The final /8 policy proposals, part 2

older
Complaint: Overly complicated when...

Milton L Mueller

5 Jul 2009 5 Jul '09

6:04 p.m.

-----Original Message-----

I think it is important to think about new companies. They will very probably require some IPv4 address space during the transition from IPv4 to IPv6. I think the whole community will be in a lot of trouble if we make a policy that makes it impossible for new entrants to participate in a dual-stack world.

A legitimate concern. But: 1. address transfers might make it possible for them to acquire v4 addresses 2. by "new companies" do you mean "companies with no prior allocations" or literally just "new companies." The two categories overlap but are not the same. If you create a category of [new/no prior assignments] companies and the address shortage becomes severe, can you foresee ways of gaming that definition to acquire privileged access to addresses? e.g., can an incumbent ISP create a wholly-owned subsidiary (which might in fact be a legitimate "new entrant" into a market by some economically-relevant definitions) and qualify as a "new company"?

Show replies by date

Marco Hogewoning

6 Jul 6 Jul

5:46 p.m.

On Jul 5, 2009, at 6:04 PM, Milton L Mueller wrote:

...

...
-----Original Message-----

I think it is important to think about new companies. They will very probably require some IPv4 address space during the transition from IPv4 to IPv6. I think the whole community will be in a lot of trouble if we make a policy that makes it impossible for new entrants to participate in a dual-stack world.

A legitimate concern. But:

1. address transfers might make it possible for them to acquire v4 addresses

Transfers from whom ? The /24 they are going to get for 1,000,000,000,000,000 dollar from an "old company" ? MarcoH

Milton L Mueller

6:26 p.m.

Any evidence that v4 addresses in /24 quantity have traded for such sums? Milton Mueller Professor, Syracuse University School of Information Studies XS4All Professor, Delft University of Technology ------------------------------ Internet Governance Project: http://internetgovernance.org

...

-----Original Message----- From: Marco Hogewoning [mailto:marcoh@marcoh.net] Sent: Monday, July 06, 2009 11:47 AM To: Milton L Mueller Cc: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2

On Jul 5, 2009, at 6:04 PM, Milton L Mueller wrote:

...
...
-----Original Message-----

I think it is important to think about new companies. They

will very

...
...
probably require some IPv4 address space during the transition from IPv4 to IPv6. I think the whole community will be in a lot of trouble if we make a policy that makes it impossible for new entrants to participate in a dual-stack world.

A legitimate concern. But:

1. address transfers might make it possible for them to acquire v4 addresses

Transfers from whom ? The /24 they are going to get for 1,000,000,000,000,000 dollar from an "old company" ?

MarcoH

Marco Hogewoning

7:54 p.m.

Hi Milton, Rhetorical question ? Haven't got a clue on what current prises are for /24 on the black market. But we all know that not any amount of money will create more addresses as we currently have, so why not 1,000,000,000,000,000 dollar. Whould Rembrandt have realized "Portrait of a Lady Aged 62" would ever be sold for almost 20 million pounds, when he faced her to make a first draft ? Grtx, Marco On Jul 6, 2009, at 6:26 PM, Milton L Mueller wrote:

...

Any evidence that v4 addresses in /24 quantity have traded for such sums?

Milton Mueller Professor, Syracuse University School of Information Studies XS4All Professor, Delft University of Technology ------------------------------ Internet Governance Project: http://internetgovernance.org

...
-----Original Message----- From: Marco Hogewoning [mailto:marcoh@marcoh.net] Sent: Monday, July 06, 2009 11:47 AM To: Milton L Mueller Cc: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2

On Jul 5, 2009, at 6:04 PM, Milton L Mueller wrote:

...
...
-----Original Message-----

I think it is important to think about new companies. They

will very

...
...
probably require some IPv4 address space during the transition from IPv4 to IPv6. I think the whole community will be in a lot of trouble if we make a policy that makes it impossible for new entrants to participate in a dual-stack world.

A legitimate concern. But:

1. address transfers might make it possible for them to acquire v4 addresses

Transfers from whom ? The /24 they are going to get for 1,000,000,000,000,000 dollar from an "old company" ?

MarcoH

MarcoH

David Conrad

8:14 p.m.

Marco, On Jul 6, 2009, at 10:54 AM, Marco Hogewoning wrote:

...

