Re: Problems with removing NAT from a network

[Matthew Kaufman <matthew () matthew at>]

On 1/5/2011 8:47 PM, Cameron Byrne wrote:
> And, you will notice that the list at
> http://groups.google.com/group/ipv4literals shows only a few web site,
> because there are only a few that have this design flaws.
And the list looks like it does because the list only shows a *few* web 
sites. Other surveys have shown significantly more cases. ( 
http://tools.ietf.org/html/draft-wing-behave-http-ip-address-literals-02#appendix-B 
"An examination of Alexa's top 1 million domains [Alexa] at the end of 
August, 2009, showed 2.38% of the HTML in their home pages contained 
IPv4 address literals."

And the list looks like is does because the list only shows a few *web 
sites*. Quite a few network protocols, particularly peer-to-peer 
protocols, rely on moving around the IP address literals of peers via 
mechanisms other than DNS. This includes BitTorrent, Adobe's RTMFP, and 
Skype's proprietary protocol, and every VoIP system using STUN and/or 
ICE, to name just a few. Once users figure out that none of those will 
work when they use you as an ISP, they'll find one that's chosen a 
better transition technology.

Also note that DNSSEC end-to-end and DNS64/NAT64 are mutually exclusive. 
Now that DNSSEC is actually getting some traction, that's just one more 
reason to chose a different way to transition.

Matthew Kaufman