Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Can Large Scale NAT Save IPv4?

timothy posted more than 3 years ago | from the who-will-have-the-last-ipv4-addy dept.

Networking 583

Julie188 writes "The sales pitch was that IPv6, with its zillions of new IP addresses, would eliminate the need for network address translation altogether. But Jeff Doyle, one of the guys who literally wrote the book on IPv6, suggests that not only will NAT be needed, but it will be needed to save IPv4 at the tipping point of IPv6 adoption. 'I've written previously that as we make the slow — and long overdue — transition from IPv4 to IPv6, we will soon be stuck with an awkward interim period in which the only new globally routable addresses we can get are IPv6, but most public content we want to reach is still IPv4. Large Scale NAT (LSN, also known as Carrier Grade NAT or CGN) is an essential tool for stretching a service provider's public IPv4 address space during this transitional period.'"

cancel ×

583 comments

Sorry! There are no comments related to the filter you selected.

Re: Can Large Scale NAT Save IPv4? (3, Insightful)

ls671 (1122017) | more than 3 years ago | (#33802076)

Of course it could fit most people needs who, by the way, don't even know what having a unique IPv4 address means, forget about knowing what a fixed IP address is. My only concerns would be towards people hosting services, even if they only host a gaming server.

Before getting a fixed IP address, I remember using services like dyndns before I setup my own private dyndns server on a fixed IP address server that I had access to. I could always reach my system even if it changed address every 6 hours on the first dialup provider I registered to back then.

So yes, it could, my only concerns is that it may cause prices to have a unique address or a fixed address to rise.

Part of the solution (4, Insightful)

bbn (172659) | more than 3 years ago | (#33802372)

Large scale or ISP wide NAT is part of the solution. It will not "save" IPv4, whatever that means. It will make it possible to transition to IPv6 and still access all the old sites, that have not yet made the transition.

It is not really important that slashdot.org is still IPv4 only. You can access it just fine. And slashdot.org has no need to access you.

You use IPv6 in all the cases where you wanted that nice static IPv4 address before: When running peer to peer software. Setting up your small hobby server. Using direct peer to peer VoIP. And so on.

All the consumer ISPs will transition soon enough during the next few years. We will fairly quickly be able to assume consumers will in fact be able to access IPv6 only sites. For the next 10 years you can also assume consumers will be able to access IPv4 only sites - is anyone really surprised by that?

If all your gaming friends got IPv6, playing on your private IPv6 only game server - what do you care that some backwards dialup only ISP, in a country you never heard of, still is IPv4 only?

Re:Part of the solution (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33802582)

The only thing worse than niggers are the dune coons. Motherfuckin Islam assholes. Throw pork at all of them, preferably raw. Put a few greased-up pigs in their mosques. Tell them if they don't like America, get the fuck out. I like that better than them out-breeding the local population like they're doing in France and throughout the UK. Let's burn some Korans. Oh and shut down the ground-zero mosque. Throughout history the Muslim dune coons have celebrated their victory over their enemies by either erecting a new mosque in conquered terrain or by taking over i.e a Christian cathedral and converting the building to a mosque. Fuck the dune coons. You see how the Middle East is nothing but constant war and no semblence of civilization? Well that's what happens when the dune coons are running things. Fuck Islam, fuck these violent assholes, fuck their religion, draw cartoons of the prophet Mohammed, show some titties to piss off the imams, and shit on the Koran today.

Islam: It spreads like a virus because it is a virus.

Port scanning posters; TOS server ban (5, Interesting)

tepples (727027) | more than 3 years ago | (#33802926)

slashdot.org has no need to access you.

As far as I know, Slashdot does a short port scan on your IPv4 address when you preview or post a comment in order to make sure that your machine isn't an open proxy that might be abused for vandalism. That's why your first preview of the day from a given machine is so slow: it has to wait for the connections to time out.

You use IPv6 in all the cases where you wanted that nice static IPv4 address before: When running peer to peer software. Setting up your small hobby server.

In other words, things that cable and phone companies don't really want customers on the residential plan doing in the first place, as explained in the terms of service.

If all your gaming friends got IPv6, playing on your private IPv6 only game server

By the time that happens in several years, you may have grown out of online gaming. Which of the current video game consoles supports IPv6?

Re:Port scanning posters; TOS server ban (1)

mister_playboy (1474163) | more than 3 years ago | (#33802976)

As far as I know, Slashdot does a short port scan on your IPv4 address when you preview or post a comment in order to make sure that your machine isn't an open proxy that might be abused for vandalism. That's why your first preview of the day from a given machine is so slow: it has to wait for the connections to time out.

So that's the cause of this behavior... thanks for the insight.

Rubbish (1)

goombah99 (560566) | more than 3 years ago | (#33803012)

Let's think about this shall we. there are 64K port addresses if I am not mistaken. that's effectively two quads IF you used them optimally. for inside the nat there are only 3 quads x 3 prefixs (169,192, 10). SO that gives us a little bit more than 5.2 quads. But that assumes every nat in the stack does everything perfectly.

Now you might isn't that 5.2 quads worth of addresses? No because each computer is going to be using multiple ports.

So this won't work. it's a bandaid however that will delay the inevitable probably by about a factor of I'd say 256 or so. Which is not bad. but it will require some strict use and people not needing static IPs.

NOOOOOOO (5, Insightful)

santax (1541065) | more than 3 years ago | (#33802090)

Stop the madness. Give us ip6. We (as a society) would gain so many productive hours without NAT and the shit that comes with it. (Portforwarding etc). We have the technology ready to go and give everything it's unique ip. Can we please use that tech? It's not like it's high-tech or to new to be implemented by now.

Re:NOOOOOOO (-1, Flamebait)

RzTen1 (1323533) | more than 3 years ago | (#33802318)

Except for all the people still on XP, which has no native IPv6 support... http://www.techi.com/2010/10/windows-xp-still-the-most-widespread-windows-os/ [techi.com] and the fact that MacOS still doesn't work quite right with it... http://openradar.appspot.com/7333104 [appspot.com]

Re:NOOOOOOO (2)

santax (1541065) | more than 3 years ago | (#33802362)

Well, I can't say to MS you have to implement this. And lets be fair here... Support for XP has stopped, it's an old OS. Making such a transition as this will never be easy. There will always be systems that will need to be upgraded or where you maybe have to find a solution as simple like a usb-networkdongle that does have hardware support for ip6. But sure, you have a valid point. Some people with old software/hardware will have problems with this transition.

