RE: Relation email - person (re: Mail sent to midcom)
|-Original Message- |From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] |Sent: Thursday, February 15, 2001 3:49 AM |Subject: Re: Relation email - person (re: Mail sent to midcom) | |25.00% defunct | 0.1% duplicates (same person, different addresses) | 0.01% wrong person | |which is a pretty strong evidence of Harald's assertion: | ||The mapping address - person is pretty strong, and mostly single-valued. ||The mapping person - address is multivalued, and getting more so. | |One would expect that in "clean" data, these mappings would |be even stronger. The first and second statistics can be taken care of with management. The last one is of concern but could also be taken care of with management. Not sure that it is strong evidence. I have multiple e-mail addresses, some of them redirections to other addresses and others that map finally through redirections to multiple addresses and individuals. Take mailing list addresses for instance where a single address resolves out to multiple individuals, some in fact may not be to individuals but expanded out in other directions, add in wap and it starts getting complicated. It may be desirable to have an authoritive address for each individual and I assume this is where this thread is heading. I'm interested in the subject of e-mail which is why I broke my lurking :). Darryl (Dassa) Lynch.
Re: [midcom] WG scope/deliverables
On Wed, Feb 14, 2001 at 10:44:47PM -0500, Keith Moore wrote: it's hardly surprising that professional network administrators are more likely than the average home user to understand the limitations of NATs, [...] a significant percentage of the folks who will drive v6 deployment will be those who have learned about those problems the hard way and are in need of a real solution. they won't be fooled again. Keith, It has been my experience that many of the current network admins today believe NAT is the de facto way of connecting to the Internet. In fact, in one of the network classes I teach, it takes a lot of convincing on my part to show that NAT offers them very little security. Most net admins today have only seen a world through NAT eyes so they don't see the benefits of not having it. If you want people to live in a world without NAT, I think you have to have the killer application that simply will not function properly with it. This is much more difficult than it sounds. As hard as people like the IETF try, many new network protocols will continue to fail if 1) legacy applications are not supported or 2) killer applications are not available to drive the demand. John
Re: [midcom] WG scope/deliverables
David, IPv6 does not solve the need to renumber if you change providers (and no, not everyone can be a provider -- IPv6 uses CIDR, just like IPv4). Until that issue is addressed, there will be NATs. Even for v6. Odd. Every time I renumbered some site (hq.af.mil and sundry other sites sharing similar characteristics), there was neither a NAT prior to, nor subsequent to, the renumbering. I suggest that renumbering pre-existed, and did not motivate, NATtage of the NET. Eric
Re: [midcom] WG scope/deliverables
Well the message I got earlier was the IPv6 will not fix the NAT problem - true or not true? Well, it won't fix the NAT problem in scenarios where v6 is not deployed. But aside from the other answers you've received so far, I've also heard several people mention the need to support something they call "address policy domains." I don't understand why they need it and I don't understand why an address policy domain couldn't be described as, say, 209.4.89.208/28 and I don't understand why it would *require* NAT, but it is something I've heard on several occasions. Melinda
Re: [midcom] WG scope/deliverables
It's our collective job to ensure that IPv6 doesn't leave any of the motivations to do NAT intact. The "hiding" motivation (aka address policy domains) is bogus anyway, and has never been a valid reason for doing IPv4 NAT, so it's particularly hard to combat. Brian Melinda Shore wrote: Well the message I got earlier was the IPv6 will not fix the NAT problem - true or not true? Well, it won't fix the NAT problem in scenarios where v6 is not deployed. But aside from the other answers you've received so far, I've also heard several people mention the need to support something they call "address policy domains." I don't understand why they need it and I don't understand why an address policy domain couldn't be described as, say, 209.4.89.208/28 and I don't understand why it would *require* NAT, but it is something I've heard on several occasions. Melinda
Re: [midcom] WG scope/deliverables
It's our collective job to ensure that IPv6 doesn't leave any of the motivations to do NAT intact. i suggest that, for most of us, there are more useful and concrete major direct goals of ipv6 than anti-nat religion. randy
Re: [midcom] WG scope/deliverables
Eliot, On Wed, 2001.02.14, Eliot Lear wrote: With all the discussion of Napster and so-called "peer to peer" networking, I think NATs are going to become far more visible to users as these applications grow in popularity. Today, you can use something like Gnutella if at least one party is not behind a NAT. With the addressless overlay architecture, you don't need any party to be outside the firewalls. So the premise is incorrect. I'm keeping relatively quiet because I'm busy implementing a prototype system myself, and hope to demo it within this semester (honto ni) :-) (Please read my soon-to-be-published revised paper, which Carpenter says is much clearer than my I-D, temporarily housed at http://affine.watson.ibm.com/tmp/ - see Annals - unlike the Triad, this one's been peer-reviewed and published twice, plus almost all IP protocols would work, not just TCP.) regards, prasad.
