's (individual's, company's, university's etc.)
NAT for reasons of security and/or local convenience. Still
every mobile device could have its own /64, and any of its
dependent devices could still have their own global unicast
IP addresses.
Hi Michael,
In "IPv6 deployment [was Re: Recent Internet governance events]" You
wrote, in part:
> Although I agree with most of what you wrote and won't comment on it
> (not worth the time going back into our collective past mistakes in
> detail), . . .
OK, as long as the mistakes are widely enough acknowledged and IPv6 is
not promoted in ways which are unrealistic about the barriers to
widespread adoption.
> . . . I do not agree with you on that one sentence:
>
>> Nothing has changed in the last 15 years or more
>
> A lot has changed.
I meant that the fundamental fact of IPv4 and IPv6 being separate
Internets, with only a handful of protocols interworking between the two.
You wrote GCN but I think you meant CGN - Carrier Grade NAT.
I think your mention of Y2K is pertinent. Though some organisations did
work on it and avoided worse outcomes, people who blew off the dire
warnings and did nothing were rewarded. They saved themselves a lot of
fuss and now have reason for generalised thinking along the lines: "I
can ignore techies jumping up and down about imminent disaster because
surely the great technical edifice of the modern world will not be
allowed to crumble." So far, (in general) they have been similarly
rewarded by ignoring warnings about the disaster of IPv4 address run-out
and the need to adopt IPv6. They will continue to think this way and
consider themselves rewarded even if the Net turns to crap over a period
of years without them realising, due to complexifying responses to the
IPv4 address shortage.
Next time make a negative value judgement in public about someone's
proposal I suggest you do better than this content-free dismissal
garnished with an attempt at condescension:
> But your IVIP thing is not worth jack crack. You are not even to the
> point where you realize why. When you have something more that
> yet-another-miracle, come back to us.
With your experience and ability to analyse and write in detail, a
statement like this might give the impression that you are being lazy or
unpleasant.
(BTW, Ivip aims to to provide mobility and scalable routing for IPv4
and IPv6 without changes to routers, current NAT arrangements,
operating systems, TCP/IP or application protocols or end-user
application software. It is not a solution for the IPv4 address
space shortage.)
Richard Barnes wrote:
> . . . see Geoff Huston's presentation on IPv6 and CGNs at APNIC 32
> all the way back in 2011 (trust me, it's entertaining, as Geoff
> usually is):
http://labs.apnic.net/presentations/store/2011-08-30-exhaustion.pdf
http://webcast.apnic.net/meetings/32/opening-hinted.mov
Here's a quote from Geoff Huston's 30 minute presentation:
. . . we are not going to transition (to IPv6) when there are
heaps of IPv4 addresses around, we are going to wait until
there are no more addresses. We are going to make this transition
mind bogglingly hard.
We are going to stress an industry that makes us money by mindless
process by forcing it to be creative. You don't want this.
Because all of a sudden, we are going to make an excursion in
transition (the slide shows a path from IPv4 to IPv6 via a loop
involving CGNs, CDNs and ALGs) by instead of making our networks
simpler, clearer, cleaner, cheaper, we are going to re-equip them
with the same paraphernalia as we had in virtual circuit worlds.
We are going to start equipping our networks with a whole bunch of
novel technologies that we only ever tried before at the edge.
Carrier Grade NATs are certainly wonderful things. We've never
really had any experience at how they load. We have no real idea
of what the compression factors are going to be - not now, but in
four or five years time.
All of a sudden we are going to start erecting *stuff* in the
network - and that stuff is actually rationing devices, scarcity
devices, apertures which *dim* your vision of the network, that
reduce the clarity of the conversation between one user and another.
And then, to make things worse, folks are going to say "That's not
good enough. I want to get my content close to those users."
This is at 14:30 - he discusses networks changing shape due to Content
Delivery Networks and Application Level Gateways rearing their ugly
little heads.
At some scale the CGNs won't scale and if we are still in a state
of denial, we will head into a world of ALGs.
I have no reason to think otherwise than that Geoff Huston's concern is
well founded: different operators adopting different band-aid approaches
to keeping IPv4 alive, in various degraded forms, leading to further
divergences in the type of connectivity offered to customers and so, I
guess, to pressure on protocol/application developers to write more and
more tricky things to cope with various degraded, diverse and not so
well connected aspects of the IPv4 Internet.
Indeed it would be easiest and best in the long term to adopt IPv6
quickly, rather than invest in bogging the entire global communications
network - and its most widely used operating system and client and
server software - in incompatible and/or complexifying patches.
