Rate of growth on IPv6 not fast enough?

> > That'd be easy if you were just starting up an ISP. What do you do with
> > your existing customer base? If their current service includes a
> > dynamic public IPv4 address, you can't gracefully take it away, without
> > likey violating services T&Cs, government telco regulations etc. So
> > you'll have to go through a formal process of getting agreement with
> > customers to take them away.
>
> I haven't seen any such documents or regulations.

People purchaced the service on the understanding that they would
get a Internet address. A address behind a NAT is not a Internet
address, it's a *shared* Internet address which is a very different
thing.

People purchase mobile Internet service and get placed behind
carrier NAT. People get free Internet at hotels and are almost
always behind a NAT. The terminology war is lost.

> Many/most people are _already_ behind a NAT gateway.

They are behind NAT44 which they deployed themselves and control
the configuration of themselves. They can direct incoming traffic
as they see fit. They are NOT restricted to UDP and TCP.

NAT444 is a different kettle of fish. There are lots of things
that you do with a NAT44 that you can't do with a NAT444.

If all you do is browse the web and read email then you won't see
the much of a difference. If you do anything more complicated than
making outgoing queries you will see the difference.

You *might* see the difference. You might not, too.

And hey, just so we're clear here, I would *agree* that Internet access
ought to mean an actual IP address with as little filtering, etc., as
reasonable... but we're exploring what happens at exhaustion here. So
I'm not interested in arguing this point; the fact of the matter is that
we WILL hit exhaustion, and it's going to be a hell of an operational
issue the day your subscribers cannot get an IP from the DHCP server
because they're all allocated and in use.

I'm as offended as anyone by what is often passed off as "Internet"
access, but it's completely devoid of value to argue what you seem to
be saying: the fact that it is so _today_ does not mean that it /has/
to be so _tomorrow._ All that's down that path is exhaustion with no
solutions.

... JG

That'd be easy if you were just starting up an ISP. What do you do with
your existing customer base? If their current service includes a
dynamic public IPv4 address, you can't gracefully take it away, without
likey violating services T&Cs, government telco regulations etc. So
you'll have to go through a formal process of getting agreement with
customers to take them away.

I haven't seen any such documents or regulations.

People purchaced the service on the understanding that they would
get a Internet address. A address behind a NAT is not a Internet
address, it's a *shared* Internet address which is a very different
thing.

People purchase mobile Internet service and get placed behind
carrier NAT. People get free Internet at hotels and are almost
always behind a NAT. The terminology war is lost.

Most hotels I have stayed in recently have a "Upgrade to public IP"
button which I routinely use. I have never encountered an additional
charge for that public IP.

Many/most people are _already_ behind a NAT gateway.

They are behind NAT44 which they deployed themselves and control
the configuration of themselves. They can direct incoming traffic
as they see fit. They are NOT restricted to UDP and TCP.

NAT444 is a different kettle of fish. There are lots of things
that you do with a NAT44 that you can't do with a NAT444.

If all you do is browse the web and read email then you won't see
the much of a difference. If you do anything more complicated than
making outgoing queries you will see the difference.

You *might* see the difference. You might not, too.

And hey, just so we're clear here, I would *agree* that Internet access
ought to mean an actual IP address with as little filtering, etc., as
reasonable... but we're exploring what happens at exhaustion here. So
I'm not interested in arguing this point; the fact of the matter is that
we WILL hit exhaustion, and it's going to be a hell of an operational
issue the day your subscribers cannot get an IP from the DHCP server
because they're all allocated and in use.

The good news is that in IPv6, it probably will mean that again.

Owen

> > > That'd be easy if you were just starting up an ISP. What do you do with
> > > your existing customer base? If their current service includes a
> > > dynamic public IPv4 address, you can't gracefully take it away, without
> > > likey violating services T&Cs, government telco regulations etc. So
> > > you'll have to go through a formal process of getting agreement with
> > > customers to take them away.
> >
> > I haven't seen any such documents or regulations.
>
> People purchaced the service on the understanding that they would
> get a Internet address. A address behind a NAT is not a Internet
> address, it's a *shared* Internet address which is a very different
> thing.

People purchase mobile Internet service and get placed behind
carrier NAT. People get free Internet at hotels and are almost
always behind a NAT. The terminology war is lost.

But regardless of what it is called people usually know what they
signed up for and when what has worked for the 5-6 years suddenly
breaks ...

