Re: IPv4 address shortage? Really?
misguided idea of someone who's way too invested in IPv4 and hasn't made any necessary plans or steps to implement IPv6 Lack of planning or good business? http://www.bbc.co.uk/news/technology-12859585 Raymond Macharia On Tue, Mar 8, 2011 at 5:15 AM, Jima na...@jima.tk wrote: On 3/7/2011 5:43 AM, Vadim Antonov wrote: I'm wondering (and that shows that I have nothing better to do at 3:30am on Monday...) how many people around here realize that the plain old IPv4 - as widely implemented and specified in standard RFCs can be easily used to connect pretty much arbitrary number (arbitrary means 2^256) of computers WITHOUT NETWORK ADDRESS TRANSLATION. Yes, you hear me right. This seems like either truly bizarre trolling, or the misguided idea of someone who's way too invested in IPv4 and hasn't made any necessary plans or steps to implement IPv6. To implement this -- which, to begin with, seems like a bad idea to me (and judging by Mr. Andrews' response, others) -- you'd have to overhaul software on many, many computers, routers, and other devices. (Wait, why does this sound familiar?) Of course, the groundwork would need to be laid out and discussed, which will probably cost us a few years...too bad we don't have a plan that could be put into action sooner, or maybe even was already deployed. Anyway, the needless ROT13 text fairly well convinced me that our messages may be traveling over an ethernet bridge. Jima
Re: IPv4 address shortage? Really?
On Tue, 2011-03-08 at 07:37 -0500, Steven Bellovin wrote: ...well, kind of. What you don't mention is that it was thought to be ugly and rejected solely on the aesthetic grounds. Which is somewhat different from being rejected because it cannot work. No. It was rejected because routers tended to melt down into quivering puddles of silicon from seeing many packets with IP options set -- a fast trip to the slow path. Let me get it right... an important factor in the architectural decision was that the current OFRV implementation of a router was buggy-by-design? Worse, when having a choice between something which already worked (slow as it were - the IPv4 options) and something which didn't exist at all (the new L3 frame format) the chosen one was the thing which didn't exist. Any wonder it took so long to get IPv6 into any shape resembling working? It also requires just as many changes to applications and DNS content, and about as large an addressing plan change as v6. There were more reasons, but they escape me at the moment. Not really. DNS change is trivial; and if 64-bit extended IPv4 address was choosen (instead of a new address family) 80% applications would only needed to be recompiled with a different header file having long long instead of int in s_addr. Most of the rest would only need a change in a data type and maybe in custom address-to-string formats. Compare that with try-one-address family and if failed try another logic which you need to build into every app with the dual-stack approach. Do you remember the mighty trouble with changing from 32-bit file sizes to 64-bit size_t in Linux? No? That's the point. valdis.kletni...@vt.edu wrote: Steve, you of all people should remember the other big reason why: pathalias tended to do Very Bad Things like violating the Principle of Least Surprise As the guy who implemented the country-wide domain name e-mail router over UUCP, I remember this issue pretty well. In any case, it is not applicable if you structure 32-bit address spaces into a tree. Which maps very nicely onto the real-life Internet topology. Steven Bellovin wrote: And then some other dim bulb will connect one of those 5 layers to the outside world... A dim bulb has infinite (and often much subtler) ways of screwing routing in his employer's network. Protecting against idiots is the weakest argument I ever heard for architectural design. (Now, I don't deny value of designing UIs and implementation logic in a way which helps people to avoid mistakes... how could I, having been doing GPS Z to SQL just a few hours ago, in IMC:) So. You pretty much confirmed my original contention that the choice was made not because of technical merits of the LSRR or IPv4 extended address option but merely because people wanted to build beautifully perfect Network Two - at the expense of compatibility and ease of transition. Well, I think IPv4 will outlive IPv6 for precisely this reason. The real-life users don't care about what's under the hood - but they do care that the stuff they used to have working will keep working. And the real-life net admins would do whatever it takes to keep the users happy - even if it is ugly as hell. --vadim
Re: IPv4 address shortage? Really?