I know next to nothing about Carrier Grade NAT but it sounds costly and
scary: customers running their own one or two levels of NAT (in a home
DSL router, or in a 3G/4G to WiFi box) where the top level NAT box and
the host applications behind it are expecting that NAT box to have a
complete IP address and (I guess) be able to forward specific ports to
specific IP addresses behind the NAT, or the CGN giving special
treatment to that top customer NAT box's service due to the CGN box
analysing packets going in both directions. Then then these customer
NAT boxes find themselves behind CGN and so not always able to forward a
port or support a "P2P" protocol from the one or more global unicast
IPv4 addresses the CGN box has access to.
Still more worrisome is Geoff Huston's mention of Application-Level
Gateways at the ISP. Even without an understanding of them, the
specific, current application specific, nature of such things is at odds
with the open, elegant and efficient communications we rightfully desire.
If widespread installation of CGNs and ALGs is the inevitable result of
IPv4 address depletion in the absence of any alternative (the only
alternative being everyone magically being connected to IPv6 with all
their applications working just fine, which would require massive effort
on the part of all application programmers) then we may well be headed
for the permanently entrenched degradation Geoff Huston fears.
If so, then it would be a blessing for a magic genie to appear and
promise to destroy every device which sends an IPv4 packet after
2018-01-01 - or at least convince everyone that he or she would do this.
Then there's a real chance that all users, protocol/application
developers, equipment manufacturers, operating system developers and
ISPs would knuckle down to the task of a complete change to IPv6.
IF NAT (broadly speaking) could cope with IPv4 address depletion without
tangling the Net in pervasive and entrenched degradation (I guess Geoff
Huston is right to fear that it can't), then here would be my attempt at
a truth-in-advertising footnote for any future "we must all hurry up and
adopt IPv6 because it will soon be essential" IPv6 awareness campaign.
The IPv4 Internet is separate from the IPv6 Internet. An IPv4-only
computer cannot exchange packets with an IPv6-only computer. Some
messaging protocols - most prominently, email - which rely on
intermediate servers can work fine between computers on the two
different networks. However the most widely used protocols don't
and will never be able to.
Even for protocols and application software which can work with
IPv6 there are continuing difficulties with ensuring that this
works reliably, without user intervention, when the computer has
access to both Internets, including when the connectivity to these
Internets frequently changes, as it does for many mobile devices.
The IPv4 Internet was intended to provide a direct any-to-any
connectivity for all hosts. It uses what at the time seemed like
a suitably large ~4 billion address space with a 32 bit address
field, which stretched the capabilities of many computers of the day.
Since the 1990s - due to concerns about security, for reasons of
convenience and/or due to shortage of address space - many or most
IPv4 connected devices have been behind NAT. This enabled them to
initiate and maintain sessions with non-NATed hosts - as all
public servers are - but it largely prevented one NATed host from
communicating with another. NAT and potential NAT traversal
techniques have never been properly standardized - they are
widely regarded as a kludge which is at odds with the democratic
egalitarian goal of a flat network in which all hosts can communicate
freely with all other hosts.
IPv6's vastly greater address space ensures that NAT would never
be needed for reasons of address shortages. IPv6 has not been
adopted widely, but there are reports that NAT is frequently
used with IPv6 for reasons of convenience and/or security.
IPv4 protocols, applications and patterns of use have developed
to form a two-class approach - hosts with coveted global unicast
addresses, as every public server needs - and hosts (which can't
be servers, and therefore must function only as clients) which don't
need this and are typically behind one or more layers of NAT.
This two-class arrangement works, but it is at odds with the
goals of the designers of both IPv4 and IPv6, who for good reason
desire a flat network structure in which every host can communicate
directly with every other host.
NAT is widely deployed to the point of ubiquity for "client" computers
- those in the hands and on the desks of most users. Increased use of
NAT will enable the IPv4 Internet to function indefinitely within the
constraints of its 32 bit address system. [This may not be true!]
IPv6 is the only developed technology which would be capable of
achieving a global flat network for the billions of devices which
are now used for Internet communications.
However there is little reason for users to adopt it or for
developers to create software which works with it as long as
few people use it and as long as the IPv4 Internet serves the
needs of billions of people, as they develop within the constraints
of the NAT-based two-class approach.
If IPv4 had used a 48 bit address, NAT would never have been needed
for reasons of address space shortage. Whether NAT would have been
widely adopted for reasons of convenience and or security cannot be
known, but IF NAT would have been adopted for these reasons, the
failure of IPv4 to achieve the designer's initial and still
desirable goals of a flat network cannot be ascribed to anything
inherent in IPv4 or its address space limitations. If this is the
case, then even if IPv6 was universally adopted, the flat network
goal (which would enable all protocols to function directly without
having to be written with the expectation of one or more layers of
NAT) may never be achieved due to the number of hosts which would
still be behind NAT.
- Robin