Re:NOOOOOOO (2, Interesting)

hedwards (940851) | more than 3 years ago | (#33802400)

That's true, but it should've been done years ago. They dropped support for XP in 2009, at that point IPv6 had been in deployment for over a year.

Re:NOOOOOOO (4, Informative)

RobertLTux (260313) | more than 3 years ago | (#33802472)

err windows xp does have ipv6 support but its not installed by default (in fact has had it since XP sp2)
now it may not have all the bells and whistles of say Vistas support (if anything can be supported by Vista) but you should at least be able to get an IP and get online.

Re:NOOOOOOO (3, Informative)

Drishmung (458368) | more than 3 years ago | (#33802864)

Win/XP has fine IPv6 support except that it can only query DNS over IPv4 transport. That is, you can't run a pure IPv6 + Windows XP environment.

Re:NOOOOOOO (1)

gman003 (1693318) | more than 3 years ago | (#33802406)

XP has had IPv6 support since SP2. Most people installed the service packs, and it's an easy solution to any complaining customers (especially since it's a zero-cost solution).

Re:NOOOOOOO (4, Informative)

bbn (172659) | more than 3 years ago | (#33802410)

Except for all the people still on XP, which has no native IPv6 support...

Has too. You just need to enable it: http://ipv6int.net/systems/windows_xp-ipv6.html [ipv6int.net]

Re:NOOOOOOO (2, Funny)

smash (1351) | more than 3 years ago | (#33802558)

What about all the commodore c64 owners out there? XP is a turd that needs to be dropped. It is out of date, insecure and unsupported. If you don't like Windows 7, then change to something else - there are plenty of viable alternatives.

Or - get off my internet.

Re:NOOOOOOO (1, Funny)

Anonymous Coward | more than 3 years ago | (#33802586)

Your UID is also the model number for the first mouse I ever bought for my C64. Eh, memories.

Re:NOOOOOOO (0)

Anonymous Coward | more than 3 years ago | (#33802692)

Wow, have you been this big of a tool since the early days here? XP is supported until 2014.

I run OSX, but XP is one of the most well-rounded, useful, operating systems I've used. It's only insecure if you let it be and it's only unstable if you can't configure a computer.

It's not your internet, it belongs to everybody --and you, judging by your comment, shouldn't have say so what-so-ever..

Re:NOOOOOOO (0)

Anonymous Coward | more than 3 years ago | (#33802578)

I believe both of these OSes can use both IPv4 and IPv6 simulatneously. Yes, perhaps you have to install an update for Windows XP, all the better to give them an IPv4 nat address so they can get the update. I have a feeling this type of hybrid with nat'd IPv4 and public IPv6 will be around for a long, long time. If someone elects to get IPv4 nat'em, if they elect to use IPv6 all the better.

Re:NOOOOOOO (2)

ls671 (1122017) | more than 3 years ago | (#33802374)

> Give us...

Nowadays, not that many people give. It is also pretty rare that corporations give to their customer base. As well, it is rare that governments give since in the end we are paying for every dime they spend.

So in the end, the most competitive solution will prevail. Read the cheapest one. If it is using a dual stack with natted IPv4 plus IPv6 well during the transition, this is what's going to happen.

I would sure enjoy having IPv6 fully deployed right now but I have to be realist.

Re:NOOOOOOO (2, Insightful)

skids (119237) | more than 3 years ago | (#33802540)

Despite the efforts of ISPs and some institutions (heck even Comcast has an IPv6 pilot program) no significant number of end-users are going to turn on IPv6.

Nothing will happen until someone with enough clout decides to put a new "must have killer app" or free content out there and only allow IPv6 access to it.
Then consumers might demand there equipment, OS and ISP support it. There's no money in that, so I'm not holding my breath.

You mean like ipv6porn ? (4, Interesting)

lullabud (679893) | more than 3 years ago | (#33802726)

http://www.ipv6porn.co.nz/ [ipv6porn.co.nz] is giving away free porn to anybody who can access it with an ipv6 address

Re:You mean like ipv6porn ? (3, Funny)

radish (98371) | more than 3 years ago | (#33803024)

And the rest of the internet is giving it away to anyone who can access it with an ipv4 address. Fail!

Re:NOOOOOOO (3, Insightful)

turbidostato (878842) | more than 3 years ago | (#33803036)

"Despite the efforts of ISPs and some institutions (heck even Comcast has an IPv6 pilot program) no significant number of end-users are going to turn on IPv6."

Of course not, because that's not what end users do.

End users will go IPv6 en masse as soon as the DSL "thingie" that their ISP installs on their homes and works magically to connect them to the intertubes goes IPv6.

Re:NOOOOOOO (1)

drolli (522659) | more than 3 years ago | (#33802934)

Maybe using NAT for half a year and having the increased number of people calling support and the increased cost of having terribly stateful routers motivates the ISPs to push ipv6.

Re:NOOOOOOO (0, Interesting)

Anonymous Coward | more than 3 years ago | (#33802942)

Stop the madness. Give us ip6.
We (as a society) would gain so many productive hours without NAT and the shit that comes with it. (Portforwarding etc). We have the technology ready to go and give everything it's unique ip. Can we please use that tech? It's not like it's high-tech or to new to be implemented by now.

ip6 in my opinion is a little redundant.
And NAT is the bomb. It is the best kind of firewall you can have - ie one that doesn't slow down your computer with bloatware. It really is not difficult to forward a router.

The part I don't like about it though, is the addresses.
How easy is it to remember 192.168.2.31 compared to 2001:0db8:ac10:fe01:0000:00000:00000:0000?

Re:NOOOOOOO (1)

TheCount22 (952106) | more than 3 years ago | (#33802968)

Okay where do I signup to get a IPv6 address already?

