nanog mailing list archives
Re: moving to IPv6
From: Dirk Harms-Merbitz <dirk () orlando power net>
Date: Mon, 3 Nov 1997 10:51:39 -0800
It might be usefull to take into account where the explosion in IP addressable devices is supposed to come from. Embedded devices don't usually need globally unique addresses, i.e. my house might have a globally unique address, but my toaster won't. And my VCR can just go through NAT go update its TV schedule at night. Web servers no longer need globally unique addresses for every virtual website. These addresses will become available again in the next couple years. Web browsers certainly don't need globally unique addresses. My guess is that IPv4 will tie us over until photonic routing changes the rules of the game in 5-10 years anyways. Dirk On Mon, Nov 03, 1997 at 01:23:18PM -0500, Thomas Narten wrote:
"Sean M. Doran" <smd () clock org> writes:The thing that amazes me about people who are fans of IPv6 is that they have realized that NAT is THE fundamental scaling technology for the Internet.I would prabably be tarred as being a fan of IPv6, and this realization is news to me. What I do think is clear is that NAT has some very immediate short-term benefits. What I am very much less clear about is what happens long term. NAT "fixes" some immediate problems by pushing those problems elsewhere (e.g., your observation later that higher layers better not violate certain assumptions). Whether the problems that crop up elsewhere are easier to solve than the current ones (e.g. CIDR-style forced renumbering) is IMO an open question.The technical goal is that end to end services will work, period, in all cases. This is possible provided that the higher order protocols do not make invalid assumptions about the transport layer. Most importantly, just as CIDR requires that protocol implementations respect that IP addresses may change over time, NAT as THE new fundamental scaling technology requires that protocol implementations respect that IP addresses may change over space as well.OK. So IPSec and most other security protocols are botched? Fundamentally, security likes the idea that it trusts no one other than the originator of data and the ultimate destination of data. That means no one in between should be able to examine the data, much less modify any of it. That includes NATs rewritting addresses. IPSec (and DNSSEC) do not allow addresses to be rewritten in packets. Full Stop. Thomas
Current thread:
- Re: moving to IPv6, (continued)
- Re: moving to IPv6 Sean M. Doran (Nov 03)
- Re: moving to IPv6 Vadim Antonov (Nov 02)
- Re: moving to IPv6 Thomas Narten (Nov 03)
- Re: moving to IPv6 John Curran (Nov 03)
- Re: moving to IPv6 Thomas Narten (Nov 03)
- Re: moving to IPv6 Jeremy Porter (Nov 03)
- Message not available
- IPsec processing & NAT (was Re: moving to IPv6) Ran Atkinson (Nov 03)
- Re: moving to IPv6 Gary E. Miller (Nov 05)
- Message not available
- Overloaded semantics (was Re: moving to IPv6) Ran Atkinson (Nov 03)
- Re: Overloaded semantics (was Re: moving to IPv6) Thomas Narten (Nov 05)
- Re: moving to IPv6 Dirk Harms-Merbitz (Nov 03)
- Re: moving to IPv6 Pedro Marques (Nov 03)
- Re: moving to IPv6 Karl Denninger (Nov 03)
- Re: moving to IPv6 Phillip Vandry (Nov 05)
- Re: moving to IPv6 Sean M. Doran (Nov 07)
- Re: moving to IPv6 Karl Denninger (Nov 07)
- Re: moving to IPv6 John A. Tamplin (Nov 07)
- Re: moving to IPv6 Karl Denninger (Nov 07)
- Re: moving to IPv6 Gary E. Miller (Nov 07)
- Re: moving to IPv6 Vadim Antonov (Nov 07)
- Re: moving to IPv6 Randy Bush (Nov 07)