On 3/8/11 2:32 PM, valdis.kletni...@vt.edu wrote: On Tue, 08 Mar 2011 07:37:27 EST, Steven Bellovin said: No. It was rejected because routers tended to melt down into quivering puddles of silicon from seeing many packets with IP options set -- a fast trip to the slow path. It also requires just as many changes to applications and DNS content, and about as large an addressing plan change as v6. There were more reasons, but they escape me at the moment. Steve, you of all people should remember the other big reason why: pathalias tended to do Very Bad Things like violating the Principle of Least Surprise if there were two distinct nodes both called 'turtlevax' or whatever. That, and if you think BGP convergence sucks, imagine trying to run pathalias for a net the size of the current Internet. :) No No. That was Mel Pleasant and me– the RABID REROUTERs. And people weren't all THAT surprised. But beyond that, I've actually done some analysis on doing nearly just that. If you think about it there are about 300,000 entries, and this is not beyond the capacity of an O(nlog(n)) algorithm like, for instance, Dijkstra in a modern world. And before you say, “Ew! SPF for Interdomain”, we had the precise same debate for IGP back in 1990 or so. The only big difference is that exposing of policy in SPF isn't that desirable. And quite frankly the idea has gone around a few times, the one that remains in my head was TRIAD, which was work done by Gritter and Cheriton. Eliot
Re: IPv4 address shortage? Really?
On Wed, 09 Mar 2011 03:34:18 PST, Vadim Antonov said: Steven Bellovin wrote: And then some other dim bulb will connect one of those 5 layers to the outside world... Broken attribution alert - I wrote that, not Steve.. A dim bulb has infinite (and often much subtler) ways of screwing routing in his employer's network. Protecting against idiots is the weakest argument I ever heard for architectural design. Yes, a dim bulb can do other things. That doesn't mean it's OK to simply ignore totally predictable failure modes. Consider BGP - what happens when some dim bulb manages to create a routing loop? What would have happened if the BGP designers had said We're not going to worry about this because there's other things the dim bulb can do to hose himself? pgpUn7fNPfvjz.pgp Description: PGP signature
Re: IPv4 address shortage? Really?
On Tue, Mar 8, 2011 at 1:21 PM, Nathan Eisenberg nat...@atlasnetworks.us wrote: What happens when countries are formed from secession? Does one half have to renumber? ;) There's a civil war and the winner takes all -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: IPv4 address shortage? Really?
Christopher Morrow morrowc.li...@gmail.com wrote: Gbqq Haqrejbbq jbhyq ybir lbhe fbyhgvba! Cebcf! I'm sure he would:) Though I can't claim a credit for the idea... it's way too old, so old, in fact, that many people have forgotten all about it. Mark Andrews ma...@isc.org wrote: This has been thought of before, discussed and rejected. Of course, it was Discussed and Rejected. I fall to my knees and beg the forgiveness from those On High who bless us with Their Infinite Wisdom and Foresight. How could I presume to challenge Their Divine Providence? Mea culpa, mea maxima culpa. ...well, kind of. What you don't mention is that it was thought to be ugly and rejected solely on the aesthetic grounds. Which is somewhat different from being rejected because it cannot work. Now, I'd be first to admit that using LSRR as a substitute for straightforward address extension is ugly. But so is iBGP, CIDR/route aggregation, running interior routing over CLNS, and (God forbid, for it is ugly as hell) NAT. Think of it, dual stack is even uglier. At least, with LSRR-based approach you can still talk to legacy hosts without building completely new and indefinitely maintaining a parallel legacy routing infrastructure. Scott W Brim scott.b...@gmail.com wrote: There are a number of reasons why you want IP addresses to be globally unique, even if they are not globally routed. And do you have it now? The last time I checked, NAT was all over the place. Ergo - global address uniqueness (if defined as having unique interface address labels) is not necessary for practical data networking. In fact, looking at two or more steps in the source route taken together as a single address gives you exactly what you want - the global uniqueness, as long as you take care to alternate disjoint address spaces along the path and designate one of these spaces (the existing publicly routeable space) as the root from which addressing starts. Bill Manning bmann...@vacation.karoshi.com wrote: just a bit of renumbering... Ah, that's nice, but I don't propose expanding use of NAT. Or renumbering on massive scale. In fact I want to remind that NAT was never a necessity. It's a temporary fix which gave IPv4 a lot of extra mileage and became popular precisely because it didn't break networking too much while allowing folks to keep using the existing stuff. The real problem with NAT is called P2P (and I think it will become important enough to become the death of NAT). Jima na...