Nobody seems ready and there is ~238 days to go...

Re:NOOOOOOO (5, Insightful)

lanner (107308) | more than 3 years ago | (#33802984)

I don't think non-networking guys really understand the harm that NAT/PAT/masq has done.

I am talking economic damage. NAT has cost you money. It's cost you a LOT of money. It cost your company money. It cost everyone who uses computer an ASS LOAD OF MONEY totally wasted on a cheap hack to get around the fact that we needed a better addressing system.

All the wasted software time which talented people worked for, and NAT is just a work-around.

All the money wasted PAYING for above mentioned software, salaries, time.

All of the needless hardware and software implementations related to NAT.

Anyone who runs a large Cisco PIX/ASA platform can bemoan the number of statics needed between network interfaces.

Think about the apps that had a really hard time working because of NAT. The games that could not peer-to-peer because both sides were behind NAT.

Think about all of the companies that have multiple DNS views -- inside, and then public. That's a ton of extra work.

Best thing of all that I look forward to in IPv6 is... the idiots that it will wring out of the IT/comp-sci sector. Idiot sysadmins that label their servers with IPv4 addresses, idiot programmers who won't learn IPv6 and will get the boot to the curb that they have long deserved.

If you can't handle it, GTFO lamers. You don't need to know your workstation's IP address -- you need to know it's hostname and how to use DNS. I can't tell you the number of places I've worked at where people hard-code IP addresses into config files and the damage that it has caused, along with labeling servers/printers/whatever with their IPv4 address.

Hasn't it already? (2, Insightful)

MrEricSir (398214) | more than 3 years ago | (#33802096)

For years we've heard predictions about how we'll run out of addresses "this year." Yet we haven't.

I assume that's partly because my toaster doesn't have an IP, but it's also got to be because of NAT.

Re:Hasn't it already? (4, Funny)

santax (1541065) | more than 3 years ago | (#33802124)

You know... you really should upgrade your toaster.

Re:Hasn't it already? (1)

Delarth799 (1839672) | more than 3 years ago | (#33802478)

You have the X-307 model toaster too? With bluetooth capability so you can connect it to your headset and it can soothingly whisper to you when your toast is done, and is always connected to the main toast making database so that it always knows just how long to perfectly cook toast, bagels, english muffins, waffles, etc. and has a tri scanning array so it knows exactly what you put in it every time and can auto toast so you don't even have to push down on the button to start toasting, and then when its all done it gently rises the finished product up instead of shooting it up.

Re:Hasn't it already? (1)

drcheap (1897540) | more than 3 years ago | (#33802812)

Get with the times man, Interwebz connected toasters...that is old news, like 20 years ago old [savetz.com] even.

By 2001 toasters were already dishing out weather forecasts on bread, and in 2005 you could run Unix on one.

But alas, no IPv6 capable toasters yet :(

Re:Hasn't it already? (1)

toastar (573882) | more than 3 years ago | (#33802878)

You have the X-307 model toaster too? With bluetooth capability so you can connect it to your headset and it can soothingly whisper to you when your toast is done, and is always connected to the main toast making database so that it always knows just how long to perfectly cook toast, bagels, english muffins, waffles, etc. and has a tri scanning array so it knows exactly what you put in it every time and can auto toast so you don't even have to push down on the button to start toasting, and then when its all done it gently rises the finished product up instead of shooting it up.

Yah know, I could see a market for this.

Re:Hasn't it already? (4, Insightful)

CRC'99 (96526) | more than 3 years ago | (#33802712)

Joke aside, my network printers don't support IPv6, my 802.11 access point doesn't support IPv6, my SIP phone doesn't support IPv6, my ADSL modem/router doesn't support IPv6.

Tell me again, how is this transition supposed to work if a good 50% of equipment doesn't support IPv6?

Even if all these devices actually did support IPv6, why would I want them on publicly accessible IP addresses? The truth is, IPv6 hasn't taken off because really there is no huge need for it. Private networks (and there is gobs of IP space for those) are the norm, and in 90% of cases are more than acceptable with a device doing NAT to the rest of the world.

There is nothing stopping people having both public and private IPs (like I have) for things that don't behave behind NAT. That is unless your ISP won't give you addresses....

Re:Hasn't it already? (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33802848)

i don't understand why we don't just have modems that use IPv6 for internet connection, but IPv4 to connect to your router/computer?

Re:Hasn't it already? (1)

j h woodyatt (13108) | more than 3 years ago | (#33802900)

Yeah, well, the only one of those devices that needs a globally routable address on the Internet is your SIP phone. Early adopters get to be early upgraders.

Re:Hasn't it already? (3, Insightful)

vanyel (28049) | more than 3 years ago | (#33802302)

It has never been "this year", but it *will* be in the next two years, probably next year, at the Registry level. Existing ISPs already have their pools of addresses they can continue using for sometime longer until those are depleted, and yes, NAT has kept this from happening a lot sooner, but lets not make the mistake the US did with the metric system and keep an archaic and broken system in place when life is so much easier (after the transition anyhow) if we switch.

Re:Hasn't it already? (4, Informative)

DeadBeef (15) | more than 3 years ago | (#33802808)

I don't know where you have been getting your predictions. It is pretty certain that IANA is going to run out of space [potaroo.net] about the middle of next year.

We have 14 /8's left in the IANA free pool, we use up almost 2 /8's every month.

Are you betting on the ipv4 space usage magically decreasing ( right when everyone will start freaking out about getting their last allocations )?

Re:Hasn't it already? (4, Funny)

bbn (172659) | more than 3 years ago | (#33802970)

Are you betting on the ipv4 space usage magically decreasing ( right when everyone will start freaking out about getting their last allocations )?

No no, there is always more to be found. That link of yours only show the _known_ reserves of addresses. They continue to find new fields of IP addresses and existing fields continue to find more than initially expected. This "peak IP" is never going to happen and you know it!

It would probably be good, here (1)

jra (5600) | more than 3 years ago | (#33802108)

to ask someone from Rosenet, in Thomasville GA, who have NATted *all their customers* for some years now.