Re: [midcom] WG scope/deliverables
Keith, It has been my experience that many of the current network admins today believe NAT is the de facto way of connecting to the Internet. In fact, in one of the network classes I teach, it takes a lot of convincing on my part to show that NAT offers them very little security. Most net admins today have only seen a world through NAT eyes so they don't see the benefits of not having it. As I've seen a lot of this kind of thinking even in IETF, I have no trouble at all believing it exists elsewhere. But people can learn over time, even without a killer app.Of course the problem with NAT is that it inhibits the spread of killer apps - people will never see useful new applications that could run without NATs because NATs prevent them from having a chance to try them out. For me, the entire motiviation behind 6to4 was to give people a way to deploy new kinds of apps without first having to upgrade the infrastructure - the biggest hurdle being to get rid of NATs. If you want people to live in a world without NAT, I think you have to have the killer application that simply will not function properly with it. This is much more difficult than it sounds. As hard as people like the IETF try, many new network protocols will continue to fail if 1) legacy applications are not supported or 2) killer applications are not available to drive the demand. My goals are more modest than that. I accept that NAT will be a fixture in IPv4 forever, and that IPv4 will be used to support important legacy apps for a long time, maybe 20 more years. But I'm trying to get folks in IETF to recognize the problems with NATs (you have to start somewhere), I'm trying to get us to strongly discourage NATs in IPv6, and I'm trying to get us to develop technically sound alternatives to the problems that NATs purport to solve. Keith
Re: [midcom] WG scope/deliverables
On Thu, 2001.02.15, Lloyd Wood wrote: that webpage is still black on black. The style file on http://affine.watson.ibm.com/tmp/ has been commented out, since some versions of Mozilla (4.05 on SunOS 5.6??) appear to be broken. -p.
Re: [midcom] WG scope/deliverables
It's our collective job to ensure that IPv6 doesn't leave any of the motivations to do NAT intact. i suggest that, for most of us, there are more useful and concrete major direct goals of ipv6 than anti-nat religion. to the extent that anti-NAT is a religion it is because NAT is a religion - in the sense that it is accepted without question as good and necessary. for folks who have already accepted NATs as gospel, the only kind of argument that will get their attention is a religious one. you have to start somewhere. folks who understand how NATs directly obstruct some of those 'useful and concrete major direct goals', can stop thinking of "anti-nat" as a religion and start thinking of a NAT-free network as a sub-goal. even so, those 'major and concrete direct goals' will differ from one person to another. my goal is to have an internet that is versatile enough to support a wide variety of applications - peer-to-peer and multi-peer applications in particular. others want to make money by producing a particular kind of product. many folks who have different 'major and concrete direct goals' might still have 'anti-nat' as a common sub-goal. blind acceptance of anti-NAT is no more desirable than blind acceptance of NAT. especially in this community, people need to *understand* the implications of each choice. Keith
Re: Relation email - person (re: Mail sent to midcom)
Vernon Schryver wrote: It's hard to know when a username is truely defunct. Depends on the corporation. At Netscape, we had an LDAP server that ruled everything: email, NT and NFS fileservers, phones, and key cards. When someone left the company, HR updated the LDAP server, and that username was gone *everywhere*. -- /==\ |John Stracke| http://www.ecal.com |My opinions are my own.| |Chief Scientist |=| |eCal Corp. |The plural of mongoose is polygoose. | |[EMAIL PROTECTED]| | \==/
Re: [midcom] WG scope/deliverables
i suggest that, for most of us, there are more useful and concrete major direct goals of ipv6 than anti-nat religion. to the extent that anti-NAT is a religion it is because NAT is a religion no, it's a market reality. we may not like it, but we'd be fools to deny it. randy
Re: [midcom] WG scope/deliverables
i suggest that, for most of us, there are more useful and concrete major direct goals of ipv6 than anti-nat religion. to the extent that anti-NAT is a religion it is because NAT is a religion no, it's a market reality. we may not like it, but we'd be fools to deny it. I agree that one would be a fool to deny that NATs exist and are widely deployed. Indeed, there would be no need for an anti-NAT effort if this were not the case - so the anti-NAT folks inherently accept this. But NATs are a religion even beyond the reality of present-day deployment. Indeed, it's the tendency of people to make the leap from "market reality" to "this is the way things should be" or "things cannot possibly be any different" that causes me the greatest concern. Such views, I submit, are a form of religion. Keith
Re: [midcom] WG scope/deliverables
Such views, I submit, are a form of religion. Religion is a belief in a power higher than oneself. NAT-mania is a form of mass delusion. Cheers, RGF Robert G. Ferrell, CISSP Who goeth without humor goeth unarmed.
