With marketing campaigns like these, no consumer will want to use IPv6, if it becomes associated with privacy problems.
http://torrentfreak.com/huge-security-flaw-makes-vpns-useless-for-bittorrent-100617/
It is, of course, totally irrelevant whether the reporting is factually correct or even based on real IPv6 issues or not, this is how public opinion is formed.
The only takeaway from this to a non-technical user is that IPv6 is bad and the correct solution is to turn it off.
- Zed
I think that the idea that your communications are purely anonymous is something that has been put out there by people that do not get the technology.
I recall explaining to some nice folks at the Secret Service back in the 90's where some emails came from, and how to actually get in contact with the real person who made threats against the president.
Do these people take their license plates off their cars while they drive on the streets, or scratch out their VINs?
To think it's impossible to determine attribution on the internet is foolish.
- Jared
(While there are legal torrents, and that's *surely* the only reason for piratebay to be used, it does not excuse the criminal activity if you *think* you can't be tracked).
Why do people still think consumers 'want IPv6', they want IPv6 as much as they want IPv4. They don't know what an IP addresses is, let alone will grasp the whole idea there are 2 kinds.
All they want is their googles, facebooks, twitters and the occasional download to work (of course nobody would admit to filesharing). And it's our job to make it so, wether it's via IPv6 or CGN. In the end they won't have much choice and if we do our jobs correctly, 95 % of them won't even notice.
Just my 2 cents,
MarcoH
I'd really like to talk to the guy who presented this. Does anyone happen to have a contact for him? Feel free to send it privately if you do.
Sean
There's a bit of critique on the NAT444 document on the BEHAVE IETF WG list.
"draft-donley-nat444-impacts-01 is somewhat misleading. It claims to analyze NAT444, but it really analyzes what fails when two problems occur: (a) port forwarding isn't configured and (b) UPnP is unavailable or is broken. Several architectures share those two problems:
* NAT444 (NAPT44 in the home + NAPT44 in the carrier's network)
* LSN (NAPT44 in the carrier's network, without a NAPT44 in the home)
* DS-Lite (which is an LSN / NAPT44 in the carrier's network)
* stateful NAT64"
http://www.ietf.org/mail-archive/web/behave/current/msg09027.html
Be that as it may and putting my devil's advocate hat on, aren't the unintended consequences of NAT444 a net win for ISPs? 
Basic Internet services will work (web browsing, email, Facebook, Youtube,...), but:
- Less torrenting
- Less Netflix watching
- Less FTP downloads
- Less video streaming in general (webcams, etc.)
You might take a hit on online gaming, but what else is there not to love?
Your sales department / helpdesk might have a bit of hassle of trying to undestand / explain this new Intertubes to the suck^H^H^H^Hcustomers, but most of them won't care either way.
Now correct me if I'm wrong, but isn't some kind of NAT/PAT going to be required to join the IPv4 and IPv6 domains in all foreseeable futures? If so, aren't we going to have to deal with these issues in any case?
- Zed
You forget:
- no IPv6 tunnels
Deploying NAT444 without IPv6 is a very bad thing.
I'd compare it with borrowing some money:
When you make NAT64 to reach from IPv6 to IPv4, you are borrowing the
money to build a new house.
When you make NAT444, you borrow the money to repay the debt you made
by borrowing the previous month.
Both are borrowing.
Depending on the circumstances you may need both.
cheers,
andrew
In case you have not already found this:
draft-donley-nat444-impacts-01There's a bit of critique on the NAT444 document on the BEHAVE IETF WG list.
"draft-donley-nat444-impacts-01 is somewhat misleading. It claims to analyze NAT444, but it really analyzes what fails when two problems occur: (a) port forwarding isn't configured and (b) UPnP is unavailable or is broken. Several architectures share those two problems:
* NAT444 (NAPT44 in the home + NAPT44 in the carrier's network)
* LSN (NAPT44 in the carrier's network, without a NAPT44 in the home)
* DS-Lite (which is an LSN / NAPT44 in the carrier's network)
* stateful NAT64"
I don't think the draft makes any attempt to claim that the problems are unique to NAT444, so, the above, while
technically accurate isn't particulrarly meaningful.