I expect they've learned all the necessary lessons.

Re:It would probably be good, here (2, Funny)

Anpheus (908711) | more than 3 years ago | (#33802730)

You know there's probably a reason we haven't heard anything from them. :)

Fuck you. (0)

Anonymous Coward | more than 3 years ago | (#33802116)

I don't want these stupid ideas to limit us and bring us back so many years. Implement IPv6 and get on with it already, for fuck's sake.

Re:Fuck you. (0, Flamebait)

Michael Kristopeit 1 (1913328) | more than 3 years ago | (#33802190)

or what? you'll whine some more?

how about YOU implement it.

Re:Fuck you. (4, Insightful)

hedwards (940851) | more than 3 years ago | (#33802232)

Probably because he doesn't own the infrastructure. The problem is that in the US we heavily subsidized the industry, but didn't require them to really do anything to deserve the money. We didn't require neutrality, we didn't require them to keep building out broad band, or enhance the speeds in urban areas either.

Considering that ultimately they're using public resources to provide a service, I do think they owe us at least something in exchange for making profits using our right of way or airwaves.

Re:Fuck you. (-1, Troll)

Michael Kristopeit 6 (1913320) | more than 3 years ago | (#33802376)

money talks, bullshit walks.

is he paying for access to the infrastructure? if so, he owns the responsibility of furthering the existing infrastructure.

Re:Fuck you. (2, Insightful)

hedwards (940851) | more than 3 years ago | (#33802422)

So, if money talks, and bullshit walks, then what the fuck are you still doing here?

It isn't his responsibility, this is basically the same problem we've seen in the wireless space, the people who actually control access don't bother to upgrade until the last minute, if even then, and without somewhere else to take your business, it's not a realistic option. I've heard that Comcast has IPv6 around here, but going back to them is a non-starter. They're far worse than the other options.

Unless the end user can do to their CO and upgrade the equipment it's a moot point.

Re:Fuck you. (0, Troll)

MichaelKristopeit 15 (1916018) | more than 3 years ago | (#33802510)

what socialist utopia are you living in where it's ANYONES RESPONSIBILITY to offer a different version of a still functioning system?

if you consider what i'm doing to be talking, then you can safely assume that i am money.

if someone whines and then someone whines about whining, would you ever only question the 2nd whiner?

the only moot point is that whining is pointless.

Re:Fuck you. (1)

gparent (1242548) | more than 3 years ago | (#33802842)

Yeah, lemme just go in my ISP's server room and reconfigure the routers.

Re:Fuck you. (0, Troll)

Michael Kristopeit 8 (1913324) | more than 3 years ago | (#33802954)

how about get a new ISP... how about start your own ISP?

there was a time when americans knew how to overcome limitations placed on them by others.

you are pathetic.

Re:Fuck you. (1)

gparent (1242548) | more than 3 years ago | (#33803044)

You're such a fucking dumb stupid troll, but here I go anyway.

The ISP in my area was, in fact, created by people who overcome the limitations placed on them. Other ISPs wouldn't run high speed cable internet up to where I live, so a few people formed a cooperative and did it themselves.

As for getting a new ISP, it isn't an option. There aren't any other ones here. Not that there would be a reason to switch - They're the best one around. They're a better ISP than the ISP they lease their backbone line from. Better prices, better service, better technical support.

And by the way, nice assumption, I'm not american. You're pathetic.

Re:Fuck you. (-1, Flamebait)

MichaelKristopeit 11 (1916010) | more than 3 years ago | (#33802570)

we didn't require them....

they owe us...

you're a hypocrite.

Re:Fuck you. (1)

PitaBred (632671) | more than 3 years ago | (#33803034)

Are you stupid? If the public gives them money for something, they most definitely owe us some service. There's no hypocrisy involved. It's basic economics, and it's a situation where the average American is getting fucked from their tax dollars being paid for no value returned.

The problem is that our elected morons didn't set the requirements. They don't not owe us services, they just don't LEGALLY owe us anything. Big difference.

Fucktard.

Re:Fuck you. (1, Informative)

Anonymous Coward | more than 3 years ago | (#33802682)

You are talking to Michael David Kristopiet. The one slashdotter too stupid for even slashdot.

Don't waste your breath on this crazy but ultimately pathetic and worthless fucker.

Qwest does this in Omaha (2, Interesting)

EmagGeek (574360) | more than 3 years ago | (#33802140)

If you're a Qwest customer in Omaha like my inlaws, you get a non-routable from the head end... and the last time I was there, they did not support VPN passthrough (although IIRC you could pay extra for a routable dynamic IP if you wanted VPN to work).

Re:Qwest does this in Omaha (1)

ducomputergeek (595742) | more than 3 years ago | (#33802212)

I've had a business package at my home for years. Yeah, it costs me a few more dollars per month but I've always gotten higher speeds, better technical support, more email accounts (back in the day) AND a static IP address. I could even host my own web/email servers if I wanted to and I did in the past.

Re:Qwest does this in Omaha (0)

Anonymous Coward | more than 3 years ago | (#33802346)

I had quest. Had to move to comcast when their speed wasn't even 128k on the DSL. NY, NM, PA.

Even when I used to be on dialup, I ran ddclient. I'm used to:
    1) Running my own SSH
    2) Running my own HTTP/HTTPS
    3) Running my own (internal) DNS server
    4) Running FreeNet and TOR. Supernodes. For several years my FreeNet node was one of the best connected ones in the system.

When I was at the uni, I even ran my own SMTP server. Wide open. Correctly configured--for a loose definition of correct that involved accepting and dropping *anything* that wasn't me. Uni IT threw a hissy-fit when they found out. Know what the solution was? RST on all traffic from the local uni's NOC. 3 hours on google found the sysadmins email address, and I was able to get a few headers--banned his home's ISP too. Never had a problem or complaint again.

NAT is not a solution. NAT is unidirectional internet for people that only want half what they pay for. Internet access. I don't see any indication of directionality in there.