Re: Relation email - person (re: Mail sent to midcom)
From: John Stracke [EMAIL PROTECTED] It's hard to know when a username is truely defunct. Depends on the corporation. At Netscape, we had an LDAP server that ruled everything: email, NT and NFS fileservers, phones, and key cards. When someone left the company, HR updated the LDAP server, and that username was gone *everywhere*. The use of LDAP or any other technical mechanism is an indicator and not a determinator of when a username is truly defunct, because the death of a username is the result of a non-technical decision. Recall the point concerns whether the the mapping of username-person is close well defined in the mathematical sense. If Netscape was as reluctant to re-issue usernames as most outfits, then it counts as one that had trouble knowing when a username was truly defunct, and so helped keep the (username,person) mapping well defined. I somehow doubt that Netscape's RCS or other source control archives were rewritten to remove the references to old usernames. I bet that I could list a dozen usernames that could never have been re-issued to engineers at Netscape. While those usernames might be turned off via LDAP, they probably could never be made truly defunct. (Never mind that I suspect Netscape had plenty of people who ran their own /etc/aliases and /etc/passwd files that were not disabled by any central LDAP servers. Judging from their private words to outsiders, some of those people were not exactly impressed or thrilled by the activities of the network administrators at Netscape.) Vernon Schryver[EMAIL PROTECTED]
Re: WG scope/deliverables
This is apparently the most recent one; http://weblog.mercurycenter.com/ejournal/2001/02/14 [...] In that world, every client -- that is, every PC and other device connected to the Net -- should also be a server. Lots of people are working on this, but a Menlo Park startup called KnowNow has figured out something that just might set off a new Net revolution. I didn't know this before today, but it turns out that a Web browser can hold open the connection to the server. Normally, a browser sends a request for information, which is delivered by the server. The connection ends. KnowNow holds the connection open. Then it adds some JavaScript and, voila, you have a mini-server inside the browser. You're not necessarily using lots of bandwidth, but you are pretending, in effect, that you're downloading a very, very long document while the browser keeps communicating with the server. I wonder how/if they deal with proxies, in terms of connection handling and identifying the client... On Wed, Feb 14, 2001 at 08:42:57PM -0800, Eliot Lear wrote: Dave, Technogeeks, perhaps. The vast majority of people on the Internet who are behind NATs most likely don't even know it. With all the discussion of Napster and so-called "peer to peer" networking, I think NATs are going to become far more visible to users as these applications grow in popularity. Today, you can use something like Gnutella if at least one party is not behind a NAT. -- Mark Nottingham, Research Scientist Akamai Technologies (San Mateo, CA)
Re: Announcement: new email reflector for IP over InfiniBand
Dan Cassiday - High End Server Systems wrote: This note is to announce a new IETF email reflector to discuss methods for running IP traffic over an InfiniBand fabric. A BOF on this subject has been proposed for the March IETF meeting. To join the reflector, send email to [EMAIL PROTECTED] with "Subscribe ipoverib" in the body of the message. InfiniBand is an emerging standard intended as an interconnect for processor and I/O systems and devices. It was developed by the InfiniBand Trade Association. Version 1.0 of the spec is available at http://www.infinibandta.org/ (click on Infiniband Specification Volume 1 2 graphic and select non-member free download) Would it be possible to modify this site so the spec is free and did NOT require 'registration'? Joe
Re: WG scope/deliverables
On Thu, 15 Feb 2001 09:19:03 PST, Mark Nottingham [EMAIL PROTECTED] said: KnowNow holds the connection open. Then it adds some JavaScript and, voila, you have a mini-server inside the browser. You're not necessarily using lots of bandwidth, but you are pretending, in Nothing new here that wasn't already available the instant browsers started supporting Java. And considering the contrasting security models of Java and Javascript, and the track records so far, this looks like a giant step backwards -- Valdis Kletnieks Operating Systems Analyst Virginia Tech PGP signature
RE: [midcom] WG scope/deliverables
i suggest that, for most of us, there are more useful and concrete major direct goals of ipv6 than anti-nat religion. And in fact, the anti-NAT religion hurts deployment of IPv6 because it is hard to get customers to throw away things they have already bought. I would also suggest that the rapidity at which NAT is being deployed for IPv4 suggests that we need to think about how to deploy IPv6 in an environment where IPv4 NATs are prevalent. Thus, it is unlikely that IPv6 will displace IPv4 NATs; tather it will augment them.
RE: [midcom] WG scope/deliverables
i suggest that, for most of us, there are more useful and concrete major direct goals of ipv6 than anti-nat religion. And in fact, the anti-NAT religion hurts deployment of IPv6 because it is hard to get customers to throw away things they have already bought. I would also suggest that the rapidity at which NAT is being deployed for IPv4 suggests that we need to think about how to deploy IPv6 in an environment where IPv4 NATs are prevalent. Thus, it is unlikely that IPv6 will displace IPv4 NATs; tather it will augment them. and, if we can make v6 very attractive (left as exercise to student) then its success may relieve some perceived need for nats. but there are far more useful goals to achieve by making it attractive and deployed. and we should focus on them, not the anti-nat obsession. [ unless, of course, we think that there is enough left of our foot to keep shooting at it. ] randy
Re: [midcom] WG scope/deliverables
You give a name to your house (say, "The Tulip") and the post office knows where The Tulip is. If you move, you can do the same at your new location, provided there is no conflict. This seems to be more similar to the I suspect it only works in rural areas - I recall walking past 27A Wimpole Street and humming the rain in spain. Back where I grew up, the village postmen not only deliver without numbers, but read the letters too for those who can't :) notion of using an IP number as a name -- but isn't this why we need DNS? ;-) Beg to differ - the reason we need the DNS is because its hierarchy mirrors instead of routing. If it (the hierarchy) did routing, it (the DNS) wouldn't be mirroring and that might change the loading/scalability issues with the DNS. -prasad
Re: [midcom] WG scope/deliverables