> > Many/most people are _already_ behind a NAT gateway.
>
> They are behind NAT44 which they deployed themselves and control
> the configuration of themselves. They can direct incoming traffic
> as they see fit. They are NOT restricted to UDP and TCP.
>
> NAT444 is a different kettle of fish. There are lots of things
> that you do with a NAT44 that you can't do with a NAT444.
>
> If all you do is browse the web and read email then you won't see
> the much of a difference. If you do anything more complicated than
> making outgoing queries you will see the difference.

You *might* see the difference. You might not, too.

And hey, just so we're clear here, I would *agree* that Internet access
ought to mean an actual IP address with as little filtering, etc., as
reasonable... but we're exploring what happens at exhaustion here. So
I'm not interested in arguing this point; the fact of the matter is that
we WILL hit exhaustion, and it's going to be a hell of an operational
issue the day your subscribers cannot get an IP from the DHCP server
because they're all allocated and in use.

I'm as offended as anyone by what is often passed off as "Internet"
access, but it's completely devoid of value to argue what you seem to
be saying: the fact that it is so _today_ does not mean that it /has/
to be so _tomorrow._ All that's down that path is exhaustion with no
solutions.

Hopefully being on the Internet, for the home user, will mean you
have IPv6 connectivity and public address space handed out using
PD in 3-5 years time. That Google, Yahoo etc. have turned on IPv6
to everyone. DS-lite or some other distributed NAT44 technology
is being used to for those machines that don't support IPv6 or to
reach content providers that have not yet enabled IPv6.

If the ISP decides to go with NAT444 then the will be control pages
that get you a real IPv4 address the same as many hotels have today
as there will be customers that need the functionality.

Mark

But regardless of what it is called people usually know what they
signed up for and when what has worked for the 5-6 years suddenly
breaks ...

If a consumer ISP moved its customers from separate IPs to NAT, what
do you think would break? I'm the guy who was behind a double NAT for
several months without realizing it, and I can report that the only
symptom I noticed was incoming call flakiness on one of my VoIP
phones, and even that was easy to fix by decreasing the registration
interval. The other VoIP phone worked fine in its default config.

Other than the .01% of consumer customers who are mega multiplayer
game weenies, what's not going to work? Actual experience as opposed
to hypothetical hand waving would be preferable.

I'm not saying that NAT is wonderful, but my experience, in which day
to day stuff all works fine, is utterly different from the doom and
disaster routinely predicted here.

R's,
John

John Levine wrote:

Other than the .01% of consumer customers who are mega multiplayer
game weenies, what's not going to work? Actual experience as opposed
to hypothetical hand waving would be preferable.

.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various programs that dislike multiple connections from a single IP, and the crap load of vpn clients that appear on the network and do not support nat traversal (either doesn't support it, or big corp A refuses to enable it).

When we were in our infancy, we had areas doing NAT. It was a support nightmare from hell, and in some cases, it just didn't work period. That doesn't even get into the load issues.

Jack

http://tools.ietf.org/html/draft-ford-shared-addressing-issues

Simon

But regardless of what it is called people usually know what they
signed up for and when what has worked for the 5-6 years suddenly
breaks ...

If a consumer ISP moved its customers from separate IPs to NAT, what
do you think would break? I'm the guy who was behind a double NAT for
several months without realizing it, and I can report that the only
symptom I noticed was incoming call flakiness on one of my VoIP
phones, and even that was easy to fix by decreasing the registration
interval. The other VoIP phone worked fine in its default config.

Did you use Yahoo IM, AIM, or Skype? Did you use any of those for
Video Chat and/or to transfer files?

Did you do any peer to peer filesharing?

Did you play any MMOs?

Did you run any services?

Other than the .01% of consumer customers who are mega multiplayer
game weenies, what's not going to work? Actual experience as opposed
to hypothetical hand waving would be preferable.

I hate to break it to you, but they are not 0.1%, they are more like 15%.

When you add in the other things that break which I have outlined above,
you start to approach 75%. I would argue that 75% is a significant and
meaningful fraction of an ISPs customer base.

I'm not saying that NAT is wonderful, but my experience, in which day
to day stuff all works fine, is utterly different from the doom and
disaster routinely predicted here.

Perhaps your day to day is different from others. Perhaps people here
generally think in terms of servicing all of their customers. Perhaps
in many cases if just 1% of our customers are on the phone with our
technical support department, we are losing money.

YMMV.

Owen

Did you use Yahoo IM, AIM, or Skype?

Yes, yes, and yes. Works fine.

Did you use any of those for
Video Chat and/or to transfer files?

Skype video chat, all the time, works fine. Don't remember about file transfer.