Haven't got a clue on what current prises are for /24 on the black market.

I've seen prices ranging from US $<hundreds> to US $<low thousands>, but that was some time ago.

...

But we all know that not any amount of money will create more addresses as we currently have, so why not 1,000,000,000,000,000 dollar.

It isn't about creating more addresses. It is about using the existing addresses more efficiently. Given the widespread availability of NAT, how many addresses does the average organization actually need? Two (one for their NAT gateway, one for their publicly available services)? Particularly if they have a financial incentive to use address space more efficiently? Regards, -drc

Marco Hogewoning

8:20 p.m.

On Jul 6, 2009, at 8:14 PM, David Conrad wrote:

...

Marco,

On Jul 6, 2009, at 10:54 AM, Marco Hogewoning wrote:

...
Haven't got a clue on what current prises are for /24 on the black market.

I've seen prices ranging from US $<hundreds> to US $<low thousands>, but that was some time ago.

...
But we all know that not any amount of money will create more addresses as we currently have, so why not 1,000,000,000,000,000 dollar.

It isn't about creating more addresses. It is about using the existing addresses more efficiently. Given the widespread availability of NAT, how many addresses does the average organization actually need? Two (one for their NAT gateway, one for their publicly available services)? Particularly if they have a financial incentive to use address space more efficiently?

Being more efficient is only the start. In the end is 7 billion people vs less then 4 billion addresses. Rhere simply ain't a way around it, face it and deploy IPv6 or somewhere somebody will pay these prices (or more likely start a war). MarcoH

Stream Service || Mark Scholten

8:34 p.m.

Also note that it is very well possible that there will be business takeovers just for the IP addresses in the future. That is not really unlikely with these prices (as soon as it is cheaper to buy a company than to buy their address space someone will buy the company probably). Greets, Mark -----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of Marco Hogewoning Sent: maandag 6 juli 2009 20:20 To: David Conrad Cc: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2 On Jul 6, 2009, at 8:14 PM, David Conrad wrote:

...

Marco,

On Jul 6, 2009, at 10:54 AM, Marco Hogewoning wrote:

...
Haven't got a clue on what current prises are for /24 on the black market.

I've seen prices ranging from US $<hundreds> to US $<low thousands>, but that was some time ago.

...
But we all know that not any amount of money will create more addresses as we currently have, so why not 1,000,000,000,000,000 dollar.

It isn't about creating more addresses. It is about using the existing addresses more efficiently. Given the widespread availability of NAT, how many addresses does the average organization actually need? Two (one for their NAT gateway, one for their publicly available services)? Particularly if they have a financial incentive to use address space more efficiently?

David Conrad

9:28 p.m.

Marco, On Jul 6, 2009, at 11:20 AM, Marco Hogewoning wrote:

...

Being more efficient is only the start. In the end is 7 billion people vs less then 4 billion addresses.

Two answers: - Number of people is mostly irrelevant. How many addresses does someone who doesn't have electricity or a telephone need? - An IPv4 market is likely a temporary situation until IPv6 is deployed.

...

Rhere simply ain't a way around it, face it and deploy IPv6 or somewhere somebody will pay these prices (or more likely start a war).

Deploying IPv6 is not free. Which costs less, buying IPv4 address space (black market or no) or deploying IPv6? Which brings more benefit given the state of the IPv6 Internet? Regards, -drc

Masataka Ohta

11:35 p.m.

David Conrad wrote:

...

...
But we all know that not any amount of money will create more addresses as we currently have, so why not 1,000,000,000,000,000 dollar.

...

It isn't about creating more addresses. It is about using the existing addresses more efficiently. Given the widespread availability of NAT, how many addresses does the average organization actually need? Two (one for their NAT gateway, one for their publicly available services)? Particularly if they have a financial incentive to use address space more efficiently?

Assuming NAT financially mandated for new comers, it is not fair not to assume (or mandate) NAT for people currently requesting addresses. So, we should reduce allocated address block size a lot well before we start using the final /8. For example, if NAT reduces address requirement 1/256, an ISP having 65536 customers should be allocated just /24 or maybe /25 but not /16. If we do so now, IPv4 addresses will last almost forever, especially if we start allocating class E in the future before the final /8 (among classes A, B and C) is exhausted. Population does count, though very roughly. That is, though 4 billion may not be enough for requests from 7 billion people, 4 billion should be enough if the number of request is reduced 1/256. Masataka Ohta

Randy Bush

7 Jul 7 Jul

12:41 a.m.