@jima.tk wrote: This seems like either truly bizarre trolling, I guess you haven't been around NANOG (and networking) too long, or you'd be careful to call me a troll:) What I want is to remind people that with a little bit of lateral thinking we can get a lot more mileage out of the good old IPv4. Its death was predicted many times already. (Let me remember... there was that congestion collapse, then it was the routing table overwhelming the IGPs, and then there was that shortage of class Bs and routing tables outgrowing RAM in ciscos, and then there was a heated battle over IP address ownership, and there was the Big Deal about n^2 growth of iBGP mesh). I don't remember what was the deal with Bob Metcalfe and his (presumably eaten) hat. Something about Moore's Law? or the misguided idea of someone who's way too invested in IPv4 and hasn't made any necessary plans or steps to implement IPv6. Too invested in IPv4? Like, the Internet and everybody on it? You know, I left the networking soapbox years ago, and I couldn't care less about the religious wars regarding the best ways to shoot themselves in the foot. The reason why I moved to different pastures was sheer boredom. The last interesting development in the networking technology was when some guy figured out that you can shuffle IP packets around faster than you can convert a lambda from photons to electrons - and thus has shown that there's no technological limitation to the bandwidth of Internet backbones. you'd have to overhaul software on many, many computers, routers, and other devices. (Wait, why does this sound familiar?) You probably missed the whole point - which is that unlike dual-stack solution using LSRR leverages existing, installed, and paid for, infrastructure. too bad we don't have a plan that could be put into action sooner The cynical old codgers like yours truly have predicted that the whole IPv6 saga would come precisely to that - when it was beginning. The reason for that is called the Second System Effect of which IPv6 is a classical example. A truly workable and clean solution back then would be to simply add more bits to IPv4 addresses (that's what options are for). Alas, a lot of people thought that it would be very neat to replace the whole piston engine with a turbine powerplant instead of limiting themselves to changing spark plugs and continuing on the way to the real job (namely, making moving bits from place A to place B as cheap and fast as
Re: IPv4 address shortage? Really?
...well, kind of. What you don't mention is that it was thought to be ugly and rejected solely on the aesthetic grounds. Which is somewhat different from being rejected because it cannot work. Now, I'd be first to admit that using LSRR as a substitute for straightforward address extension is ugly. But so is iBGP, CIDR/route aggregation, running interior routing over CLNS, and (God forbid, for it is ugly as hell) NAT. No. It was rejected because routers tended to melt down into quivering puddles of silicon from seeing many packets with IP options set -- a fast trip to the slow path. It also requires just as many changes to applications and DNS content, and about as large an addressing plan change as v6. There were more reasons, but they escape me at the moment. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: IPv4 address shortage? Really?
It would be a lot easier to do it by continent. 3 bits at prepend. We only have 7 of those and Antarctica likely doesn't need several billion addresses anyway. Got some leftover for the United Federation of Planets. :) (or whatever other semi-practical use that may be dreamed up) You could do the same type of thing with E.164 country code ideas, but that may be a bit stranger and drive the need for more RIRs along the way. Scott On 3/8/11 2:18 AM, George Bonser wrote: well... not that it gained any traction atall, but given the actual size/complexity of the global interconnect mesh, we -could- ease the transition timing by many years with the following administrative change. No tricks, no OS hacks, no changes to software anywhere.. just a bit of renumbering... recipie: the usable IPv4 ranges RFC 1918 Step one: Invert RFC 1918 to define the global Internets interconnection mesh. Step two: make all other usable IPv4 space private. Serves 2,000,000 million clients w/o changing to a new protocol family. Enjoy! --bill And I fully expect that to be done at some point or another. Country takes the entire 32bit address space for itself. You want to serve that country? Fine, apply for an allocation out of their /0 and route to it over v6.
Re: IPv4 address shortage? Really?
On Tue, 08 Mar 2011 07:37:27 EST, Steven Bellovin said: No. It was rejected because routers tended to melt down into quivering puddles of silicon from seeing many packets with IP options set -- a fast trip to the slow path. It also requires just as many changes to applications and DNS content, and about as large an addressing plan change as v6. There were more reasons, but they escape me at the moment. Steve, you of all people should remember the other big reason why: pathalias tended to do Very Bad Things like violating the Principle of Least Surprise if there were two distinct nodes both called 'turtlevax' or whatever. That, and if you think BGP convergence sucks, imagine trying to run pathalias for a net the size of the current Internet. :) pgp0h2KPPKdCm.pgp Description: PGP signature
Re: IPv4 address shortage? Really?
On Mar 8, 2011, at 8:32 59AM, valdis.kletni...@vt.edu wrote: On Tue, 08 Mar 2011 07:37:27 EST, Steven Bellovin said: No. It was rejected because routers tended to melt down into quivering puddles of silicon from seeing many packets with IP options set -- a fast trip to the slow path. It also requires just as many changes to applications and DNS content, and about as large an addressing plan change as v6. There were more reasons, but they escape me at the moment. Steve, you of all people should remember the other big reason why: pathalias tended to do Very Bad Things like violating the Principle of Least Surprise if there were two distinct nodes both called 'turtlevax' or whatever. That, and if you think BGP convergence sucks, imagine trying to run pathalias for a net the size of the current Internet. :) It wouldn't -- couldn't -- work that way. Leaving out longer paths (for many, many reasons) and sticking to 64-bit addresses, every host would have a 64-bit address: a gateway and a local address. For multihoming, there might be two or more such pairs. (Note that this isn't true loc/id split, since the low-order 32 bits aren't unique.) There's no pathalias problem at all, since we don't try to have a unique turtlevax section. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: IPv4 address shortage? Really?
On Tue, 08 Mar 2011 08:43:53 EST, Steven Bellovin said: It wouldn't -- couldn't -- work that way. Leaving out longer paths (for many, many reasons) and sticking to 64-bit addresses, every host would have a 64-bit address: a gateway and a local address. For multihoming, there might be two or more such pairs. (Note that this isn't true loc/id split, since the low-order 32 bits aren't unique.) There's no pathalias problem at all, since we don't try to have a unique turtlevax section. Sticking to 64-bit won't work, because some organizations *will* try to dig themselves out of an RFC1918 quagmire and get reachability to the other end of our private net by applying this 4 or 5 times to get through the 4 or 5 layers of NAT they currently have. And then some other dim bulb will connect one of those 5 layers to the outside world... pgpYf5od6c70H.pgp Description: PGP signature
Re: IPv4 address shortage? Really?
On Mar 8, 2011, at 11:21 09AM, valdis.kletni...@vt.edu wrote: On Tue, 08 Mar 2011 08:43:53 EST, Steven Bellovin said: It wouldn't -- couldn't -- work that way. Leaving out longer paths (for many, many reasons) and sticking to 64-bit addresses, every host would have a 64-bit address: a gateway and a local address. For multihoming, there might be two or more such pairs. (Note that this isn't true loc/id split, since the low-order 32 bits aren't unique.) There's no pathalias problem at all, since we don't try to have a unique turtlevax section. Sticking to 64-bit won't work, because some organizations *will* try to dig themselves out of an RFC1918 quagmire and get reachability to the other end of our private net by applying this 4 or 5 times to get through the 4 or 5 layers of NAT they currently have. And then some other dim bulb will connect one of those 5 layers to the outside world... Those are just a few of the many, many reasons I alluded to... The right fix there is to define AA records that only have pairs of addresses. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: IPv4 address shortage? Really?
