WEBINAR TUESDAY: Can We Make IPv4 Great Again?

Baldur Norddahl baldur.norddahl at gmail.com
Wed Mar 8 10:00:19 UTC 2017


EZIP has no transition strategy and is not backwards compatible with 
IPv4. The scheme is unworkable.

It is not possible to dual stack EZIP because it pretends to be IPv4.

The author of EZIP should demonstrate a working prototype. We need to 
see a setup with two clients on a shared external IP address. Then 
demonstrate that the clients can access an EZIP enabled site and also 
that the clients can access unmodified IPv4 sites such as Google.com and 
Facebook.com.

The later test will fail and there is no fix. EZIP requires a big bang 
transition where the whole world implements EZIP on the same day.

EZIP embeds extra address information in IP option headers. The remote 
site needs to take that extra address information and send back in the 
replies. The remote site needs to read the extra "source EZIP" option 
header and put that as an "destination EZIP" option header on reply 
packets. Legacy IPv4 sites do not know the meaning the extra option 
headers and can not do send them back. Packets will arrive at the EZIP 
gateway without option headers. The EZIP gateway will have no option 
other than to drop the packets, because without option headers nothing 
will differentiate the multiple clients behind the gateway.

The EZIP gateway could fall back to NAT when the remote site does not 
have EZIP support. However no method is provided that can tell the EZIP 
gateway wether the remote has EZIP support or not. Since the EZIP 
gateway works on the IP level, we can not use some DNS tricks like 
NAT64/DNS64.

Regards,

Baldur


On 07-03-2017 18:46, Jakob Heitz (jheitz) wrote:
> 1.1.1.1.e.f and 2.2.2.2.e.f both get translated to 192.168.e.f.
>
> Some higher layer protocols embed IP addresses into their data.
>
> These points make changing IP so difficult.
>
> In addition, IPv6 has link local addresses.
> This one seemingly insignificant detail causes so much code churn
> and is probably responsible for 10 years of the IPv6 drag.
> Thakfully, site local was deprecated.
>
> Thanks,
> Jakob.
>
>> Date: Mon, 6 Mar 2017 22:00:45 +0100
>> From: Baldur Norddahl <baldur.norddahl at gmail.com>
>> To: nanog at nanog.org
>> Subject: Re: WEBINAR TUESDAY: Can We Make IPv4 Great Again?
>> Message-ID: <5645714e-e468-4655-34cf-6e70aa7cfa26 at gmail.com>
>> Content-Type: text/plain; charset=utf-8; format=flowed
>>
>> That proposal is far too wordy. Here is the executive summary:
>>
>> Encode extra address bits in extension headers. Add a network element
>> near the destination that converts such that the destination IP of a
>> packet to IP a.b.c.d with extension header containing e.f is translated
>> to 192.168.e.f. In the reverse direction translate source address
>> 192.168.e.f to a.b.c.d and add option header with e.f.
>>
>> Executive summary end.
>>
>> As far as I can tell, the only advantage of this proposal over IPv6 is
>> that the network core does not need to be changed. You could communicate
>> with someone that had an EZIP address regardless that your ISP did
>> nothing to support EZIP.
>>
>> The disadvantage is that every single server out there would need to be
>> changed so it does not just drop the option headers on the reply
>> packets. All firewalls updated so they do not block packets with option
>> headers. All applications updated so they understand a new address format.
>>
>> Servers and applications could also confuse TCP or UDP streams that are
>> apparently from the same source, same port numbers, only thing that
>> differentiates the streams is some option header that the server does
>> not understand.
>>
>> The customers of the ISP that deploys EZIP would not need to update
>> anything (unless they need to communicate with other poor souls that got
>> assigned EZIP addresses), however everyone else would. This is not a
>> good balance. The customers would experience an internet where almost
>> nothing works. It would be magnitudes worse than the experience of an
>> IPv6 only network with NAT64.
>>
>> It is a fix for the wrong problem. Major ISPs have IPv6 support now. It
>> is the sites (=servers) that are lacking. If Twitter did not deploy IPv6
>> why would you expect them to deploy EZIP? Why would some old forgotten
>> site with old song texts in some backwater country somewhere?
>>
>> We already have better solutions such as CGN with dual stack, NAT64,
>> DS-Lite, MAP etc.
>>
>> None of that is discussed in the RFC. Is the author aware of it?
>>
>> Regards,
>>
>> Baldur
>>




More information about the NANOG mailing list