Why should I have to pay *EXTRA* for the full internet, and competent support? I save support time if I can get to someone competent. If I say "YOUR DNS IS DOWN"--it probably means it. Not that I can't connect to it, not that a router two hops outside it stopped. Not that I got a cryptic error message. If I say "your packet loss is up 35% from normal for the past 16 hours"--guess what--I'm right.

Offering a half-Internet package (2, Insightful)

tepples (727027) | more than 3 years ago | (#33803020)

Why should I have to pay *EXTRA* for the full internet, and competent support?

Because the majority of people don't see the point of paying for the full Internet, and what little competition there is between cable and DSL forces the two to cut their rates to the point where they have to offer a half-Internet package.

wrong premise (0)

Anonymous Coward | more than 3 years ago | (#33802182)

I don't buy the premise. Why do you *need* to save IPv4? Why the heck not move to IPv6? Let IPv4 go already.

Re:wrong premise (3, Insightful)

hairyfeet (841228) | more than 3 years ago | (#33802402)

Because there will literally be mountains of eWaste and headaches galore? How many of the home routers sold in the past 5 years even support IPv6? I don't think any of the consumer grade stuff does. That means we will have to replace just about every router in every home or have some sort of IPv6 to IPv4 bridge built into every modem in the country, again not cheap.

Whether we like it or not, there is a reason why IPv4 has lasted so long. It is a mature tech that everyone knows how to fix. IPv6 is gonna be a nightmare for probably 5 or 6 years and it really ain't gonna be fun trying to fix the mess. So yeah, I can see them stretching out IPv4 for as long as humanly possible, simply because the transition costs are gonna be insane.

Re:wrong premise (3, Insightful)

bertok (226922) | more than 3 years ago | (#33802902)

Because there will literally be mountains of eWaste and headaches galore? How many of the home routers sold in the past 5 years even support IPv6? I don't think any of the consumer grade stuff does. That means we will have to replace just about every router in every home or have some sort of IPv6 to IPv4 bridge built into every modem in the country, again not cheap.

Whether we like it or not, there is a reason why IPv4 has lasted so long. It is a mature tech that everyone knows how to fix. IPv6 is gonna be a nightmare for probably 5 or 6 years and it really ain't gonna be fun trying to fix the mess. So yeah, I can see them stretching out IPv4 for as long as humanly possible, simply because the transition costs are gonna be insane.

You can't get better evidence of the incompetence of government than this. There's a dwindling resource that will run out in just a couple of years, impacts practically every person in every OECD country, yet have you heard of even one government agency, in any country, that is mandating IPv6 for consumer grade gear to force the vendors to solve the problem before it becomes critical? Of course not! That would require foresight and competence. About the only IPv6 push I'm hearing is that for government tenders in the US, IPv6 support is required, but that does nothing to solve the problem of hundreds of millions of home routers that are IPv4 only.

No government on Earth has even bothered to lift a finger to solve a well known, easily predicted problem with a ready and tested solution that would cost the government no money whatsoever (it's just legislation!). Given that, now picture the level of competence you'd get from the same bunch of idiots when tasked with solving much bigger issues like global warming, peak oil, or overpopulation. Issues like that won't be critical for decades, have no obvious solution, and all possible solutions are expected to cost trillions. I can only imagine the level of incompetence that will no doubt ensue...

Re:wrong premise (1)

JesseMcDonald (536341) | more than 3 years ago | (#33802920)

I don't think my DSL router/modem supports IPv6. It's not a problem. I just run it in bridge mode, and leave the PPPoE support to my PC. (I did this even before enabling 6to4, because the router has ridiculously small NAT tables.) Every existing DSL router should be capable of acting as a simple PPPoA-to-PPPoE bridge.

This may not work for cable router/modems; I've never had the chance to configure one.

Obviously you haven't had to deal (1, Interesting)

Anonymous Coward | more than 3 years ago | (#33802206)

Obviously you haven't had to deal with an entire organization using one IP for several thousand users,
and each user forced to use a NAT again to "protect" against other members of the organization.

Two layers of NAT defeats ALL dynamic DNS, and return traffic.

And this is the goal of every major ISP I've had contact with. They want to force you to use their
servers, and pay for it.

Never mind that they can't handle the problems of that.

Yup, just crazy (4, Insightful)

Midnight Thunder (17205) | more than 3 years ago | (#33802592)

Add to this how many more NAT workarounds we will need to have in software. We already have to deal with NAT busting solutions, now we will have to deal with double NAT busting solutions. Believe me, NAT was a workaround to a limitation and we shouldn't be using this workaround at any more levels than necessary.

There is only so much duct tape you can use before it is time to just accept you will have to install the new solution.

If IPv6 appears so hard, its because people keep on waiting for someone else to take the plunge. If you are an IT professional, then is should be your business to understand and embrace IPv6, whether that is in your network or in your software. If your issue is with your router not supporting IPv6, then make some noise to your router's manufacturer, install a third-party firmware or go with a company already offering an IPv6 capable router.

Re:Yup, just crazy (1)

tepples (727027) | more than 3 years ago | (#33803042)

If your issue is with your router not supporting IPv6, [get a new router]

And if the issue is with neither the cable company nor the phone company offering IPv6 service, what next step do you recommend?

Useless investement (5, Informative)

JonySuede (1908576) | more than 3 years ago | (#33802210)

at work we use NAT behind a whole public class B and it work great. But as a customer I would not put up with it. I want to act as a server not only a dumb host. So please stop the carrier grade nating madness.

Re:Useless investement (1)

Midnight Thunder (17205) | more than 3 years ago | (#33802636)

at work we use NAT behind a whole public class B and it work great. But as a customer I would not put up with it. I want to act as a server not only a dumb host. So please stop the carrier grade nating madness.

I already need to either define a computer as DMZed or do port mapping, because of NAT. Just imagine the amount of head-scratching people will do when they find out there is another NAT in front of theirs preventing access to their subnet. If my ISP starts NATing, then its just confirmation that I need to switch to another provider.

Re:Useless investement (1)

Rallion (711805) | more than 3 years ago | (#33802728)

Of course, you might not be ABLE to switch carriers. If Time Warner were to put me behind NAT, I'd be pretty much screwed. I might be able to switch to some form of wireless connection, but that might not even be any better.