...

Transfers from whom ? The /24 they are going to get for 1,000,000,000,000,000 dollar from an "old company" ?

is this the arin list, which is all about fantasy, black helicopters, and bullshit? randy

Nick Hilliard

12:53 a.m.

On 06/07/2009 23:41, Randy Bush wrote:

...

is this the arin list, which is all about fantasy, black helicopters, and bullshit?

No, this is the european list and we're all frightfully sensible over here. Not a single black helicopter in sight. Must be something they put in the water. I ought to inject content at this point, but the topic is perilously close to a committee discussion on potential future deck-chair arrangements. So, instead I'd like to give a "me too" to Peter Koch's contribution: On 05/07/2009 17:56, Peter Koch wrote:

...

before diving into these or before selecting different options, shouldn't the overall goals of, say, "fairness" and "sustainability" be broken down into a tangible set of criteria against which the solutions could be evaluated? This would also ease the assessment of potential subversion tactics.

We have already asked the important question "what are we trying to do?", to which "find a fair solution for doling out the last /8". As Peter and others have suggested, we cannot hope to find this "fairness" ideal unless we have a yardstick with which to measure it. Nick

Jeffrey A. Williams

4:34 a.m.

Nick and all, Good final point Nick! So as I ask two days ago now, how is the reclamation effort going for all those IPv4's that are allocated but not used or likely to be use by those they were allocated to? Nick Hilliard wrote:

...

On 06/07/2009 23:41, Randy Bush wrote:

...
is this the arin list, which is all about fantasy, black helicopters, and bullshit?

No, this is the european list and we're all frightfully sensible over here. Not a single black helicopter in sight. Must be something they put in the water.

I ought to inject content at this point, but the topic is perilously close to a committee discussion on potential future deck-chair arrangements. So, instead I'd like to give a "me too" to Peter Koch's contribution:

On 05/07/2009 17:56, Peter Koch wrote:

...
before diving into these or before selecting different options, shouldn't the overall goals of, say, "fairness" and "sustainability" be broken down into a tangible set of criteria against which the solutions could be evaluated? This would also ease the assessment of potential subversion tactics.

We have already asked the important question "what are we trying to do?", to which "find a fair solution for doling out the last /8".

As Peter and others have suggested, we cannot hope to find this "fairness" ideal unless we have a yardstick with which to measure it.

Nick

Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

Gert Doering

8 Jul 8 Jul

10:37 a.m.

Hi, On Mon, Jul 06, 2009 at 07:34:29PM -0700, Jeffrey A. Williams wrote:

...

Good final point Nick! So as I ask two days ago now, how is the reclamation effort going for all those IPv4's that are allocated but not used or likely to be use by those they were allocated to?

Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8, and *this* discussion is only covering the rules for the last /8. If you want to discuss reclamation efforts and policies, please open a new thread with a new subject. Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 128645 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

Masataka Ohta

3:46 p.m.

Gert Doering wrote:

...

Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8,

Why? Assuming reduction of address space consumption by mandating NAT, I can't understand how the last /8 could be reached before IPv4 will be replaced by something not likely to be IPv6. Could you elaborate?

...

and *this* discussion is only covering the rules for the last /8.

I don't think it off topic to discuss whether there will be the last /8 or not. It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8. Masataka Ohta

Remco van Mook

4:11 p.m.

(cut down on the CC list) Dear Masataka, Would you please enlighten us by sharing how this scheme would work I¹m intrigued. Given the current rate of consumption I don¹t see how we could possibly not hit the last /8. If you think the single act of mandating NAT will make the rate of IPv4 consumption stop on a dime it would have happened long ago and at the same time would not change the non-technical aspects of the problem at all. Regardless of how exactly you do it, adding NAT (or any other form of complexity) inevitably adds cost. LIRs on the whole are strongly cost-driven, especially in the current financial climate; investing in more kit than strictly required is a no-sell business case. Just using up more IPv4 is cheaper in the short run than any other alternative, so it will be the preferred way for a lot of people. