Celebrating NAT Was: Tolerance

[Phillip Hallam-Baker <phill@hallambaker.com>]

On Tue, Jul 16, 2019 at 7:09 PM Melinda Shore <melinda.shore@gmail.com>
wrote:

> On 7/16/19 2:39 PM, Doug Royer wrote:
> > You can not achieve your goal when you quit. How important are your
> > goals to you?
>
> It seems to me that driving away people with energy and
> ideas because they're not willing to deal with the tone of
> discussions here (and let's be clear: there are no longer
> very many organizations in which abusive language or behavior
> is tolerated) and leave, either to focus on implementation
> or to take their work to another body, the IETF is the loser,
> not the person who left.  I worry about several factors
> degrading the quality of our output and this is certainly one
> of them.
>

It is probably worthwhile recalling that the Web was originally
standardized in IETF. Most of it has left IETF because of the culture
issue. Cross area review sounds like a great idea until you end up with
people insisting on adding prefixes to distinguish URNs from URLs in the
mistaken belief that they are disjoint categories and refusing to accept
they are not.

On the NAT issue, Keith and others were not so nuanced or for that matter
polite back in the days when we ended up destroying the utility of IPSEC on
account of their opinion.

I get the fact that some people are desperate to deploy IPv6 and DNSSEC.
Really, I do. No, I really, really do get that people imagine that tying
some piece of functionality to one or the other is going to help
deployment. That does not mean that they are right or that they should get
their way even if they were.


The reason I deployed NAT in 1997 was simple, my broadband provider charged
$10/mo for every extra IPv4 address. I saw all the nattering about NATs as
frankly an abuse of process to steal money from me and every other Internet
user. It was obvious that 99.9% of users would do exactly the same.

I do not have a nuanced opinion on NAT. I believe it is here to stay so
whether or not it is a good thing is irrelevant. But NAT is in fact useful
even in a pure IPv6 network. I don't want to argue that NAT should be
tolerated, it should be celebrated. Here is why.


The user problem we have to solve here is that we don't have enough IPv4
addresses for every user in the world to have a unique one. We have already
got more users than there are addresses.

We do however have enough IPv6 addresses to give one to every user and the
stock of IPv4 addresses is sufficient to support the number of Internet
hosts that provide services and this should be sufficient till 2050 or so
if not longer.


The Internet is a network of networks. The only technical mandate of the
original Internet was that Internet Protocol be the only protocol used
between the networks joined to the Internet. That protocol used to be IPv4
and it is becoming IPv6.

The idea of IP protocol was not part of the original architecture, it came
later and for the obvious reason that there is no particular advantage to
switching network protocols at the network/internetwork boundary. But it
certainly doesn't follow from the fact that we run IP protocol in the
network and across the inter-network that the IP addresses should be
constant end to end.

If I have a device on my network that I wish to be an internet connected
device that can talk to any other internet device, then it obviously needs
IPv6 because it needs to be able to address any device on the Internet and
there are more than 2^32 devices already. But most devices only need to
connect to a service. My Internet connected blender (talk on Thursday) does
not need to talk to every other blender on the planet. It only needs to
talk to one service.


So rather than trying to insist on phasing out IPv4, we would do much
better to embrace NAT and actively promote, enthusiastically and
unreservedly, a scheme in which they are the agent enabling change that
meets the real near term need which is that a user who is on an IPv6 only
or an IPv6 with a limited share of an IPv4 gets the exact same Internet
service and benefits as a user with a full IPv4.

* Each residence gets an IPv6/104 (or better)
* Every device is assigned an address in 10.x.x.x
* Devices speak IPv4 to each other inside the network.
* Dual stack devices can contact any Internet server without restriction.
* Single stack IPv4 devices can only contact devices inside the network
unless they have help.
* Devise mechanisms that reduce the amount of state that an IPv4 device
needs to contact Internet devices to the bare minimum and allow the NAT to
transport these on IPv6 rather than IPv4 to limit the need for IPv4
addressing at the residence.

My proposal may not look pretty to some but it is essentially the strategy
the industry is adopting regardless of IETF opinion. So why didn't it
happen this way?

Well one reason was that people like me who made this proposal were
bullied. And when we responded to the bullying we were treated the same way
that women often complain of being treated when they make proposals. We
were accused of not being respectful and so on. And then when people took
the ideas we proposed and adopted them, nobody came back and said 'well you
were right'.

Right behind me is a 36" plotter that would cost me $3500 to replace. It
only works on an IPv4 interface. There is absolutely no circumstance in
which I am upgrading that machine just for the sake of IPv6. Now rather
than trying to persuade me to act in a way no ordinary Internet user is
ever going to act, please take my refusal to do so as an example of the
general case.


One of the things I find bizarre about IETF discourse is that there are
people who insist that we have to maintain backwards compatibility with the
PDP/11 era and there are people who advocate a fork lift upgrade of the
entire Internet to support IPv6, and they are the SAME PEOPLE.