In message [EMAIL PROTECTED], Ed Gerck writes: Actually, in the UK you can do just what you wish ;-) You give a name to your house (say, "The Tulip") and the post office knows where The Tulip is. If you move, you can do the same at your new location, provided there is no conflict. This seems to be more similar to the notion of using an IP number as a name -- but isn't this why we need DNS? ;-) And if you move from London to Belfast, this will still work? Relevance left as an exercise for the student. --Steve Bellovin, http://www.research.att.com/~smb
Re: [midcom] WG scope/deliverables
Keith, At 10:44 PM 2/14/2001 -0500, Keith Moore wrote: If end users are required to modify configuration files, you will see NAT so they don't have to. not if the NATs cause more pain than modifying the config files. True. However, a company that produces a NAT that is more painful to use/operate than modifying config files will not likely be in business long. I presume that "technogeeks" includes networking professionals who can't make their B2B applications work reliably over NATs? Given the penetration of NAT, particularly in the business world, I suspect B2B applications that do not work with NAT will not exist too long. Rgds, -drc
Re: [midcom] WG scope/deliverables
Keith, At 10:44 PM 2/14/2001 -0500, Keith Moore wrote: If end users are required to modify configuration files, you will see NAT so they don't have to. not if the NATs cause more pain than modifying the config files. True. However, a company that produces a NAT that is more painful to use/operate than modifying config files will not likely be in business long. In many cases, NATs are already more painful than modifying config files... it's just that the pain associated with using NATs comes later. I presume that "technogeeks" includes networking professionals who can't make their B2B applications work reliably over NATs? Given the penetration of NAT, particularly in the business world, I suspect B2B applications that do not work with NAT will not exist too long. hence the desire to tunnel everything over HTTP, which produces its own pain. Keith
Nas SDP
hi all, can somebody help me in understanding the NAS SDP parameters using which i can report the failure of the Media Gateway to Media Gateway controller,explaining the reason for failure. Ravi Shankar Software Engineer Softswitch Engineering Group Rapid5 Networks [EMAIL PROTECTED] ph:972-692-2300 ext--2562
Re: [midcom] WG scope/deliverables
Given the penetration of NAT, particularly in the business world, I suspect B2B applications that do not work with NAT will not exist too long. from the little i have seen, because b2b usually wants authentication, authorization, and encryption, a lot of that stuff goes through gateways/ proxies/firewalls that seem to ship with nat turned on by default. often this is not needed sigh. randy
NAT natural example, Re: [midcom] WG scope/deliverables
"Steven M. Bellovin" wrote: In message [EMAIL PROTECTED], Ed Gerck writes: Actually, in the UK you can do just what you wish ;-) You give a name to your house (say, "The Tulip") and the post office knows where The Tulip is. If you move, you can do the same at your new location, provided there is no conflict. This seems to be more similar to the notion of using an IP number as a name -- but isn't this why we need DNS? ;-) And if you move from London to Belfast, this will still work? In the UK, as I said. I would think that other countries may have a similar system. Note that this is a natural example of NAT, in which the post office is doing the address translation to a local address that only that post office knows, but which is globally reachable through that post office. And the post office does so without changing the global addresses or the local addresses. I don't want to be philosophical about this, but IMO this example actually supports the view that NATs are naturally occuring solutions to provide for local flexibility without decreasing global connectivity. The Internet NAT is perhaps less an "invention" than a translation of an age old mechanism that we see everywhere. We use the same principle for nicknames in a school for example. IMO, it is thus artificial to try to block Internet NATs. Far better would be to define their interoperation with other network components that we also need to use, in each case. Cheers, Ed Gerck
Re: [midcom] WG scope/deliverables
anyway, what's the half-life of a piece of network equipment? 2-3 years? In the consumer space, it's probably the life of the customer's arrangement with the service provider. While turnover is high with dialup ISPs, it is presumably lower with xDSL and Cable modems. So I would be looking at more like 4-5 year lifetimes (roughly equal to a PC) without upgrading the NAT code load (which means that even if IPv6 native support were available, most customers would not do the upgrade). existing NATs are going to be discarded, or at least upgraded, within a short time anyway. I wish that were true -- but in the consumer space, people just aren't very interested in futzing with network equipment unless their provider tells them to. So it is more realistic to assume that equipment stays in place for a substantial period. NATs are more entrenched in people's minds than they are in reality. Today, NAT penetration among consumers isn't very high because networked multi-PC homes are relatively rare. However, as multiple device homes proliferate along with home networking, I would expect the majority of consumer PCs to be behind NATs by 2005. Unless we start thinking now about the minimal NAT functionality necessary to deploy IPv6, and get this into shipping NATs soon, we will face very substantial barriers to IPv6 adoption down the road. It's being worked on. Watch the I-D directory. I'm watching ;)
Re: NAT natural example, Re: [midcom] WG scope/deliverables
At 3:41 PM -0800 2/15/01, Ed Gerck wrote: "Steven M. Bellovin" wrote: You give a name to your house (say, "The Tulip") and the post office knows where The Tulip is. If you move, you can do the same at your new location, provided there is no conflict. ...Note that this is a natural example of NAT, in which the post office is doing the address translation to a local address that only that post office knows, but which is globally reachable through that post office. And the post office does so without changing the global addresses or the local addresses. They also do it without removing the original destination address and replacing it with another one -- the original envelope arrives at the house with the destination address still saying "The Tulip", i.e., it has not been translated, and thus is not analogous to NAT. If delivery is accomplished by having all the necessary the UK post offices and postpersons remember a routing from "The Tulip" to its current street address, then its IP analog is having the routers within a site maintain a host route for a specific IP address. If, on the other hand, only the UK-entry post office maintains the mapping and sticks the original envelope inside another envelope (or puts a yellow sticky note over the original address), addressed to The Tulip's current street address, then its IP analog is having the border router maintain a tunnel to an individual interior host, encapsulating the original packet with another header. A closer postal analog to the typical port-and-address-mapping NAT is a system in which postal envelopes only have room for a street address or a town name, but not both. If I send a letter to someone outside my town, the letter starts off with a return address of: Steve Deering 123 Main Street and the town's post office overwrites that return address, changing it to: Priscilla Presley San Jose, CA, USA and they remember for a while that they did that, so that if my correspondent decides to reply to that return address, the town post office knows who it should be delivered to. (They replaced my name because someone else named Steve Deering recently sent mail from another street address in my town, and the only way to keep the replies separate is to change the name that I will be [temporarily] known by in the outside world.) At some point, they discard the remembered mapping, to free up some names. Perhaps they do that based on a time-out, in which case the mapping may disappear before we are finished corresponding, and thus cause our communication to fail. Or maybe they open up our letters and look at the contents to try to identify the final letter of our correspondence, to guess when we might be done. Of course that latter approach doesn't help if they don't understand what language our letters are written in, so maybe they decide to limit us to only a small choice of languages, and just discard anything they don't understand. Furthermore, no one outside my town can initiate a correspondence with me, unless I work out some arrangement with the post office to get long term external use of someone's (preferably my own) name. Or else I have to go and get a town name for myself. I don't want to be philosophical about this, but IMO this example actually supports the view that NATs are naturally occuring solutions to provide for local flexibility without decreasing global connectivity. Since the example was not an example of a NAT, I don't think it supports any such view. However, I suppose a postal system like the one I described might "naturally occur" as a response to having envelopes that were no longer big enough to contain full addresses. But I think it much more likely that post offices and people would somehow arrange to just use bigger envelopes, rather than incurring all the extra complexity, cost, fragility, and loss of functionality of the translating approach, except as a temporary stop-gap. Unless, that is, we were talked out of it by folks claiming that changing the size of envelopes would be an impossibly large task, and that we're better off anyway with the translating system, because our personal names and street addresses can be kept secret within our town, and we can change the name of our town any time we like without bothering anybody in it. Steve
Re: NAT natural example, Re: [midcom] WG scope/deliverables
In message [EMAIL PROTECTED], Ed Gerck writes: "Steven M. Bellovin" wrote: In message [EMAIL PROTECTED], Ed Gerck writes: Actually, in the UK you can do just what you wish ;-) You give a name to your house (say, "The Tulip") and the post office knows where The Tulip is. If you move, you can do the same at your new location, provided there is no conflict. This seems to be more similar to the notion of using an IP number as a name -- but isn't this why we need DNS? ;-) And if you move from London to Belfast, this will still work? In the UK, as I said. I would think that other countries may have a similar system. Note that this is a natural example of NAT, in which the post office is doing the address translation to a local address that only that post office knows, but which is globally reachable through that post office. And the post office does so without changing the global addresses or the local addresses. Last I checked, Belfast was in the UK, though I realize that some folks wish it were not so. But you missed my point -- as you note above, the house name is known to "that post office". In other words, there is hierarchy in the routing algorithm; it's not globablly known, or even known throughout the UK. The same is true of the Internet, and it's why IP addresses aren't portable. I don't want to be philosophical about this, but IMO this example actually supports the view that NATs are naturally occuring solutions to provide for local flexibility without decreasing global connectivity. The Internet NAT is perhaps less an "invention" than a translation of an age old mechanism that we see everywhere. We use the same principle for nicknames in a school for example. IMO, it is thus artificial to try to block Internet NATs. Far better would be to define their interoperation with other network components that we also need to use, in each case. Block them? Not at all; I have no desire to do that. But we need to recognize that *with the current Internet architecture*, there are some inherent limitations. To use your analogy, suppose that senders sometimes wrote their house name on the letter enclosed in the envelope -- but they didn't include the post office name, so the recipient couldn't reply. Or imagine that the Post Office only kept track of house names when there was a recent outgoing letter. That's the reality of NAT today. Please pay careful attention to two things I did *not* say. I did *not* say that NATs were an irrational engineering choice in today's environment. In fact, they clearly are rational in some circumstances, despite their disadvantages. Second, I didn't say that one couldn't have designed an Internet architecture with nested addresses. Quite obviously, that could have been done. But it wasn't, and we have an Internet that likes single, fixed-length addresses. NATs are at best an ugly add-on in such a world. (My personal techo-religion preaches that *all* successful systems run out of address space, and that you're better off planning for it up front. I (among others) argued strongly for IPv6 addresses of 8, 16, 24, or 32 bytes, precisely to plan ahead. In fact, the penultimate design called for fixed-length, 8-byte addresses. The switch to 16 bytes was done to satisfy those of us who feared that that was not nearly enough.) --Steve Bellovin, http://www.research.att.com/~smb
Re: NAT natural example, Re: [midcom] WG scope/deliverables
Steve Deering wrote:
At 3:41 PM -0800 2/15/01, Ed Gerck wrote:
You give a name to your house (say, "The Tulip") and
the post office knows where The Tulip is. If you move,
you can do the same at your new location, provided
there is no conflict.
