Internet and e-mail policy and practice
including Notes on Internet E-mail


2011
Months
Jul

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Internet

04 Jul 2011

A politically incorrect guide to IPv6, Part II Internet

In a previous message we looked at the question of how hard it will be to get IPv4 address space once the original supply runs out. Today we'll look at the other end of the question, how much v4 address space do people really need?

The end to end principle says, more or less, that all computers on the Internet are in principle the same, any of them can be a server, any can be a client, and the Net should just be a dumb pipe between them, allowing people to invent new applications without having to get permission from, or even notify anyone in between. While this idea has great appeal, for consumers Internet connections, it's much more common to have several kinks in the pipe.

The most common kink is called NAT, Network Address Translation, which means what it sounds like, the addresses on one side of the NAT equipment (typically the router next to or built into a cable or DSL modem) are different from the ones on the other side, and the NAT translates them. The most common use of NAT is on home networks, where a bunch of computers in the home all have different addresses on the local network, but the NAT router has only a single address on the public Internet. (If your PC has an address like 192.168.x.x or 10.x.x.x, that's a private address behind a NAT.) The advantage for the ISP is that no matter how many computers the customer has, they only need a single IP address per customer.

One advantage for the user is that they don't have to deal with their ISP when they add or remove computers on their local network, since the NAT router can do all the management needed on the private network. An equally important one is that NAT provides considerable protection from malicious software elsewhere on the net, since the malware can't connect to computers behind the NAT unless the NAT has been specifically configured to permit it. It also means that even if the ISP changes the address it assigns to the router (which they typically do every few months), the addresses of the computers within the house don't change.

To conserve space, it's not uncommon to use two levels of NAT, so that all the computers in a household sit behind one layer of NAT, and all the houses in a neighborhood sit behind a second "carrier grade" NAT, sharing a small set of public IP addresses. Double NAT is widely considered a perversion of the way the Internet is supposed to work, but I can report from experience that my ISP stuck me behind a double NAT and it was several months before I noticed.

For a long time, quite possibly forever, networks will run dual stack with both IPv4 and IPv6 operating in parallel. It's straightforward to set up a network with NAT on its v4 addresses, but not on its v6 addresses. As ISPs migrate, they can give every customer a chunk of v6 address space so each computer on the home network has a unique address, while using single or double NAT on their v4 addresses. A user's PC connecting to a server via IPv6 will use its real untranslated address, while one connecting via IPv4 will be translated. So it would make sense to first move services to IPv6 that don't work well with NAT, and move with the other ones later, perhaps much later.

There are two reasons that a service might not work well with NAT. One is that the service passes IP or port addresses in its data stream, and the other is that it needs to contact a server behind a NAT. The only popular service that passes IP addresses is FTP, and the workarounds to make FTP clients work behind NAT are well understood, so it's not a problem. But the services that want to run servers behind NAT are peer-to-peer, which most ISPs are not crazy about. Some P2P services are fine, Skype or multiplayer games. But many are not, because they suck up every bit of available bandwidth or are primarily used to exchange illegal material, or often both. (Bittorrent is the usual example.) So perhaps if full end to end IPv6 connectivity doesn't show up as fast as the v6 advocates hope, there's a reason.

In the next (and probably last) installment, I look at e-mail, the service that works the worst with IPv6.


  posted at: 15:22 :: permanent link to this entry :: 5 comments
Stable link is https://jl.ly/Internet/v6incor2.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
Spam trends update for Sep-Nov 2023
55 days ago

A keen grasp of the obvious
Italian Apple Cake
553 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

My Mastodon feed



© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.