On Mon, Mar 7, 2011 at 6:43 AM, Vadim Antonov a...@kotovnik.com wrote: --vadim P.S. Hfr YFEE gb ebhgr orgjrra cevingr nqqerff fcnprf bire choyvpnyyl ebhgrq fcnpr, Yhxr. Guvax bs cevingr nqqerff ovgf nf n evtug-fvqr rkgrafvba gb gur sbhe-bpgrg choyvp nqqerff. P.P.S. Gb rkgraq shegure, nygreangr gjb qvfgvapg cevingr nqqerff fcnprf, nf znal gvzrf nf lbh pna svg vagb gur urnqre. Gbqq Haqrejbbq jbhyq ybir lbhe fbyhgvba! Cebcf!
Re: IPv4 address shortage? Really?
This has been thought of before, discussed and rejected. In message 1299498200.29652.40.ca...@kotti.kotovnik.com, Vadim Antonov writes : I'm wondering (and that shows that I have nothing better to do at 3:30am on Monday...) how many people around here realize that the plain old IPv4 - as widely implemented and specified in standard RFCs can be easily used to connect pretty much arbitrary number (arbitrary means 2^256) of computers WITHOUT NETWORK ADDRESS TRANSLATION. Yes, you hear me right. And, no, it does not require any changes any in the global routing infrastructure - as implemented now, and most OS kernels (those which aren't broken-as-designed, grin) would do the trick just fine. None of that dual-stack stupidity, and, of course, no chicken-and-egg problem if the servers and gateways can be made to respect really old and well-established standards. DNS and most applications would need some (fairly trivial) updating, though, to work properly with the extended addressing; and sysadmins would need to do tweaks in their configs since some mythology-driven security can get in the way. But they don't have to do that en mass and all at once. The most obvious solution to the non-problem of address space shortage is the hardest to notice, ain't it? --vadim P.S. Hfr YFEE gb ebhgr orgjrra cevingr nqqerff fcnprf bire choyvpnyyl ebhgrq fcnpr, Yhxr. Guvax bs cevingr nqqerff ovgf nf n evtug-fvqr rkgrafvba gb gur sbhe-bpgrg choyvp nqqerff. P.P.S. Gb rkgraq shegure, nygreangr gjb qvfgvapg cevingr nqqerff fcnprf, nf znal gvzrf nf lbh pna svg vagb gur urnqre. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: IPv4 address shortage? Really?
On 3/7/2011 5:43 AM, Vadim Antonov wrote: I'm wondering (and that shows that I have nothing better to do at 3:30am on Monday...) how many people around here realize that the plain old IPv4 - as widely implemented and specified in standard RFCs can be easily used to connect pretty much arbitrary number (arbitrary means 2^256) of computers WITHOUT NETWORK ADDRESS TRANSLATION. Yes, you hear me right. This seems like either truly bizarre trolling, or the misguided idea of someone who's way too invested in IPv4 and hasn't made any necessary plans or steps to implement IPv6. To implement this -- which, to begin with, seems like a bad idea to me (and judging by Mr. Andrews' response, others) -- you'd have to overhaul software on many, many computers, routers, and other devices. (Wait, why does this sound familiar?) Of course, the groundwork would need to be laid out and discussed, which will probably cost us a few years...too bad we don't have a plan that could be put into action sooner, or maybe even was already deployed. Anyway, the needless ROT13 text fairly well convinced me that our messages may be traveling over an ethernet bridge. Jima
Re: IPv4 address shortage? Really?
There are a number of reasons why you want IP addresses to be globally unique, even if they are not globally routed.
Re: IPv4 address shortage? Really?
