Google wants to be your Internet

Jeroen Massar jeroen at
Tue Jan 23 19:51:53 UTC 2007

[ 2-in-1, before I hit the 'too many flames posted' threshold ;) ]

Roland Dobbins wrote:
> On Jan 22, 2007, at 10:49 AM, Jeroen Massar wrote:
>> But which address space do you put in the network behind the VPN?
>> RFC1918!? Oh, already using that on the DSL link to where you are
>> VPN'ing in from..... oopsy ;)
> Actually, NBD, because you can handle that with a VPN client which does
> a virtual adaptor-type of deal and overlapping address space doesn't
> matter, because once you're in the tunnel, you're not sending/receiving
> outside of the tunnel.  Port-forwarding and NAT (ugly, but people do it)
> can apply, too.

How do you handle talking to, oh I do mean a
different one. Or do you double-reverse-ultra-NAT the packets !? :)

One doesn't want to solve problems that way. That is only seen as
creating problems. Good for a consultants wallet, but not good for the
companies using it and neither good for the programmer who had to work
around it in all his applications.

>> That is the case for globally unique addresses and the reason why banks
>> that use RFC1918 don't like it when they need to merge etc etc etc...
> Sure, and then you get into double-NATting and who redistributes what
> routes into who's IGP and all that kind of jazz (it's a big problem on
> extranet-type connections, too).  To be clear, all I was saying is that
> the subsidiary point that there are things which don't belong on the
> global Internet is a valid one

One can perfectly request address space from any of the RIR's and never
ever announce or connect it to the internet. One can even give that as a
reason "I require globally unique address space" and you will receive it
from the RIR in question. One doesn't need to use globally unique
address space in the "Internet", it is perfectly valid to use it as a
disconnected means. Simple example which nicely works:
That network is definitely used, but not to be found on the Internet.

Also, how many military and bank networks are announced on the Internet?
If they are announced, they most likely are nicely firewalled away or
actually disconnected in all means possible from the Internet and just
used as a nice virus trap, as those silly virusses do scan them :)

> and entirely separate from any
> discussions of universal uniqueness in terms of address-space, as there
> are (ugly, non-scalable, brittle, but available) ways to work around
> such problems, in many cases.

You actually mean that you love to create all kinds of weird solutions
to solve a problem that could have easily be avoided in the first place!?

I don't think I would like to have your job doing those dirty things.

With IPv6 and ULA's especially those mistakes fortunately won't happen
that quickly any more. Saves you, me, and a load of other people a lot
of headaches. Maybe you won't be able to consult for them any more and
make quite some money off them, well that is too bad.

And now for some asbestos action:

short summary:
  a) use global addresses for everything,
  b) use proper acl's),
  c) toys exist that some people clearly don't know about yet ;)

No further technical content below, except for a reply to a flame.
(But don't miss out on the pdf mentioned for the toys ;)

Jim Shankland wrote:
> In response to my saying:
>> I'd love to hear the business case for why my home electrical meter
>> needs to be directly IP-addressable from an Internet cafe in Lagos.
> "Jay R. Ashworth" <jra at> responds, concisely:
>> It doesn't, and it shouldn't.  That does *not* mean it should not
>> have a globally unique ( != globally routable) IP address.
> and Jeroen Massar <jeroen at> presents several hypothetical
> scenarios.

Are you trying to say that I make things up? Neat, lets counter that:
(yes, I know large slideset, unfortunately where the
pix came from is not available anymore and I can't find another source)

Slides 50-57 show some nice toys which you can get in the Asian region
already. This is thus far from "hypothetical". Note the IPv6 address on
that hydro controller's LCD, it can be used to water your plants. Yes,
indeed, when that show was happening, it was globally addressable, just
like the camera and all the other toys there. And yes, I gave the plant
water using telnet :)

That you don't have it, That you didn't see it yet, doesn't mean it does
not exist.

> Note that the original goal was for electrical companies to monitor
> electrical meters.  Jeroen brings up backyard mini-nuke plants, seeing
> how much the power plug in the garden is being used, etc.  These may
> all be desirable goals, but they represent considerable mission creep
> from the originally stated goal.

What is your point with writing this section? Trying to explain that it
does not conform to your exact wishes? Or do you just want to type my
name a couple of times to practice it? I know it is as difficult to
pronounce as to type it ;) Dunno what I should read in it, it doesn't
have any technical content or arguments for any of your points.

> None of Jeroen's applications requires end-to-end, packet-level access
> to the individual devices in Jeroen's future (I assume) home.

Using a my name twice in a sentence, I must be important to target.

Actually those applications DO require end-to-end, just like anything
else. How else would you address them otherwise? If they are not
addressable, how do you communicate with it?