Did you do any peer to peer filesharing?

Yeah, I got the latest Freebsd via bittorrent, and left it up overnight and observed from the stats that it served chunks of it back to other people.

Did you play any MMOs?

No, I noted the game players.

Did you run any services?

Of course not, it's consumer DSL. I run services on my server which is somewhere else and tunnel in via ssh which, of course, works fine through NAT.

When you add in the other things that break which I have outlined above,
you start to approach 75%. I would argue that 75% is a significant and
meaningful fraction of an ISPs customer base.

The hypthetical network that your consumers would use appears to be very different from the actual one available to consumers around here.

R's,
John

Whenever I am behind NAT and talk to someone else who is behind NAT skype seems to lower the quality, my guess it's because it now bounces traffic via another non-NATed node.

These kind of applications work best if there is at least one non-NATed party involved, especially for video etc.

My own experience is that skype quality lags that of iChat A/V, but I had always attributed that to iChat having better codecs. I could be wrong. iChat A/V, on the other hand, seems to have a heart attack when both sides have private addresses, and the firewall configuration is non-trivial.

But I think we're going about this the wrong way. I wonder if we could change the way we do business in the longer term if everyone had public address space. As an application guy, I dislike the fact that people have to rely on some sort of service to share their calendars. That makes great sense for the service provider, and it even makes sense for the consumer right now due to the state of the art. But perhaps the times could change.

There are lots of use cases where connecting into the house would be nice. Baby monitoring, security monitoring, Smart this, smart that, etc. Instead we require extra middleware to make it all work. The economics are, if nothing else, a painful lesson.

Eliot

> Skype video chat, all the time, works fine. Don't remember about file
> transfer.

Whenever I am behind NAT and talk to someone else who is behind NAT skype
seems to lower the quality, my guess it's because it now bounces traffic
via another non-NATed node.

I think that means skype will be ported to IPv6 pretty quickly. CGN/LSN
is going to dramatically reduce the number of 'super nodes' with public
IPv4 addresses to relay calls through. That'll be particularly
unfair to people in Australia, because here we have a per-month quota
system e.g. 20GB of downloads and/or uploads a month. I wouldn't want
my quota being chewed up by lots of other people's phone calls.

These kind of applications work best if there is at least one non-NATed
party involved, especially for video etc.

--
Mikael Abrahamsson email: swmike@swm.pp.se

Regards,
Mark.

John Levine <johnl@iecc.com> writes:

I'm not saying that NAT is wonderful, but my experience, in which day
to day stuff all works fine, is utterly different from the doom and
disaster routinely predicted here.

Ever tried too troubleshoot networks which where using multiple NAT?
Every time I have to I'll have the urge to get really drunk afterwards.

And when ISPs start using NAT for their customers, there will be more
problems leading to more support calls.

Jens

"John R. Levine" <johnl@iecc.com> writes:

Did you run any services?

Of course not, it's consumer DSL. I run services on my server which is
somewhere else and tunnel in via ssh which, of course, works fine
through NAT.

Take a look at all those small SOHO storage boxes. They all offer web
and FTP services and they all support something like dyndns. Customers
want these features and are using these features.

Jens

And when ISPs start using NAT for their customers, there will be more
problems leading to more support calls.

You say this as though they don't do it now.

R's,
John

What about every other service/protocol that users use today,
and might be invented tomorrow ? Do & will they all work with
NAT ?

Do many others work as well or act reliably through NAT ?

Will it stop or hamper the innovation of new services on the
internet ?

The answer to these questions isn't a good one for users, so
as the community that are best placed to defend service quality
and innovation by preserving the end to end principal, it is
our responsibility to defend it to the best of our ability.

So get busy - v6 awareness, availability and abundancy are
overdue for our end users.

Andy

Andy Davidson wrote:

  

Did you use Yahoo IM, AIM, or Skype?
      

Yes, yes, and yes. Works fine.
    
What about every other service/protocol that users use today, and might be invented tomorrow ? Do & will they all work with NAT ?
  
Anyone inventing a new service/protocol that doesn't work with NAT isn't planning on success.
Do many others work as well or act reliably through NAT ?
  

Yes.

Will it stop or hamper the innovation of new services on the
internet ?
  

Hasn't so far.

The answer to these questions isn't a good one for users, so
as the community that are best placed to defend service quality
and innovation by preserving the end to end principal, it is our responsibility to defend it to the best of our ability.
  

Firewalls will always break the end-to-end principle, whether or not addresses are identical between the inside and outside or not.

