Rate of growth on IPv6 not fast enough?

Mark Smith nanog at 85d5b20a518b8f6864949bd940457dc124746ddc.nosense.org
Fri Apr 23 11:15:52 CDT 2010

On Thu, 22 Apr 2010 07:18:18 -0400
William Herrin <bill at herrin.us> wrote:

> On Wed, Apr 21, 2010 at 11:31 PM, Owen DeLong <owen at delong.com> wrote:
> > On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
> >> William Herrin wrote:
> >>>> Not to take issue with either statement in particular, but I think there
> >>>> needs to be some consideration of what "fail" means.
> >>>
> >>> Fail means that an inexperienced admin drops a router in place of the
> >>> firewall to work around a priority problem while the senior engineer
> >>> is on vacation. With NAT protecting unroutable addresses, that failure
> >>> mode fails closed.
> >>
> >> In addition to fail-closed NAT also means:
> >>
> >>  * search engines and and connectivity providers cannot (easily)
> >>  differentiate and/or monitor your internal hosts, and
> >>
> > Right, because nobody has figured out Javascript and Cookies.
> Having worked for comScore, I can tell you that having a fixed address
> in the lower 64 bits would make their jobs oh so much easier. Cookies
> and javascript are of very limited utility.
> On the other hand, I could swear I've seen a draft where the PC picks
> up random unused addresses in the lower 64 for each new outbound
> connection for anonymity purposes. Even if there is no such draft, it
> wouldn't exactly be hard to implement. It won't take NAT to anonymize
> the PCs on a LAN with IPv6.

Might be this -

"Transient addressing for related processes: Improved firewalling by
 using IPv6 and multiple addresses per host." by Peter M. Gleitz and
 Steven M. Bellovin (i.e. the Steven Bellovin who shows up on this
 list quite often)


> >>  * multiple routes do not have to be announced or otherwise accommodated
> >>  by internal re-addressing.
> >
> > I fail to see how NAT even affects this in a properly structured network.
> That's your failure, not Roger's. As delivered, IPv6 is capable of
> dynamically assigning addresses from multiple subnets to a PC, but
> that's where the support for multiple-PA multihoming stops. PCs don't
> do so well at using more than one of those addresses at a time for
> outbound connections. As a number of vendors have done with IPv4, an
> IPv6 NAT box at the network border can spread outbound connections
> between multiply addressed upstream links.
> On Thu, Apr 22, 2010 at 2:10 AM, Franck Martin <franck at genius.com> wrote:
> > http://www.ipinc.net/IPv4.GIF
> > The energy that people are willing to spend to fix it (NAT, LSN),
> > rather than bite the bullet is amazing.
> A friend of mine drives a 1976 Cadillac El Dorado. I asked him why
> once. He explained that even at 8 miles to the gallon and even after
> having to find 1970's parts for it, he can't get anything close to as
> luxurious a car from the more modern offerings at anything close to
> the comparatively small amount of money he spends.
> The thing has plush leather seats that feel like sinking in to a comfy
> couch and an engine with more horsepower than my mustang gt. It isn't
> hard to see his point.
> Regards,
> Bill Herrin
> -- 
> William D. Herrin ................ herrin at dirtside.com  bill at herrin.us
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004

More information about the NANOG mailing list