In a lot of cases, carriers can do whatever they feel like.

Re:Useless investement (1)

Midnight Thunder (17205) | more than 3 years ago | (#33802868)

Of course, you might not be ABLE to switch carriers. If Time Warner were to put me behind NAT, I'd be pretty much screwed. I might be able to switch to some form of wireless connection, but that might not even be any better.

That would suck, though look on the bright side, in a worst case scenario you could probably get an IPv6 capable router and then tunnel to an IPv6 PoP. Its far from ideal, but at least you wouldn't be totally stuck on Time Warner's island.

BTW Its worth noting that Comcast has already started IPv6 trials, though if your only ISP is TW, then it won't make much difference to you.

Re:Useless investement (1)

itzdandy (183397) | more than 3 years ago | (#33802914)

IP6 tunnel broker. Done.

Contradictory messages (1, Flamebait)

microbee (682094) | more than 3 years ago | (#33802278)

So the same guy advocated IPv6 and now it's IPv4 again? I'm dazzled! This sounds like what you hear during an election.

Re:Contradictory messages (1)

John Hasler (414242) | more than 3 years ago | (#33802482)

> I'm dazzled!

Try reading the article. He's doing no such thing.

P2P will be hard under Large Scale NAT (3, Interesting)

jamesh (87723) | more than 3 years ago | (#33802304)

Most P2P protocols have at least some trouble working with local NAT. If it was implemented on a large scale there might be a few more problems, and it certainly gives ISP's (the ones running the NAT) more control over the traffic they route. I wonder how quickly the RIAA and friends will pick up on that and start pushing for NAT instead of IPv6...

But we can still get a few more years out of IPv4 (1)

xda (1171531) | more than 3 years ago | (#33802336)

I never understood why some people are determined to get as much mileage out of IPv4 as possible before going to IPv6. An aggressive move towards IPv6 would probably revive a decent part of the IT industry. Now is as good a time as ever.

The only thing holding us back is carriers are all looking at each other waiting for someone to go first as it will definatly be an expensive transition and will introduce a few unknowns into their network cores which they pride on being extremely reliable. Although I know some carriers are running dual stack on their cores to test it all out as we speak.

Re:But we can still get a few more years out of IP (1)

Eskarel (565631) | more than 3 years ago | (#33802438)

Mostly because it's expensive, painful, and older versions of most operating systems don't properly support it. No one wants to deal with the dramas before they absolutely have to. That and there's the fact that as far as I can tell the one and only killer feature of IPv6 is a larger address space and having every item have a publicly addressable IP, which isn't a really huge selling point especially when you consider that while IPv4 addresses are easy to remember, IPv6 addresses are not.

Most people don't want to run servers, NAT and port forwarding isn't all that hard to set up, and not every device needs or even should have a public IP address. There's still a whole bunch of unused Class A's floating around that were picked up by companies who were there in the early days and who aren't actually using them, I'm sure a lot of those will be reclaimed before we run out of space. Hell I'm sure Sun had a couple which Oracle doesn't need.

Re:But we can still get a few more years out of IP (1)

hedwards (940851) | more than 3 years ago | (#33802452)

The same reason why people are determined to take America back to the 50s. Change is costly and at time you make the wrong call. And ultimately it's scary.

The changes that businesses make tend to be the ones that either improve their profit margins immediately or the things that consumers demand. Ever notice how lately every store has to have air conditioning? It's not because it's profitable per se, it's because if you want to have customers they have to come into the store, and they won't come into your store if your store is the only one without AC.

simple (0)

Anonymous Coward | more than 3 years ago | (#33802380)

No

A few quick points... (1)

j h woodyatt (13108) | more than 3 years ago | (#33802390)

p1. IPv4 doesn't need to be "saved" from any kind of calamity. It's doing just fine, thank you very much.

p2. The transition to IPv6 is probably going to need some NAT64 and DNS64 magick at some point. Not everybody is going to be well-served by running dual-stack hosts and networks. I've heard that some mobile broadband providers are looking at various kinds of NAT tricks to keep IPv4 marginally functional for legacy applications on IPv6-only networks without resorting to expensive tunnel encapsulation mechanisms.

p3. Repeat after me: IPv4 is fine. It will still continue to work just the same as it does today after the last address is allocated by the last registry. It just won't be growing anymore, but that's fine. It doesn't need to grow. That's why we have IPv6, which can grow for at least another century before there might conceivably be a problem.

p4. So globally routable IPv4 addresses will soon start getting more expensive (and the future value of an address is already hard to predict). That was always going to happen. It's not like there's any surprise here. But look on the bright side, you have TWO ways to get your IPv4-only private network reachable over IPv6: A) transition to IPv4/IPv6 dual-stack network or B) deploy a NAT-PT gateway. (Okay, I'm cheating here. I know that only one of those two will ever make any economic sense, but I'm trying to be nice.)

p5. IPv4 is doing fine. Go back to sleep. There's nothing to see here. Pay no attention to the geeks behind the curtain. You don't want to know what they're doing anyway. Probably something weird and unsavory, right? Go back to sleep. IPv4 is doing fine. Stop worrying. It's okay.

Re:A few quick points... (2, Insightful)

Midnight Thunder (17205) | more than 3 years ago | (#33802700)

p2. The transition to IPv6 is probably going to need some NAT64 and DNS64 magick at some point. Not everybody is going to be well-served by running dual-stack hosts and networks. I've heard that some mobile broadband providers are looking at various kinds of NAT tricks to keep IPv4 marginally functional for legacy applications on IPv6-only networks without resorting to expensive tunnel encapsulation mechanisms.

Have you actually done a count of the number of addressable devices IPv6 provides. There may well be a time when IPv6 needs to be NATed, but that is well into the future when systems will be ready for a 256bit network address. At this point IPv6 provides just what we need for the next century, and possibly more. Trying to get any more mileage out of IPv4 is like taking a dying horse and expecting it to walk 1000 miles. It may make it, but there are good chances it won't.