...Note that this is a natural example of NAT,
in which the post office is doing the address translation to a local
address that only that post office knows, but which is globally
reachable through that post office. And the post office does so
without changing the global addresses or the local addresses.
They also do it without removing the original destination address and
replacing it with another one -- the original envelope arrives at the
house with the destination address still saying "The Tulip", i.e., it
has not been translated, and thus is not analogous to NAT.
I think you got the example addresses reversed. In the case I mention,
"The Tulip" is the global address and (for the sake of example) suppose
now that "545 Abbey St." is the local physical address known to the post office.
Thus, when the mailman delivers an envelope addressed to "The Tulip" at
"545 Abbey St.", that mailman is doing address translation -- and he may
even have written "545 Abbey St." on the envelope as a reminder. So,
when the original envelope arrives at the destination address it did so not
because it had "The Tulip" written on it but because the post office was
able to do address translation to the *current* location which is "545 Abbey St."
If another location is assigned to "The Tulip" (for example, because the owner
Mr. Tulip moved), the post office will deliver the original envelope there and
not at "545 Abbey St."
Note that the local address which only the post office (and Mr. Tulip) knows is
"545 Abbey St." while the global address is "The Tulip".
In Internet NAT terms, "The Tulip" is the globally routable IP number for my DSL,
the post office is my NAT box and the physical address "545 Abbey St." is the
local, non-routable IP number of my host A. For my other hosts, I simply tell
the NAT box (post office) what is the local IP number that will receive the next
packet for "The Tulip" -- my single global name. If now you add a mailbox number to
"The Tulip" you have the same functionality of port translation as well, where
different local addresses (for private mail, for example) will correspond to different
"n" in "The Tulip, PO Box n".
In other words, this is a natural NAT example and clearly supports the view that
NATs are naturally occuring solutions to provide for local flexibility (Mr. Tulip
can change residence at will and can have more than one recipient for private mail)
without decreasing global connectivity ("The Tulip" is always responsive).
Cheers,
Ed Gerck
Re: NAT natural example, Re: [midcom] WG scope/deliverables
"Steven M. Bellovin" wrote: In message [EMAIL PROTECTED], Ed Gerck writes: "Steven M. Bellovin" wrote: In message [EMAIL PROTECTED], Ed Gerck writes: Actually, in the UK you can do just what you wish ;-) You give a name to your house (say, "The Tulip") and the post office knows where The Tulip is. If you move, you can do the same at your new location, provided there is no conflict. This seems to be more similar to the notion of using an IP number as a name -- but isn't this why we need DNS? ;-) And if you move from London to Belfast, this will still work? In the UK, as I said. I would think that other countries may have a similar system. Note that this is a natural example of NAT, in which the post office is doing the address translation to a local address that only that post office knows, but which is globally reachable through that post office. And the post office does so without changing the global addresses or the local addresses. Last I checked, Belfast was in the UK, though I realize that some folks wish it were not so. It will work in the UK was my reply. But you missed my point -- as you note above, the house name is known to "that post office". In other words, there is hierarchy in the routing algorithm; it's not globablly known, or even known throughout the UK. I disagreed with your point, not missed it. "The Tulip" together with *that* post office's postcode (for example CM22 6SX, which they assign on a geographical basis) is globally routable. Even from Belfast ;-) The same is true of the Internet, and it's why IP addresses aren't portable. IP addresses are not portable simply due to a design choice. If IP numbers were designed the way the UK designed their postal service long ago, then IP numbers would be portable indeed. IMO, it is thus artificial to try to block Internet NATs. Far better would be to define their interoperation with other network components that we also need to use, in each case. Block them? Not at all; I have no desire to do that. But we need to recognize that *with the current Internet architecture*, there are some inherent limitations. To use your analogy, suppose that senders sometimes wrote their house name on the letter enclosed in the envelope -- but they didn't include the post office name, so the recipient couldn't reply. I see that we are in agreement with my post office example. "The Tulip" together with the postal code (ie, the post office's "name") is globally routable. Or imagine that the Post Office only kept track of house names when there was a recent outgoing letter. These are security choices -- the time to live in a NAT could be unlimited, with fixed port numbers. The address:port numbers could also be pre-registered, before any message is sent. This is the current UK post-office model. Likewise, the UK post-office model could only kept track of house names when there was a recent outgoing letter, with "recent" defined by policy. That's the reality of NAT today. IMO, this is simply a security choice -- NATs could work with the current UK post-office model as well. But if the house owner only wants to allow the post office to kept track of his house's name when there was a recent outgoing letter, then who is going to say otherwise? After all, he may refuse to receive any letter and just send them One way or another, the house (network) owner is sovereign over his house (network). My network is my castle. Please pay careful attention to two things I did *not* say. I did *not* say that NATs were an irrational