|
The theory put forward by the IETF was simple enough… while there were still enough IPv4 addresses, use transition technologies to migrate to dual stack and then wean IPv4 off over time. All nice and tidy. The way engineers, myself included, liked it. However those controlling the purse strings had a different idea. There was, don’t spend a cent on protocol infrastructure improvement until the absolute last minute—there’s no ROI in IPv6 for shareholders. Getting in front of the problem at the expense of more marketable infrastructure upgrades was career suicide.
Graph from my 2008 sales presentation… sound but not convincing
By considering this a technical issue rather than a business one, it was easier to delay the inevitable but this had unintended consequences. The fewer IPv4 addresses there were, the fewer technical options there were to address the problem. This coupled with a simpler user experience/expense led us to today and the emergence of the so called Carrier Grade NAT (CGN).
[For a thorough overview of the various flavors of CGN and the choices in front of us, see Phil’s post, The Hatred of CGN on gogoNET. Don’t let the title fool you.]
By deploying CGNs, ISPs are sharing single IPv4 addresses with more and more households and this isn’t good. Why? Because two levels of NAT break things and that leads to unhappy customers. Case in point, British Telecom. BT recently put their retail Option 1 broadband customers (lowest tier) behind CGNs and they are now feeling the pain for a variety of brokenness but mostly because Xbox Live stopped working.
Asian fixed line operators were the first to deploy CGN as a Band-Aid to cover over the problem until the rest of the world standardized on a transition solution. Japan and South Korea notwithstanding I suspect the reasons we haven’t heard the same outcry earlier are cultural and the result of lower expectations/SLAs. However in a mature broadband market like the UK where customers are vocal and expectations/SLAs are high you are going to hear about it. And since there isn’t a steady stream of new customers to offset the churn, this can turn into a PR nightmare resulting in the loss of high acquisition-cost customers.
Expect to see more of these reports as more European and North American ISPs follow suit. The irony here is it was the British who coined the term, “Penny wise and pound foolish”.
Below are a selection of reader comments from the article, “BT Retail in Carrier Grade NAT Pilot”.
Posted by zyborg47 13 days ago:
This IPv4 should have been sorted out a few years back if the larger ISPs have got off their backside and started to change to IPv6 then we would not have this problem and IPv6 routers/modems would not have stayed at such a high price for so long. The problem is now, we the paying public, will suffer because of this, or the poor sods on Bt option one anyway.Posted by Kushan 13 days ago:
If you start trialing CGNAT before you trial IPv6, you’re doing something wrong.Posted by driz 13 days ago
Is CGNAT even technically an ‘internet connection’ anymore?
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byVerisign
Sponsored byWhoisXML API
Sponsored byDNIB.com
Sponsored byRadix
Sponsored byCSC
After reading a recent piece by Geoff Huston about the internet being broken, I thought I might give one view from the trenches and what I have encountered so far.
I have been trying, at the companies where I have worked, to get people to think about IPv6 since 2008. So far I have met pretty much complete resistance, or apathy. It’s been 2 places so far. The last place the boss thought he knew everything, and he wanted nothing to do with IPv6. I have been at the current place for a little over 4 years. The first network manager here said, “What is the business case?” and since I didn’t have one, I let it drop. I have mentioned it a couple of times to the current network manager. The last time he said he didn’t think IPv6 was mature, he didn’t think it was stable, there are new RFCs coming out for IPv6 every day, and he wants to wait 8 years before looking at it. This company has operations in China, India, Europe, Mexico and Brazil, not to mention the U.S. and Canada.
What I find is a deeply ingrained cultural resistance to IPv6 because v4 is not considered to be broken. If it is, someone else will have to worry about it. Someone else will have to pay to fix it. If your WAN is small enough for a /8, then you have nothing to worry about. If access to V6 ever comes up as an issue, your ISP should be able to connect you. And no, besides me, nobody has contacted our ISP, not so far as I know.
I look at our current network manager, and he has a corporate network to manage. “Corporate network” perhaps by definition equals “private /8 network”. This is routers, switches, firewalls, web filters, an internal wi-fi network, a guest wi-fi network, servers, clients, printers, and internet gateways. It all fits rather neatly into a 10.x.y.z space. If any one piece of this is not IPv6 ready, then it just proves that IPv6 is a tomorrow-technology, not a today-technology. Tomorrow being, whenever the bean-counters say there is some money for a pie-in-the-sky abstraction like IPv6. Or when that emergency comes when a customer says, “We’re on IPv6, you are too, right?” Except it is V6 that will be shoehorned into v4, not the other way around.
Now I’ve been thinking more about IPv6, and why people are reluctant to start switching. Increasingly, I think the reasons are psychological. Namely:
1. Unfamiliarity.
2. Sense of being overwhelmed or intimidated.
3. Just don’t want to do it.
4. Convinced for some reason that now is not the time.
5. It’s too abrupt of a change, there are security issues, there is not inter-connectivity between the 2 protocols.
6. believe it or not, contempt or disdain for the idea of migrating to v6. This was actually the case at my previous place of employment. The manager there perceived v6 as a “pie-in-the-sky” academic exercise, an ivory tower type of thing, that would never arrive in the real world. In my experience, this attitude is commonplace.