If companies are having to deal with legacy applications, then there is nothing stopping them from having IPv4 in the internal network and having an IPv6 proxy or bridge in front of it. For everything else it will be IPv6. If companies are making new software today that is not IPv6 capable, that intended to accessible on the internet, then they deserve to be out of business tomorrow.

Re:A few quick points... (1)

j h woodyatt (13108) | more than 3 years ago | (#33802830)

The way it was explained to me: the mobile broadband people are planning to upgrade their networks to IPv6-only, but there's a raft of IPv4-only applications that run on the handsets that cannot be abandoned, because they're deemed to be critical, and also cannot be upgraded, because the copyright ownership is in limbo. So they need to insert either a NAT46/DNS46 layer into the OS on the handset, or they need to insert a tunnel with encapsulation headers that go over the wireless medium. They think the former is the superior approach over the latter.

Of course, I tell them to abandon the IPv4-only applications on the handset and rewrite them all from scratch, but they look at me like I'm a state terrorist or something. So okay, I say, I guess they have a need for NAT somewhere. Sucks to be them.

Re:A few quick points... (1)

Midnight Thunder (17205) | more than 3 years ago | (#33802946)

As long as whatever solution is transparent to the application, then that's what will make the most sense. If the applications are intranet only, then they could probably exist in their own IPv4 subnet with little regards for what is happening beyond their island. If they need internet connectivity then, they will probably still be okay for the next few years since existing IPv4 addresses won't vanish, they simply won't be able allocated anymore - I assume such applications will continue speaking to the same servers. We will have an IPv4 internet for a while after the world has moved to IPv6. Even a host which only knows how to speak IPv6 will probably still be able to speak to IPv4 hosts through IPv6/IPv4 bridges. See: http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding.htm [tcpipguide.com]

This transition is not the first time is happened. For example companies who were using Novel Networks or IPX had to deal with migration to TCP/IP somehow.

Re:A few quick points... (1)

cheekyjohnson (1873388) | more than 3 years ago | (#33802814)

"That's why we have IPv6, which can grow for at least another century before there might conceivably be a problem."

But isn't there trillions of possible addresses in IPv6? I don't think would run out of those for a long, long time.

Large scale NAT is completely moronic. (4, Insightful)

Kaz Kylheku (1484) | more than 3 years ago | (#33802392)

There are only 65536 port numbers, so there is only so thin that you can spread a single IP address. Remember that some clients open many ports. There are also questions of reuse; you can't simply cram the 65536 space close to full. When a TCP connection terminates, you don't want to start reusing the port number right away. It's tricky.

People are not going to be happy to be NAT ed. Will large scale NAT also come with large scale port forwarding? Large scale UPnP? What do you do about port number abuses?

Dynamic DNS goes out the window. People can't have a quasi static IP any more with their own port 80, port 22, port 25 mail server or whatever.

If I were to be NATed, I would not want to pay more than 5 dollars a month for such a crippled connection, regardless of bandwidth. So you will automatically have to sell the service to ten subscribers like me instead of just one to make the same revenue.

As long as I can get non-NAT-ted service somewhere, than that is where I will be.

NAT == CRIPPLED_INTERNET. Impose that next door. Next city. Next country. NIMBY: not in my backyard.

And remember that if EVERYONE is NATted, then nobody can talk to anyone. Because you have to connect somewhere to use the Internet. That means resolving DNS to some IP address.

To reach a DNS server you need an IP address. So the DNS server can't be NATed. That DNS server has to hand you the IP address of a host such as a web server. Are all web servers going to be NAT ed? That means they can't be all on port 80 any more. You are looking at redirects! There will have to be a port 80 service sitting on those NAT nodes, which will intercept web traffic, parse the HTTP request and forward to the appropriate node behind the NAT.

Or else DNS will have to be re-architected so that it returns not only IP's but port numbers, so when you go to www.somewhere.com, it resolves to x.y.z.w:n, and the host x.y.z.w has port n forwarded to the right server.

Good grief, and good luck with that.

Re:Large scale NAT is completely moronic. (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33802794)

While I agree with all of your points, I'm sure the ISPs that would implement this would have no problem completely ignoring all of them.

get it over with (0)

Anonymous Coward | more than 3 years ago | (#33802444)

there is an easy way to get the transition to IPV6 over with.

one of the major backbones has to tell all its lower-level customers 'prepare for the transition or else'. give them a deadline of 18 months. if they haven't moved to ipv6 by then, cut them off.

of course, the big backbones won't do it because it might lose them customers. so we're all screwed.

As a wise geek once said.. (1)

SixDimensionalArray (604334) | more than 3 years ago | (#33802516)

I was once told by another fellow Slashgeek, regarding the IPv6/IPv4 debate, that "one cannot boil the ocean"! I think we probably need these interim steps and solutions.. that's probably the only way things will continue working during the changeover. We do have to be careful not to fall into the trap of implementing an interim measure and getting stuck with it for a long time, when the better solution is almost never reached as soon as was desired. How many systems get implemented to be "temporary" and then become production for years?

At the same time, massive direct cutover changes almost never work. Although, that may not be entirely true - the recent change from analog to digital television seems to have gone reasonably well and that was a direct cutover.

6d

no it can't. (1)

smash (1351) | more than 3 years ago | (#33802530)

We have 3.7bn IPV4 addresses. That won't even cover 1 device per person, before even taking into account losses due to subnetting. The population is growing exponentially, and we should probably plan on the number of IP enabled devices growing even faster than that (higher number of devices per person).

NAT, large scale or otherwise is only a band-aid delaying the inevitable.

Its a horrible hack that breaks many protocols and causes all sorts of problems when you want to (say) join two previously private networks together only to find that they're using the same internal network range.

NAT got us through the late 90s while IPV6 was being finalized. It is truly time to let IPV4 go and get on with the changeover. Other countries (china) are already implementing large-scale IPV6 networks due to an inability to acquire IPV4 - so it can certainly be done.