engineering choice in today's environment. In fact, they clearly are rational in some circumstances, despite their disadvantages. I would say characteristics, not disadvantages. An apple is a bad orange. Second, I didn't say that one couldn't have designed an Internet architecture with nested addresses. Quite obviously, that could have been done. In my view, this is already done. It works this way, although not engineered this way. The Internet has its own dynamics is the lesson I see in this. It routes around blocks ;-) But it wasn't, and we have an Internet that likes single, fixed-length addresses. NATs are at best an ugly add-on in such a world. An alternative view is that we have an Internet that likes so much to work with heterogeneous networks that it now supports NATs even though NATs were not originally designed into it. (My personal techo-religion preaches that *all* successful systems run out of address space ;-) agreed, but only systems with finitary address space. , and that you're better off planning for it up front. I (among others) argued strongly for IPv6 addresses of 8, 16, 24, or 32 bytes, precisely to plan ahead. In fact, the penultimate design called for fixed-length, 8-byte addresses. The switch to 16 bytes was done to satisfy those of us who feared that that was not nearly enough.) Going further with
Re: NAT natural example
Ed Gerck [EMAIL PROTECTED] wrote: Steve Deering wrote: At 3:41 PM -0800 2/15/01, Ed Gerck wrote: You give a name to your house (say, "The Tulip") and the post office knows where The Tulip is. If you move, you can do the same at your new location, provided there is no conflict. They also do it without removing the original destination address and replacing it with another one -- the original envelope arrives at the house with the destination address still saying "The Tulip", i.e., it has not been translated, and thus is not analogous to NAT. I think you got the example addresses reversed. In the case I mention, "The Tulip" is the global address and (for the sake of example) suppose now that "545 Abbey St." is the local physical address known to the post office. Thus, when the mailman delivers an envelope addressed to "The Tulip" at "545 Abbey St.", that mailman is doing address translation -- and he may even have written "545 Abbey St." on the envelope as a reminder. So, when the original envelope arrives at the destination address it did so not because it had "The Tulip" written on it but because the post office was able to do address translation to the *current* location which is "545 Abbey St." That still doesn't sound like NAT. A complete address which specifies your town and house name, is global, and has a one to one mapping with your house. Your house can both initiate communication and receive communication initiated by others, at that address, and no other house uses that address. No rewriting of envelopes is done, and no disruption of the "end to end" nature of addressing is involved. The fact that your address actually has to be silently translated to another address by the post office, at the local hop only, and *invisibly* from you and your correspondents, makes this a natural example of protocol layers, not of address translation. It's as if "1234 Foo Street" is your MAC address, and "Tulip, BarBurgh, Scotland" is your IP address. The local post office, and *only* the local post office, needs to keep a mapping between street addresses and house names, for their town (aka segment or LAN). You only know your own street address and your own house name. And you never (need) use your street name in any communication, only in communication management (i.e. telling the postal system that you've moved). Layering most certainly *does* occur naturally in communication. That's why the best tutorials that try to explain protocol stacks and layers to non-technical people, usually make analogies to things like postal mail, or to bosses who communicate via secretaries who can freely change between fax or mail without changing the content of the messages exchanged by their bosses. NAT, as far as I can tell, is pretty much always a kludge, whether it's natural or not. It doesn't make people happy unless obscurity and reduced communication is what they're explicitly seeking. -- Cos (Ofer Inbar) -- [EMAIL PROTECTED] [EMAIL PROTECTED] -- Exodus Professional Services -- http://www.exodus.net/ "OSI is a beautiful dream, and TCP/IP is living it!" -- Einar Stefferud [EMAIL PROTECTED], IETF mailing list, 12 May 1992
IPv6 / NAT
Well the message I got earlier was the IPv6 will not fix the NAT problem - true or not true? I assume with IPv6 there is no need for NATs. Who thinks they will still be around - humm maybe if the ISP charge a fortune for 4 IP addresses vs 1 IP address (IPv6 or IPv4). I think what we need is the ability to provide for NAT like functionality in a logical / theoretical sense in the IPv6 namespace, but without the "physical action of translation". I.e., we need a logical construct that resides on IPv6 global space that is mobile. Why would you want this? What problem is there to solve? It was raised by a very sharp person a little while back on this list, specifically the ability to switch providers without consequences. We need a logical / functional mapping or construct on top of IPv6 that allows a company to "move it's entire self around" in the IPv6 namespace. What immediately comes to mind, is that IPv6 should have some kind of "relative addressing" capability, where a company can build a network on the relative space, but move it at a whim if they switch providers, or for any other purpose. My point / the difference in this suggestion from NATs is that it should be logical and defined on IPv6 requiring no actual translation. In summary, IPv6 should support absolute addressing as well as relative addressing, and even indexed addressing as primitive IPv6 operations. Kyle Lussier www.AutoNOC.com
Re: NAT natural example, Re: [midcom] WG scope/deliverables
Steve Deering wrote:
At 6:21 PM -0800 2/15/01, Ed Gerck wrote:
...
