Can Large Scale NAT Save IPv4?

Julie188 writes "The sales pitch was that IPv6, with its zillions of new IP addresses, would eliminate the need for network address translation altogether. But Jeff Doyle, one of the guys who literally wrote the book on IPv6, suggests that not only will NAT be needed, but it will be needed to save IPv4 at the tipping point of IPv6 adoption. 'I've written previously that as we make the slow — and long overdue — transition from IPv4 to IPv6, we will soon be stuck with an awkward interim period in which the only new globally routable addresses we can get are IPv6, but most public content we want to reach is still IPv4. Large Scale NAT (LSN, also known as Carrier Grade NAT or CGN) is an essential tool for stretching a service provider's public IPv4 address space during this transitional period.'"

Qwest does this in Omaha

[EmagGeek]

If you're a Qwest customer in Omaha like my inlaws, you get a non-routable from the head end... and the last time I was there, they did not support VPN passthrough (although IIRC you could pay extra for a routable dynamic IP if you wanted VPN to work).

Obviously you haven't had to deal

[Anonymous Coward]

Obviously you haven't had to deal with an entire organization using one IP for several thousand users,
and each user forced to use a NAT again to "protect" against other members of the organization.

Two layers of NAT defeats ALL dynamic DNS, and return traffic.

And this is the goal of every major ISP I've had contact with. They want to force you to use their
servers, and pay for it.

Never mind that they can't handle the problems of that.

P2P will be hard under Large Scale NAT

[jamesh]

Most P2P protocols have at least some trouble working with local NAT. If it was implemented on a large scale there might be a few more problems, and it certainly gives ISP's (the ones running the NAT) more control over the traffic they route. I wonder how quickly the RIAA and friends will pick up on that and start pushing for NAT instead of IPv6...

Re:NOOOOOOO

[hedwards]

That's true, but it should've been done years ago. They dropped support for XP in 2009, at that point IPv6 had been in deployment for over a year.

Big NAT - sword cuts both ways - no need for IPv6?

[Anonymous Coward]

The other side of big NATs is that they could make IPv6 unnecessary. With big NATs everybody could have private IPv4 space with the public IPv4 space being used to connect the private spaces.

Protocols that don't like NATs are protocols that violate the principle of independence of protocol layers. Things like SIP and FTP are hard to NAT because they carry lower level addresses. Nobody cares about FTP any more but SIP is a security and implementation nightmare that is going to need to be re-designed from scratch anyway.

The net is moving towards a world in which users see the net not as a means to transport packets end-to-end but rather as a platform to support various applications. That means that what is becoming important are application level gateways to bridge application services rather than a seamless IP address space.

You mean like ipv6porn ?

[lullabud]

http://www.ipv6porn.co.nz/ [ipv6porn.co.nz] is giving away free porn to anybody who can access it with an ipv6 address

Pirates rejoice

[lullabud]

This would be great for pirates, who the hell would the MPAA and RIAA sue if everybody in one region shared a single IP#?

Re:Hasn't it already?

[Anonymous Coward]

i don't understand why we don't just have modems that use IPv6 for internet connection, but IPv4 to connect to your router/computer?

Port scanning posters; TOS server ban

[tepples]

slashdot.org has no need to access you.

As far as I know, Slashdot does a short port scan on your IPv4 address when you preview or post a comment in order to make sure that your machine isn't an open proxy that might be abused for vandalism. That's why your first preview of the day from a given machine is so slow: it has to wait for the connections to time out.

You use IPv6 in all the cases where you wanted that nice static IPv4 address before: When running peer to peer software. Setting up your small hobby server.

In other words, things that cable and phone companies don't really want customers on the residential plan doing in the first place, as explained in the terms of service.

If all your gaming friends got IPv6, playing on your private IPv6 only game server

By the time that happens in several years, you may have grown out of online gaming. Which of the current video game consoles supports IPv6?

Re:NOOOOOOO

[Anonymous Coward]

Stop the madness. Give us ip6.
We (as a society) would gain so many productive hours without NAT and the shit that comes with it. (Portforwarding etc). We have the technology ready to go and give everything it's unique ip. Can we please use that tech? It's not like it's high-tech or to new to be implemented by now.

ip6 in my opinion is a little redundant.
And NAT is the bomb. It is the best kind of firewall you can have - ie one that doesn't slow down your computer with bloatware. It really is not difficult to forward a router.

The part I don't like about it though, is the addresses.
How easy is it to remember 192.168.2.31 compared to 2001:0db8:ac10:fe01:0000:00000:00000:0000?

Re: Can Large Scale NAT Save IPv4?

[mellon]

The way CGN works is to spread multiple users across the same IP address. So forget about dyndns. Also forget about google maps, because it runs through ports like water, and TCP requires a 90-second timeout before releasing a port. Basically, CGN is a hack to cushion the blow, but it doesn't eliminate the need to switch to IPv6. You will like CGN a lot less than you like your present NAT.

A much better choice would be to go to NAT64. That way you get end-to-end connectivity for the hosts that do IPv6 (e.g., Google Maps can do IPv6 at this point) and use IPv4 ports for the hosts that haven't converted yet. Less demand on the scarce IPv4 ports means better performance for the cases where they are needed. And you get end-to-end when you really care about it--e.g., when Skyping your pal who also has NAT64.

Re:You mean like ipv6porn ?

[Simulant]

That's brilliant. We should force the .xxx domain to use ipv6 only.

Re:NOOOOOOO

[Pentium100]

Me too. I look forward to having no NAT and changing the IPs in my internal network every time I use a different ISP.

"Hmm, my internet connection failed, better connect the backup one. OK, now this ISP gives me xxx:yyy:zzz:xxyz::0 IP, so I now have to go and change the addresses of all my PCs, since they won't be able to access the internet. If only there could be some way to keep the internal IPs constant..."

Currently, the internal IPs of my computers do not depend on which ISP I am connected to.

Re:wrong premise

[sjames]

Practically all of them can support IPv6 with a simple firmware update, but I'm betting the vendors would rather sell you a new router than provide that update.

Re:Hasn't it already?

[TheLink]

@CRC'99 all my equipment (except maybe the cable modem) support #ipv6. stop using #oldshit

Ironically, if you want an IPv6 internet, the cable modem needs IPv6 support more than the other stuff he mentioned.

Re:Port scanning posters; TOS server ban

[Mr. Freeman]

It really depends on the company. Comcast has a strict no servers policy that states "any machine used for a purpose of serving content to anyone outside of the local network". These policies are not designed to prevent you from making money without them charging you for it. These policies are designed to limit bandwidth usage so they don't have to upgrade their infrastructure. Same reason they can drop you for "any use of the network for anything that, in <isp's sole discression> deems "abusive"". Meaning, they can disconnect you for checking your email because they decide it's abusive.

Again, these are all to limit bandwidth usage, not for any legitimate purpose.