Big NAT - sword cuts both ways - no need for IPv6? (2, Interesting)

Anonymous Coward | more than 3 years ago | (#33802532)

The other side of big NATs is that they could make IPv6 unnecessary. With big NATs everybody could have private IPv4 space with the public IPv4 space being used to connect the private spaces.

Protocols that don't like NATs are protocols that violate the principle of independence of protocol layers. Things like SIP and FTP are hard to NAT because they carry lower level addresses. Nobody cares about FTP any more but SIP is a security and implementation nightmare that is going to need to be re-designed from scratch anyway.

The net is moving towards a world in which users see the net not as a means to transport packets end-to-end but rather as a platform to support various applications. That means that what is becoming important are application level gateways to bridge application services rather than a seamless IP address space.

Re:Big NAT - sword cuts both ways - no need for IP (1)

Anpheus (908711) | more than 3 years ago | (#33802768)

We should have huge NATs connecting large private spaces together, with most people talking through multiple layers of NAT?

FTP and SIP don't work because they "carry lower level addresses", like what, IP addresses? It's not like they use the MAC to connect.

Are you insane?

Trapped (2)

Bookwyrm (3535) | more than 3 years ago | (#33802560)

Hah. The only way this will work is if they make an extremely good IPv4/IPv6 NAT gateway. Except, if they make one that does a good job such that people are going IPv4->IPv6->IPv4 and everything basically works, then people will wonder why they don't just do an extremely good IPv4 NAT solution and go IPv4->IPv4 and drop the entire IPv6 part.

Bad doctor (0)

gmuslera (3436) | more than 3 years ago | (#33802608)

Maybe could save IPv4... but will kill internet.

NAT != Security (1)

Monoman (8745) | more than 3 years ago | (#33802650)

In addition to using NAT to conserve IPv4 space it is still being sold as a more secure setup. NAT provides obscurity but not really security. A decent firewall is only going to allow what you configure it to allow. The only benefit I can think of is it may reduce the scope of subnet scans your network is subjected to. Then again, the bots/scripts are scanning em all anyway.

Re:NAT != Security (1)

geekpowa (916089) | more than 3 years ago | (#33802784)

NAT does provide security : it shuts down a large number of attack vectors. It is not comprehensive but there is a significant difference in security profile between a device which is globally addressable vs a device which is only addressable on a local network and/or when it initiates a network link.

A firewall is merely another means to shut down some of those attack vectors. The more unobtrusive security layers you have the better. NAT is perfect for home use and it is what I use. If I want a global IP, which I do have various needs for: I subscribe to a VPS service and forward ports across SSH where necessary. Cheap and easy and not something every Internet user needs. My fridge certainly doesn't need a globally addressable number.

Re:NAT != Security (0)

Anonymous Coward | more than 3 years ago | (#33802796)

So if my Router already throws every external connection into the bin if its not on a port I specified for forward I will not have additional security?
You have to own my router first (yeah, some models are easy to take but a OpenWRT which is basically a small Linux system?).

Re:NAT != Security (1)

j h woodyatt (13108) | more than 3 years ago | (#33802876)

Jumping the gun on this thread, aren't you? Nobody is arguing for large-scale IPv4/NAT out of a security consideration.

Work your way out (1)

invisik (227250) | more than 3 years ago | (#33802710)

Maybe they can start at the backbones by converting to IPv6 and NAT to the rest of the world. Then, they can implement IPv6 as they reach out and keep pushing the NAT farther and farther out until it's at the ISP level (where hopefully they've been starting to work on their own IPv6 implementation).

What we really should do it have a cut off day, like digital TV, for the switch to IPv6. It worked great for TV! :)

-m

Pirates rejoice (5, Interesting)

lullabud (679893) | more than 3 years ago | (#33802746)

This would be great for pirates, who the hell would the MPAA and RIAA sue if everybody in one region shared a single IP#?

Re:Pirates rejoice (1)

j h woodyatt (13108) | more than 3 years ago | (#33802866)

All the LSN implementations I know about are carefully engineered to comply with CALEA, so um, no. Try again.

Re:Pirates rejoice (1)

JesseMcDonald (536341) | more than 3 years ago | (#33803010)

That sounds nice, but in practice you probably wouldn't be able to connect at all. At least one side must have a public IP address for P2P to work (with TCP), or at least be able to open incoming ports with something like UPnP. What do you think the odds are of ISPs letting customers reserve incoming ports? UDP-based NAT traversal may be possible with help from a public server.

Either way, the AAs would still be able to identify individual users via a combination of port and public IP address.

If ISP's had their way (1)

EmagGeek (574360) | more than 3 years ago | (#33802760)

iptables -s YOU -p tcp --dport ! 80 -j DROP

CGN and Dual Stack (1)

cdogg4ya (198266) | more than 3 years ago | (#33802804)

Yes, there will be Carrier Grade NAT (CGN) used for the time to be. You will primarily see if in Mobile Wireless networks for handsets that don't require a full Internet connection but other ISP's will eventually be forced to do the same. That said, CGN is required so that we can do Dual Stack (where you have both an IPv4 and IPv6 address). This is the most commonly accepted transition technique and really the best available. It works by using the DNS system to determine if the name you are trying to resolve has a AAA or AAAA (referred to as a Quad A) record. The IP stacks of today are set to prefer Quad A over AAA records so if a site has a IPv6 address (or Quad A record) you will hit the site using your IPv6 connection. CGN is a IPv4 technology and not a IPv4 to IPv6 Gateway. CGN just allows us to do a massive amount of NAT44 that most of our current NAT devices can't handle.

Really there is nothing to see here that hasn't been said over and over again on every "World ending IPv4 shortage" article on Slashdot. Yes, the threat is real. Does it really matter to many people outside of Service Providers, not really because almost everyone else is doing NAT44 today anyone in one form or another. As usual, what should be taken from this is that if you are a Network Engineer responsible for managing a network, you should be taking the time to take inventory of your IPv4 space and making plans for implementing Dual stack in the near future.

Save it? (1)

TheCount22 (952106) | more than 3 years ago | (#33803008)

Who on earth would want to save IPv4?

Carrier grade NAT is the dumbest idea yet. Just ditch the junk and move on.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?