In Internet NAT terms, "The Tulip" is the globally routable IP number for
my DSL, the post office is my NAT box and the physical address
"545 Abbey St." is the local, non-routable IP number of my host A.
That would be analogous to having "The Tulip, UK" be the address of
a post office, with all houses served by that post office sharing
the same global address of "The Tulip, UK". That indeed is like a
NAT, but is not the same as the original example.
To be precise and still with the original example, the analogy is that
"The Tulip, CMZ 62N, UK " is the full global address (which was described
in the context of my email as "The Tulip" at that post office).
The full designation "The Tulip, CMZ 62N, UK" is thus similar to a globally
routable address (Internet IP) that is available at the post office
"CMZ 62N, UK" (NAT box) and which may at times correspond
to a house at "545 Abbey St" (host A) or to a house at "636 North Av"
(host B), which mapping that post office knows at each time and uses
to direct correspondence to the proper house without revealing to the
outside world what that local address might be -- ie, either "545 Abbey St."
(host A) or "636 North Av" (host B), or any other.
All houses served by that post office share "CMZ 62N, UK" while the house
name is similar to a port number in NAT (different for each house being served).
Note also that my NAT analogy only dealt with receiving mail, not sending mail.
Mr. Tulip may send mail any way he wishes, with a global return address as
"The Tulip, UK", with a local address as "545 Abbey St", with a fake return
address or even with no return address.
Let me now address your objection that "A host behind a NAT, on the other hand,
doesn't know its own global address and, in most cases, doesn't even have a
global address (or one port's share of a global address), except temporarily as a
side-effect of sending a packet to the outside world". We may agree that
we are dealing here with two different processes -- sending information and
receiving information. An UK post office was presented as a NAT analogy
for receiving information, not to send information. In receiving information,
Mr. X (a host behind the NAT) does not need to know how the house
he just moved in is named at the post office -- and, nonetheless, he will get
any letters addressed to "The Tulip, CMZ 62N, UK" if that is the house's name at
the post office "CMZ 62N, UK". The temporary property of the global address is
also present in the UK post office example for receiving information -- just that
the time scale may be hundreds of years, not milliseconds.
Your other objection was that "In the case of NAT, on the other hand,
the destination address used across the public part of the Internet is no longer
present in the packet finally delivered to the destination host -- it has been
been replaced by (i.e., translated to) a different address". My reply is
that this does not occur in NATs if the destination address is also included
in the packet payload, which is the case here -- the envelope is part of
the message's payload in the post office case. Pls see also my last comment,
below.
In other words, this is a natural NAT example...
The original example, of a single house with the global address of
"The Tulip, UK" is a naturally occurring example of something like ARP
or something like tunneling, not something like NAT.
I agree that you can define many different analogies, from that example. But,
as above, if you consider the way that information is received then a NAT box
is IMO one valid analogy for reception because it satisfies the functionality
observed in a NAT box when receiving packets. Yes, the UK post office does
not erase the global address on the envelope but a NAT will also keep that
information in the translated packet if it is in the packet's payload (which
is the case for the letter's envelope), and without any impact in its functionality
as a NAT.
The distinction is betweeen doing a mapping/encapsulation and doing an
address substitution. NATs are all about doing address substitution; the
post office does mapping/encapsulation to deliver to The Tulip.
At the post office routing level, letters that enter a common input bin are moved to
different output bins at the post office. The common input bin is a globally
routable address such as "The Tulip, CMZ 62N, UK", "The Raven, CMZ 62N, UK",
etc. -- where the only part that is globally meaningful is "CMZ 62N, UK". Each
output bin corresponds to a local address mapped from the local qualifier
"The Tulip", "The Raven", etc. Each output bin, however, has no marking for
any local qualifier ("The Tulip"), just for a local address ("545 Abbey St").
Thus, there is no encapsulation at the post office routing level -- anyone
looking just at the bin "545 Abbey St" could not tell which local qualifier
was used for the letters inside the
Re: [midcom] WG scope/deliverables
Eric, Odd. Every time I renumbered some site (hq.af.mil and sundry other sites sharing similar characteristics), there was neither a NAT prior to, nor subsequent to, the renumbering. If they are already using NAT, it is most likely they wouldn't need your services to renumber, no? Rgds, -drc
Re: [midcom] WG scope/deliverables
Noel, At 01:20 AM 2/15/2001 -0500, J. Noel Chiappa wrote: Why do I have to change street addresses just because I moved? A very good reason your name is separate from your address. Good thing you didn't choose telephone numbers in your rant, huh? In any event, my point (in case you missed it before getting wound up for your rant) was that people find renumbering hard will choose not to renumber given the choice. NAT provides them a choice, like it or not (I personally don't care -- I see NAT as a tool with advantages and disadvantages like any other tool). As long as IPv6 has only one namespace to say *who* you are, as well as *where* you are, your address will change when you change providers. Yes. It astonishes me how many people have been unable to grasp this and assume that magic happens when you go from 32 bits to 128 bits. As the old hackers say, "That's not a bug, that's a feature." The bug is that who and where are not separated, but I suspect you won't argue with that. Rgds, -drc