7. Just don’t have time for it.
The network manager where I work now essentially cites #4 as his reason, in my view. Lack of maturity of IPv6 is the perceived reason he gave me. But really, I personally think it’s a combination of all of the above (except #6).
Some time ago, I got to wondering, if the space from 240.0.0.0 to 255.255.255.254, or at least part of it, could be used to facilitate the migration to IPv6. Someone else thought something similar: unused /4
but the same person who wrote the piece stated the (obvious?) reasons why this was a bad idea. Then in the comments people jump on him for using the “class” terminology when we all know this is obsolete. So, I say instead, what about the /4 that exists up at the high end of the old IPv4 address space. Wasn’t this reserved for future expansion?
I agree, this space could not be allocated for people to use as regular v4 addresses. But, I had a different idea. How to address the psychological resistance I mentioned above that seems to be slowing migration to v6? Anyone can be an armchair quarterback, and unfortunately for me, I have no credentials related to networking. But, if I was the president of the IETF, or on the committee, or whatever body has been working to get everyone switched over to v6, here is what I would do:
Draft an RFC that would require that all the usable addresses in the above-mentioned /4 space be routed to an IPv6 allocation. Take advantage of existing information on which global ISPs have done the best job of creating an IPv6 infrastructure. Design a scheme in which qualifying ISPs can allocate small ranges from the above-mentioned /4 to customers, based on the understanding that when they send packets to any IP address in that range, it will automatically be routed to the IPv6 space. After all, IPv4 addresses can be encapsulated (or represented) inside IPv6 addresses, right?
To me, this helps appease the psychological issues I have already discussed. Objections to my idea might include the following: “The existing IP stack in current OS implementations don’t allow for packets to go to or come from that IP range.” A particular “legacy” OS is mentioned in the link I gave above. But the company that designed that OS could push out a patch for their IP stack, right? It’s software. They are always pushed out patches, fixes, and changes anyways, aren’t they?
“Existing high end routers may also not allow the obsolete addresses from that range.” This is a legitimate objection. That’s when I got to wondering about things like software routers. I began doing Google searches for things like “software router” “open source hardware routers” and other things relating to my solution (as I perceive it). Again I don’t know much about the hardware, but my ideal router would allow me to access a web page for the router and configure routing from any IP range to any IP range, anywhere from 0.0.0.0 - 255.255.255.255 to :: - FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. If not, someone should be able to create such a router in software. The basic nuts and bolts of routing should be well understood by now. Just getting the necessary speed out of a software router is all that would remain. But there is talk of using GPUs with lots of cores for software routers. Or a multicore CPU, such as those being marketed by Tilera (TM) (no affiliation).
“It’s just a stupid idea.” Perhaps. But isn’t Carrier Grade NAT an even stupider idea? I say my idea is not as stupid as CGN. CGN is going in the wrong direction. My idea is at least a half step in the right direction, and it addresses the psychological issues mentioned above.
“But what is the point if it puts people into the v6 space immediately anyways?” The point is, in a Dilbert world, even if the network manager understands that as a practical matter, there is no difference, in some people’s minds, there could be a perceived difference.
“there are existing tools to tunnel from v4 to v6”. True. But they really aren’t dedicated. My idea at least allows the IETF to say “We’re doing everything we can to migrate people to the new internet”. The IP addresses from 240.0.0.0 and up would be allocated based on a qualification process. In this process, an ISP has to demonstrate adequate native connectivity to the V6 space.
Over time, as people get more comfortable with being on IPv6, and as IPv6 becomes more common, people can switch to native v6 all the way around. But in the interim, it gives people a chance to connect to the v6 space in a way that they can feel in control of, and manage.
As for security, existing tools that work on v4 hardware could be adapted to incorporate the existing expansion space (240.x.y.z and up). In a way, my idea provides not a firewall, but a change to inspect all packets coming in from the IPv6 space, before they enter your private network.
I hope people won’t attack me for the naïveté of my question. I am just an ordinary guy working at a place where there is not much going on, waiting to see what is going to happen. I had an idea about doing the Hurricane Electric v6 certification, and I am only so far along. My current home ISP has been dragging their feet getting native v6 connectivity. I concluded a previous ISP was gouging me, and I know a lot of people feel that way about them. Only if I got a new cell phone would I have a chance of getting V6 connectivity, and right now I don’t really need a new phone. But even if I got one, there would be no guarantee.
If nothing else, if people want to comment, and tell me why my idea would not work, at least I would learn something about v6, or human nature, or politics, or some other subject.
The ideal router that could do this might have to have three inputs: one for v6, one for the traditional range of v4 addresses, and one for the above-mentioned /4 that would automatically route to v6. This is the part I don’t know that much about.
The group I see taking up this concept would really be the hobbyists, the kind of person who in the past has gravitated to things like amateur radio, because at first, nobody would see much benefit. To me, if I had the skill set, to design a software router that ran on a multi core CPU, or GPU, would be an interesting project, even if it did not incorporate this idea.