On Mar 7, 2011, at 8:48 PM, Mark Andrews wrote: This has been thought of before, discussed and rejected. But has this: http://tools.ietf.org/id/draft-terrell-math-quant-ternary-logic-of-binary-sys-12.txt ? Please read and explain *exactly* why it doesn't work... W In message 1299498200.29652.40.ca...@kotti.kotovnik.com, Vadim Antonov writes : I'm wondering (and that shows that I have nothing better to do at 3:30am on Monday...) how many people around here realize that the plain old IPv4 - as widely implemented and specified in standard RFCs can be easily used to connect pretty much arbitrary number (arbitrary means 2^256) of computers WITHOUT NETWORK ADDRESS TRANSLATION. Yes, you hear me right. And, no, it does not require any changes any in the global routing infrastructure - as implemented now, and most OS kernels (those which aren't broken-as-designed, grin) would do the trick just fine. None of that dual-stack stupidity, and, of course, no chicken-and-egg problem if the servers and gateways can be made to respect really old and well-established standards. DNS and most applications would need some (fairly trivial) updating, though, to work properly with the extended addressing; and sysadmins would need to do tweaks in their configs since some mythology-driven security can get in the way. But they don't have to do that en mass and all at once. The most obvious solution to the non-problem of address space shortage is the hardest to notice, ain't it? --vadim P.S. Hfr YFEE gb ebhgr orgjrra cevingr nqqerff fcnprf bire choyvpnyyl ebhgrq fcnpr, Yhxr. Guvax bs cevingr nqqerff ovgf nf n evtug-fvqr rkgrafvba gb gur sbhe-bpgrg choyvp nqqerff. P.P.S. Gb rkgraq shegure, nygreangr gjb qvfgvapg cevingr nqqerff fcnprf, nf znal gvzrf nf lbh pna svg vagb gur urnqre. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org W PS: :-) doh! ROT13 fails to be interesting on punctuation
Re: IPv4 address shortage? Really?
On Mon, Mar 07, 2011 at 08:15:20PM -0600, Jima wrote: On 3/7/2011 5:43 AM, Vadim Antonov wrote: I'm wondering (and that shows that I have nothing better to do at 3:30am on Monday...) how many people around here realize that the plain old IPv4 - as widely implemented and specified in standard RFCs can be easily used to connect pretty much arbitrary number (arbitrary means 2^256) of computers WITHOUT NETWORK ADDRESS TRANSLATION. Yes, you hear me right. This seems like either truly bizarre trolling, or the misguided idea of someone who's way too invested in IPv4 and hasn't made any necessary plans or steps to implement IPv6. To implement this -- which, to begin with, seems like a bad idea to me (and judging by Mr. Andrews' response, others) -- you'd have to overhaul software on many, many computers, routers, and other devices. (Wait, why does this sound familiar?) Of course, the groundwork would need to be laid out and discussed, which will probably cost us a few years...too bad we don't have a plan that could be put into action sooner, or maybe even was already deployed. Anyway, the needless ROT13 text fairly well convinced me that our messages may be traveling over an ethernet bridge. Jima well... not that it gained any traction atall, but given the actual size/complexity of the global interconnect mesh, we -could- ease the transition timing by many years with the following administrative change. No tricks, no OS hacks, no changes to software anywhere.. just a bit of renumbering... recipie: the usable IPv4 ranges RFC 1918 Step one: Invert RFC 1918 to define the global Internets interconnection mesh. Step two: make all other usable IPv4 space private. Serves 2,000,000 million clients w/o changing to a new protocol family. Enjoy! --bill
RE: IPv4 address shortage? Really?
well... not that it gained any traction atall, but given the actual size/complexity of the global interconnect mesh, we -could- ease the transition timing by many years with the following administrative change. No tricks, no OS hacks, no changes to software anywhere.. just a bit of renumbering... recipie: the usable IPv4 ranges RFC 1918 Step one: Invert RFC 1918 to define the global Internets interconnection mesh. Step two: make all other usable IPv4 space private. Serves 2,000,000 million clients w/o changing to a new protocol family. Enjoy! --bill And I fully expect that to be done at some point or another. Country takes the entire 32bit address space for itself. You want to serve that country? Fine, apply for an allocation out of their /0 and route to it over v6.
RE: IPv4 address shortage? Really?
And I fully expect that to be done at some point or another. Country takes the entire 32bit address space for itself. You want to serve that country? Fine, apply for an allocation out of their /0 and route to it over v6. What happens when countries are formed from secession? Does one half have to renumber? ;)
