On dinsdag, apr 29, 2003, at 20:24 Europe/Amsterdam, Peter Deutsch
wrote:
I personally suspect that the Nestorians are on to something here, but
I'd be happy to study the data and reach an alternative conclusion if I
could have something beside this on-going "Jane, you ignorant slut"
level of debate.
So here are a few things we could ask:
- So what percentage of machines really are being NATed right now?
- What percentage of traffic is generated and consumed by NATed
hosts?
- What's the deployment rate of IPv6 (ie. is it growing fast enough
to matter to me in five years?)
How is answering any of these questions going to help us? "Oh, NATed
traffic is 7% and not 5%! You are right we should have site local
addresses then!"
The current state of IPv6 deployment has very little bearing on future
IPv6 deployment. Just look back 20 years in IPv4. I don't think any of
the problems we have today could have been predicted by looking at the
network then.
Getting provider independent addressing is plausible - we just need
to make the network topology (somehow) stop being controlled by the
providers.
:-) And I thought I'd seen it all in multi6.
Getting addressing that is independent of the topology is a much more
interesting problem. That one I don't believe we have any way to
accomplish yet, that works with routing. Until we do, we need
addressing for local use.
As I read this my first reaction was "great observation, it's good to
see a new idea enter this debate". Then, a milliblip later my brain
fired a neuron that yelled out "Hey, aren't NATs just a means for users
to provide themselves with a topologically independent addresses to
divorce them from the topologically oriented address space imposed on
them by their ISPs?"
No, of course not. That's like saying English is the official language
of China because when you read about something said in China it is
translated in English.
The problem with renumbering isn't the address the host thinks it has
itself, but the address others think it has. We have well-established
procedures for assigning addresses to hosts. Changing the address a DNS
name points to is much, much more difficult, and changing references to
addresses elsewhere, such as in filter configurations, is a nightmare.
There are lots of good reasons to go for a Monophysitian address space,
so presumably there must be some compelling alternative reasons why
people keep ignoring this principle. It looks like we might want to add
"provides non-topologically structured address space" to the list of
advantages for NATs. Personally, I believe that 142 percent of the
people that install NATs do it for this reason alone!! ;-)
I wouldn't presume to know why people use NAT because I'm not one of
them. (Beginning to feel like a minority.) But let me make some
observations:
- If we don't give people any sort of private address space, many will
just take something and at some point some of this will clash with
something else.
- If we set aside a small range of addresses for private use, many
people will use the same addresses so when networks merge there will be
trouble. In IPv4, this is often solved with NAT. So in IPv6 the same
will happen OR people will have spend a lot of time and money
renumbering.
- If we allow people to register non-routable globally unique addresses
for private use, eventually some of this address space will leak out
into the global routing table. In IPv4, filtering private address
ranges and long prefixes is well-established and if and when this
fails, the consequences are negligible.
So it seems to me that we are trying to make up our mind between a rock
and a hard place while in fact a third option is almost completely
painless.
We may also want to contemplate the difficulty of attaching secure
services to ambiguous address space.