moving to IPv6

Alex Bligh amb at gxn.net
Sun Nov 2 17:22:29 UTC 1997


Sean Doran wrote:
> The thing that amazes me about people who are fans of IPv6
> is that they have realized that NAT is THE fundamental
> scaling technology for the Internet.

You are of course correct, but you also say...

> The technical goal is that end to end services will work,
> period, in all cases.

<DELIBERATELY PROVOCATIVE>

... indeed. But this can be accomplished at an even higher
layer than NAT uses. EG It's entirely possible to implement
a web browsing service without an IPv4 globally routable
address space, and without NAT, just by using caching
proxy technology (*). An entire ISP serving millions
of users could live on a single class C. Not so
long ago, we saw one IP address per web site.
HTTP extensions now make one address per server
possible. Running a provider-side proxy you could
theoretically have 1 IP address per farm. An
application layer solution is thus also doable.

(*)=scalability of this vs NAT is another argument of
    course.

Many applications can be fixed up the same way.
Mail? Who needs to talk to anything but a local
SMTP/POP server? We had a lot of talk at NANOG
about how in general allowing users to talk
to arbitrary SMTP servers was a bad thing. Fine.
Dual home your SMTP server and run your users
on private address space. They can't spam any
more.

In a world where the internet industry is becoming
more and more like the telecoms industry, the
necessity of users to have protocol level access
to the network is diminishing, and the dangers
of doing so are becoming greater. Which telcos
will blithely hand out SS7 interconnects to
users? Without (routable) IP access, there
would be no SYN floods of distant networks, no
source spoofing, less hacking, easier traceability,
and the BGP table need only be OTO 1 entry per
non-leaf node on a provider interconnection
graph.

Of course there would be applications that would
suffer. No telnet for instance, except through a telnet
gateway at each end (and, urm, that's probably
not a bad thing). Risk of snooping by ISPs
on private data (well they can do that anyway,
and if you really care, send it encrypted).
No IPv4 intranet applications between customers
of different providers (hang on, didn't IPv6
require tunnels anyway?). No broken protocols
which encapsulate network addresses within
the payload (oh well - rewrite the protocols).

Sean seems to predicts death of end to end
network layer addressing. How about the
death of end to end internet? Instead
run with a core of IPv4 numbered routers
and application layer gateways. Run everything
else in private address space. 10.0.0.0/8
has pleny of room.

</DELIBERATELY PROVOCATIVE>

-- 
Alex Bligh
GX Networks (formerly Xara Networks)





More information about the NANOG mailing list