ietf
[Top] [All Lists]

RE: Why people by NATs

2004-11-26 08:21:16
On Thu, 2004-11-25 at 14:53 -0800, Michel Py wrote:
Jeroen Massar wrote:
What if you want to do VoIP from _multiple_
computers or even real VoIP phones.

This has never been an issue in the enterprise.

Indeed not if they are keeping the traffic local or using a proxy.
Then you don't have to circumvent NAT anyhow.

<SNIP>

Or something nice as setting up a gameserver behind your NAT.

Newer game protocols work fine over NAT.

Please tell me how to setup a eg Doom III, Halflife2 server behind a NAT
and let other people on the internet connect to it.
Thus to draw a picture for you:

+-------------+     +---------+     .--,--,--.       +-------------+
| Game Server |-----| NAT Box |----{ Internet }------| Game Client |
+-------------+     +---------+     `-,---,--'       +-------------+

This maybe works if you have an uPnP compatible NAT and when above two
support uPnP, but afaik both don't support that. And please don't say
you have to do manual port forwarding on the NAT box.

End to end is not possible in the above, or an even more common
situation, because of course ISP's have "to few IPv4 addresses" and
"IPv4 addresses are expensive" thus they charge you for it, thus most
people only get 1 IP address, because there simply isn't an alternative
in most cases (ISP's should charge for traffic not IP's):

+-------------+  +-------+   .--,--,--.   +-------+  +-------------+
| Game Server |--| NAT_A |--{ Internet }--| NAT_B |--| Game Client |
+-------------+  +-------+   `-,---,--'   +-------+  +-------------+

How will this work? Open 'known ports' on each NAT box? What if you have
two brothers behind NAT_B who want to play a competition to the two
sisters running the Game Server behind NAT_A? Won't work now will it.
Or are you depending on a public server on the internet?
Guess why there are hosting companies selling "Game Server" packages and
they earn a lot of centavos with that, apparently for them it is not so
hard to get enough IP's, may they be IPv4 or IPv6.

This where NAT sucks: game developers have to write NAT-compatible
code. But they do: contrary to IPv6 which is optional, NAT support has
become mandatory. No NAT support no sales. No IPv6 support nobody
gives a rip.

Chicken and egg, you know the problem quite well.
They could easily support it, but for some reason they don't.
I actually wonder why, because it is not hard at all to do it.

For the coder folks:
http://gsyc.escet.urjc.es/~eva/IPv6-web/ipv6.html

Tell me: which game would you be playing?
1. The game that works over IPv4 NAT.
2. The game that works only over IPv4 no-NAT.
3. The game that works only over IPv6.

Nobody demands an IPv6-only anything. Dual-stack is the keyword
everywhere in all the transition documents I have seen.

Answer: 1. Because 2 does not exist (save for the hacked Quake done by our 
Viagenie friends) 
and 3 does not sell because NAT is the standard setup these days. Have
a good frag with yourself with IPv6.

You mix up 2&3 here, but absolutely correct, when there is no chicken,
there will be no egg. Someone has to start doing it and then it will
come by itself.

Nevertheless, most homes currently only consist of
maybe 3 Ethernet segments 

Where does this come from? 99.9% of home/SOHO setups consist of _one_ 
Ethernet segment.

Read the "maybe" part, I should have inserted a 'max' here though.

I'm not defending NAT, but the course of action that says people will have to 
use IPv6 because NAT is not working is flawed.

Quoting yourself from above:
This where NAT sucks: game developers have to write NAT-compatible
code.

I rest my case ;)

What if I wanted to use IPv6 in Mexico while on vacation? I actually could: I 
would have to tunnel it over IPv4 over double NAT.

- What would it buy me? Nothing. 
- What would it cost me? Configuration time. Not too bad, but do you realize
  know how hard it is to configure a network with the laptop on your lap,
  a hand holding the pinacolada glass (harder than Noel's) and your eyes
  looking at the chiquitas on the beach?

Freenet6 has had this nice automatic tunneling tool for quite some time
already. Oh and due to the many people behind NAT's it also crosses
that. And I know another effort who can do this. Not even mentioning
VPN's (IPv4 and IPv6 over NAT :) which seem to be your solution of
choice.

- What would it buy the cybercafé owner to have IPv6?
Nothing. First, if I needed IPv6 while traveling I would not rely on
availability so I have my own. Second, his tunneling might be worse
than my own (the cybercafé does not run BGP; I do).

You run BGP where? On your laptop, tunneling IPv4/IPv6 over the cafe's
IPv4/IPv6 connectivity? This does not make sense.

Would the
cybercafé owner be able to charge me $2 for 30 minutes instead of $2
per hour? No. Would I choose his cybercafé instead of the one next
door if the sign said "IPv6"? No.

The question is more: would you pay $2 for 30 minutes of non-NATted
connectivity against $2 for 60 minutes of NAT-ted and crippled
connectivity ? Easy choice for me, I rather pay a bit more for real
connectivity, and what is $2 on your daily spending when you are on
holiday?

- What would it cost the cybercafé owner to have IPv6? Lots of money,
especially in pesos. First, replace this $50 NAT box with an IPv6-
capable router. Then, get someone to configure it.

One does not need to replace it _now_, you can do tunneling until you
get your next batch of equipment that does support it. Upgrade cycle for
most computer related material is around ~5 years or something. In 2/3
cycles you will need IPv6 for sure and every vendor should have caught
up by then. There are already some vendors who do it now.

Wonder why $2/hour cybercafés in Mexico have IPv4/NAT and not IPv6?

Because IPv6 is not there yet, but that will come, you didn't have IPv4
everywhere 20 years ago either ;) And what did a router cost back then,
NAT boxes didn't even exist upto about 10 years ago.

Did somebody steal your laptop in Mexico and type a lot of non-sense in
your name ? :)

Greets,
 Jeroen

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
<Prev in Thread] Current Thread [Next in Thread>