[BEHAVE] comments on draft-donley-nat444-impacts
Be that as it may and putting my devil's advocate hat on, aren't the unintended consequences of NAT444 a net win for ISPs?
I guess that depends on whether you like having customers or not.
Basic Internet services will work (web browsing, email, Facebook, Youtube,...), but:
- Less torrenting
- Less Netflix watching
- Less FTP downloads
- Less video streaming in general (webcams, etc.)You might take a hit on online gaming, but what else is there not to love?
+ More support phone calls
+ More unhappy customers
+ More cancellations
+ Less revenue
+ More costs
+ CALEA joy
Your sales department / helpdesk might have a bit of hassle of trying to undestand / explain this new Intertubes to the suck^H^H^H^Hcustomers, but most of them won't care either way.
An interesting theory.
Now correct me if I'm wrong, but isn't some kind of NAT/PAT going to be required to join the IPv4 and IPv6 domains in all foreseeable futures? If so, aren't we going to have to deal with these issues in any case?
No, we need to move forward with IPv6 on all levels in order to reduce the need for these solutions.
Joining the IPv4/IPv6 domains doesn't work out all that well and a dependency on doing so is
broken in a number of ways, many of which are documented in the draft.
Owen
If you are in a circumstance where you need to borrow money this month to repay your debt
from last month, then, generally, you are on the fast track to bankruptcy court or a congressional
investigation, perhaps both, depending on the size of debt snowball you are able to build.
In the first case, you borrow money to leverage equity and there is a reasonable chance that
by the time you pay off the loan, the value of what you built exceeds the amount borrowed.
In the second case, you end up in a lather-rinse-repeat process where your debt load continues
to grow and grow until it overpowers you.
It's a good analogy, but, the second form of borrowing is far worse than the first.
Owen
> Now correct me if I'm wrong, but isn't some kind of
NAT/PAT going to be required to join the IPv4 and IPv6
domains in all foreseeable futures? If so, aren't we going
to have to deal with these issues in any case?
>
No, we need to move forward with IPv6 on all levels in
order to reduce the need for these solutions.
Reduce, yes. Remove, no. Without a global cutoff date for the IPv6 transition, it's not like IPv4 is going to disappear overnight. Furthermore, without any IPv4/IPv6 translation, the first IPv6 only networks are going to be awfully lonely.
Joining the IPv4/IPv6 domains doesn't work out all that
well and a dependency on doing so is
broken in a number of ways, many of which are documented in
the draft.
We agree that IPv4/IPv6 domain interoperability is broken, but it's not like we can ignore the issue. So, unless I'm very much mistaken, the NAT/PAT issues are going to have to be dealt with. Or do you propose an alternative solution?
Please note that this is not an anti-IPv6 stance. To me it looks like the problems plaguing NAT444 need to be solved just to make IPv4 and IPv6 co-exist. Perhaps not the very same problems, but similar NAT/PAT problems in any case. Please do tell me I'm wrong. Bonus points for explaining why I am wrong or how the IPv4/IPv6 thing is to be solved without NAT/PAT.
- Zed
Now correct me if I'm wrong, but isn't some kind of
NAT/PAT going to be required to join the IPv4 and IPv6
domains in all foreseeable futures? If so, aren't we going
to have to deal with these issues in any case?No, we need to move forward with IPv6 on all levels in
order to reduce the need for these solutions.Reduce, yes. Remove, no. Without a global cutoff date for the IPv6 transition, it's not like IPv4 is going to disappear overnight. Furthermore, without any IPv4/IPv6 translation, the first IPv6 only networks are going to be awfully lonely.
That depends on the number of IPv4 only networks vs. dual stack networks when that happens.
Joining the IPv4/IPv6 domains doesn't work out all that
well and a dependency on doing so is
broken in a number of ways, many of which are documented in
the draft.We agree that IPv4/IPv6 domain interoperability is broken, but it's not like we can ignore the issue. So, unless I'm very much mistaken, the NAT/PAT issues are going to have to be dealt with. Or do you propose an alternative solution?