> You can
> certainly argue that packet-level connectivity is better, easier to
> engineer, scales better, etc., etc.; but it is not *required*.

Thus you do actually agree with it, but just  want a strange work
around. I fully understand that selling middle boxes for all kinds of
things is a lot of fun and can earn people lots of cash, but some people
just want to stick with one protocol at a time please.

Just an example, to keep it a bit technical and at least a bit on
subject: using SNMP to monitor the power meters at all your customers.
you can thus use cacti or any other standard tool you are using for
doing this.

Another nice example in this area is IPFIX, which is actually MADE for
doing that. Oh note that I had a IPFIX meter for showing the amount of
cans and other things dispensed from the vending machine, so yes, it
already exists, it is not hypothetical.

Or did you want to create a middlebox for that? How are you going to
address those middle boxes from your computer?

> In fact, there are sound engineering arguments against packet-level
> access:  since we've dragged in the backyard nuke plant, consider what
> happens when everybody has a backyard mini-nuke, with control software
> written by Linksys, and it turns out that sending it a certain kind
> of malformed packet can cause it to melt down ....

Simple Hint: Firewall
Next to that, as NANOG is a U.S. thing: Sue them.

Also, if a malformed packet can cause a meltdown by that device, then I
would not be surprised if the other way of accessing that device (the
one you propose and have to come up with out of thin air) would also
contain a similar bug when it would be implemented.

At least the advantage of IP is that it has already been tested by a
large amount of implementations and people around the world so that
those kind of bugs are much less likely to occur in the first place.

Has your newly addressing scheme been tested that well? As it is
addressing, is it 32 or 128 bits? 64 bits you say, conforming to EUI-64

> No matter.  Reasonable people can disagree on the question of whether
> every networkable device benefits from being globally, uniquely
> addressable.

Indeed, because unreasonable people only think of themselves and don't
see the broader scope of things and that tiny projects suddenly become
large. But you will disagree with that, because you are reasonable.
Now if you had a proper technical argument against I would become less
unreasonable as then you had something to reason with against my proper
technical arguments.

>  The burden on the proponents is higher than that:  there
> are *costs* associated with such an architecture, and the proponents
> of globally unique addressing need to show not only that it has
> benefits, but that the benefits exceed the costs.

I agree with this completely, especially when you have to design,
implement, and test a completely new addressing mechanism for addressing
all those devices, build middle boxes, to let them actually talk to the
users/tools/devices that want to communicate with them and a lot more,
that will cost a lot of money. I did I misread your sentence there, sorry :)

It will make companies happy of course, but will users be?

Note that you can get sensors that speak IP for about 1 EUR each if it
isn't less than that already.

>  Coming full circle, the original
> assertion was that IPv6 was required in order for electric companies
> to use IP to monitor US electric meters.  That assertion is false, and
> no amount of hand-waving about backyard nuke plants will make it true.

As you are clearly targeting this email only on me and not on others; I
never said that an electrical company would require IPv6. They can use
IPv4 perfectly fine too. The problem with IPv4 though is that there are
only 2^32 addresses and that is not enough for most companies that are
in this business. As such using IPv6, which has a vastly larger
addressing space, would simply solve that problem and still allow them
to use their common IP tools that they already have invested in.

> The history of IPv6 has been that it keeps receding into the future
> as people's use of IPv4 adapts enough to make the current benefit of
> switching to IPv6 smaller than the cost to do so.

You mean that your usage of the Internet has been limited more and more
to a sandbox from which you are not able to communicate unless you use
strange hacks? Sorry, but that really is your problem if you desire
that. Quite some other people that use the Internet actually do want to
communicate with other people and devices on the Internet without having
to install all kinds of hacks to get over and out of their sandboxes.
Doing it without the hacks makes that possible. IPv6 makes that possible.

To make it clear: The main benefit of IPv6 is a large amount of
addressable endpoints.

> Perhaps after a decade or so, we're nearing the end of that road.
> Or perhaps, as F. Scott Fitzgerald once wrote about IPv6, it is:

"Francis Scott Key Fitzgerald (September 24, 1896 – December 21, 1940)"

Sorry, but fat chance that he wrote anything about IPv6 let alone IPv4.
He did write a couple of great books though, and one can't avoid liking
the music he made.


PS: Some people actually have a desire to look out for the next 100
years and what will be possible, they actually dream about cool toys,
and freedom, especially freedom on the Internet and on the rest of the
planet, restricting addressing is not freedom.

PPS: try to find out which IPv6 address can be used to water the plants
in my home :) [small hint: it is registered in DNS]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the NANOG mailing list