So get busy - v6 awareness, availability and abundancy are
overdue for our end users.
  

Maybe. Most of them are perfectly happy.

Matthew Kaufman

You mean, like multisession bgp over tls?

Nick,
just sayin'

Did you use Yahoo IM, AIM, or Skype?

Yes, yes, and yes. Works fine.

What about every other service/protocol that users use today,
and might be invented tomorrow ? Do & will they all work with
NAT ?

Some do, some don't. My observation is that in practice the stuff that people do on consumer DSL works through NAT a lot better than the nanog conventional wisdom says it does.

Will it stop or hamper the innovation of new services on the
internet ?

Like peer to peer phish bots? I certainly hope so.

R's,
John

Anyone inventing a new service/protocol that doesn't work with NAT isn't
planning on success.

Only true in the IPv4 world. IPv6 will hopefully be different.

> The answer to these questions isn't a good one for users, so
> as the community that are best placed to defend service quality
> and innovation by preserving the end to end principal, it is
> our responsibility to defend it to the best of our ability.
>
Firewalls will always break the end-to-end principle, whether or not
addresses are identical between the inside and outside or not.

The difference is that if a protocol wants to be end-to-end, I can fix a
firewall to not break it. You don't have that option with a NAT.

> So get busy - v6 awareness, availability and abundancy are
> overdue for our end users.
>
Maybe. Most of them are perfectly happy.

Most of the US population was perfectly happy just before the recent
financial crisis hit. Ignorance is bliss - but only for a little while.

  

Did you use Yahoo IM, AIM, or Skype?
      

Yes, yes, and yes. Works fine.
    

What about every other service/protocol that users use today,
and might be invented tomorrow ? Do & will they all work with
NAT ?
  
Sure, I can invent a service/protocol that doesn't work with NAT. While
I am at it, I'll make it not work with IPv4, IPv6, Ethernet, an
architectures using less than 256 bits of memory addressing. I bet
it'll be popular!

Do many others work as well or act reliably through NAT ?
  
Yes, nearly everything that end users use works great through NAT,
because end users are often behind NAT and for a service to be popular,
it has to be NAT-friendly. Protocols that are not NAT friendly and yet
survive are generally LAN applications that are resting on their
NAT-unferiendliness and calling it security.

Will it stop or hamper the innovation of new services on the
internet ?
  
Nope.

The answer to these questions isn't a good one for users, so
as the community that are best placed to defend service quality
and innovation by preserving the end to end principal, it is
our responsibility to defend it to the best of our ability.
  
The end to end principle only helps service quality and innovation when
the services are built on an end to end model. In a client-server world
where addresses only identify groups of endpoints and individual
identification is done at higher layers (which is what the ipv4+NAT
Internet is looking like), end to endness is an anomaly, not the norm.

So get busy - v6 awareness, availability and abundancy are
overdue for our end users.
  
Nearly all of the end users don't give a rat's hindquarters about ipv6.
It gives them nothing they know that they want. Meanwhile, those who do
know they want it are getting used to working around it, using PAT
tricks and STUN services. Should people *have* to use those services?
No. But there's so many other things that we shouldn't have to do, but
we do anyway because that's how it works, that these NAT-circumvention
tricks are not a dealbreaker.

Meanwhile, the NATification of the Internet continuously increases the
contrast between services (with real addresses) and clients (with shared
addresses). Over time, this differentiation will increase and become
more and more a standard (a de facto one if not an actual codified
one.) Clients will have shared, ephemeral addresses, and services will
have stable ones. This helps ensure that clients cannot generally
communicate without a facilitating service, and every transaction will
then have a middleman, somebody you have to pay somehow to get your
services. You may pay in cash, by watching commercials, by sacrificing
personal information, or by submitting your communciations to analysis
by others, but somehow, you will pay. The vast majority of users won't
care; they communicate that way now, and it does not bother them much.
It's only those few who want to communicate without paying, in time,
money, or privacy, or to communicate in ways other than the standard
protocols, who will really suffer. And their complaints will have to
fight against the voice of those who will say, well, if you make it end
to end, then businesses lose money, and people will be able to share
files again and violate copyrights, and all these things will cost jobs
and tax dollars, etc, etc.

If you want to avoid that future, I strongly suggest you deploy ipv6 and
pressure others to do the same. But you're going to need to use valid
arguments, about privacy and protection from the deprecations of
unscrupulous middlemen, instead of insisting that the Internet will
break down and die and locusts will descend from the heavens and eat our
first born if we don't.

-Dave