Dual stacking all the IPv4 networks is the alternative solution. Initially it will be the IPv6 only users that are lonely.
Relatively quickly, it will be the IPv4 only networks that are lonely as the bulk of users will, I suspect, become
IPv6 preferred relatively quickly once there is no more IPv4 at the RIR level.
Please note that this is not an anti-IPv6 stance. To me it looks like the problems plaguing NAT444 need to be solved just to make IPv4 and IPv6 co-exist. Perhaps not the very same problems, but similar NAT/PAT problems in any case. Please do tell me I'm wrong. Bonus points for explaining why I am wrong or how the IPv4/IPv6 thing is to be solved without NAT/PAT.
I think that effort spent trying to solve those problems is better spent moving existing IPv4 things forward to
dual stack. You only need to solve those problems to the extent that there are meaningful things still
trapped in an IPv4-only world. Move them to dual stack and the problem goes away.
Owen
I suspect Google, Microsoft, and others have already figured out a
beneficial (to everyone) way to monetize this. If I'm an ISP with
working IPv6, and my competitor in a given region is an ISP without
IPv6, I'd like to advertise to all the end-users of that ISP whenever
they go to a search engine that sells ads.
Since these search engine companies have figured out white-listing
users into "good IPv6," it's no great leap to suggest that they'll
eventually black-list IPv4 users into "bad," and tie that into their
advertising system for ISPs to purchase nicely-targeted banners/links.
If my ISP is reading this, please tell both your residential and
business technical and sales departments to come up with a better
answer than "we are not going to support IPv6 because that's only for
ISPs that run out of IPv4." Otherwise, I'd bet Google will be more
than willing to let your competitors give customers a different answer
in the near future!
From: Jeff Wheeler
Sent: Friday, February 18, 2011 8:13 AM
To: nanog@nanog.org
Subject: Re: [arin-ppml] NAT444 rumors (was Re: Looking for an
IPv6naysayer...)I suspect Google, Microsoft, and others have already figured out a
beneficial (to everyone) way to monetize this. If I'm an ISP with
working IPv6, and my competitor in a given region is an ISP without
IPv6, I'd like to advertise to all the end-users of that ISP whenever
they go to a search engine that sells ads.
One thing they can do, and I would live to see some popular destination
site do this, is to say something like:
"we have this really cool new thing we are rolling out but, sorry, it is
available only via IPv6" or "we will continue supporting all of today's
features on v4 but all new features will be rolled out on v6 only".
That would result in eyeballs demanding access to that content and
nothing drives innovation like customer demand does.
Given that virtually all of the "popular" applications are ignorant of the underlying infrastructure I don't see this happening. Its simply too expensive to build something and not get it in front of as many eyeballs as possible even (perhaps especially) if your application is free (ad supported). We've only seen the large scale shift to applications really being mobile aware in the last few years. Anyone else remember when WAP was supposed to (and didn't) make a huge splash on mobile web use?
You never been told something like "We don't do (or stock) that because
there's no demand for it! You know, you're the Nth person to ask about it
today." I have, and many more times than merely once.
You never been told something like "We don't do (or stock) that
because
there's no demand for it! You know, you're the Nth person to ask about
it
today." I have, and many more times than merely once.--
Mike Andrews, W5EGO
mikea@mikea.ath.cx
Tired old sysadmin
Right, so what it takes is someone out there to create the demand. It
would actually be a great public service if someone were to do that.
Some social networking, gaming, or some other sort of site that only the
"cool kids" can access via v6, maybe.
Nothing drives people nuts more than knowing there is something out
there that they can't access. Create something like that AND generate
some buzz surrounding it, particularly if someone hears people talking
about it and they can't access it themselves to see what the buzz is all
about, and you have just built the required demand for v6 migration. It
is going to take v6-only content to do that, I think. Frankly, a v6 only
service is easier to build and deploy. Dual stacking causes problems
with many applications, if it is native v6 and v6 only, it removes a lot
of the "issues" with v6 migration.
http://www.jetcafe.org/~npc/isp/large.html
If you take the 5 top US ISPs and get them to do dual stack IPv6, that's 50 million subscribers in the US only.
I think google and others will notice some serious traffic happening.
It took a market share of 10 to 20% of Mozilla for web developers to go back to support ALL browsers. Same for mobile web site a 10% surfing rate got many companies to develop web sites for mobiles.
If I recall Comcast and Time Warner are participating in IPv6 day. This should create enough eyeballs to show on web analytics graph and provide the shift that makes nat444 irrelevant.
For a network operator I'm looking at the ipv6 ipv4 ASN ratio. Once it passes 10% we will have a snow ball effect in the core.
Toute connaissance est une réponse à une question
Ranking Internet Service Providers by Size
If you take the 5 top US ISPs and get them to do dual stack IPv6, that's 50 million subscribers in the US only.
I think google and others will notice some serious traffic happening.
We're years from the point where any one of them will have more than a tiny fraction of their traffic as IPv6 and that's assuming that all we have to deal with are the known problems.
It took a market share of 10 to 20% of Mozilla for web developers to go back to support ALL browsers. Same for mobile web site a 10% surfing rate got many companies to develop web sites for mobiles.
Not really comparable because in both of those cases users were making a choice, because they perceived some benefit, and hence there was demand to adapt to those new platforms. There is almost 0 demand for IPv6 from consumers and what is there is from the technologists. We don't have a situation where the existing infrastructure doesn't work, it does.
If I recall Comcast and Time Warner are participating in IPv6 day. This should create enough eyeballs to show on web analytics graph and provide the shift that makes nat444 irrelevant.
I wish, but IPv6 day will be much more of a media event than anything else. Keep in mind that none of these things are what I wish only what I believe to be accurate.
100% agree. No volunteers yet for making their awesome new service IPv6-only 
One thing they can do, and I would live to see some popular destination
site do this, is to say something like:"we have this really cool new thing we are rolling out but, sorry, it is
available only via IPv6" or "we will continue supporting all of today's
features on v4 but all new features will be rolled out on v6 only".
I doubt any top web sites or popular services will do this, because
there is no commercial advantage to it. It is great to see Google,
Yahoo, and other companies taking a big step by deciding to serve up
AAAA by default for one day. It also should indicate to everyone how
far we are from the goal line, not because Google or Yahoo aren't
doing their homework, but because their end-users' ISPs aren't. If
these companies are only willing to do AAAA by default for one day on
a trial basis, and that with months of notice and perhaps preparation,
they clearly should not be willing to make some cool new
revenue-generating feature exclusive to IPv6 end-users.
If I recall Comcast and Time Warner are participating in IPv6 day. This should create enough eyeballs to show on web analytics graph and provide the shift that makes nat444 irrelevant.
I am afraid you may be a little disappointed. The number of users
with IPv6-capable CPE, to say nothing of home LANs, may still be quite
limited by that time. It's still progress, but I don't think anything
except IPv4 depletion will increase IPv6 adoption.
For a network operator I'm looking at the ipv6 ipv4 ASN ratio. Once it passes 10% we will have a snow ball effect in the core.
Unfortunately, many ASNs who originate IPv6 address space have few or
no functioning services on IPv6. A simple "ASN ratio" is not a very
useful metric. You also do not have visibility into how much
infrastructure is based on tunnels, whether or not v6 even reaches
customer access ports or even is enabled backbone-wide, etc. I agree
it is encouraging to see new ASNs originating IPv6 routes every day,
but again, this is more an indicator of "we got a /32 from the RIR and
configured it on our router" than "we are using v6 in a production
capacity (or are prepared to flip the switch.)"
I really do think that advertising may be the thing that eventually
forces some end-user ISPs to get in gear. If end-users went to
www.google.com on "IPv6 day" (and perhaps after) and got a message
saying "your ISP is great" or "here are some ISPs you might want to
consider, because yours can no longer reach some Internet
destinations," I suspect that would give ISPs a very serious reason to
spend the necessary resources to get v6 done.
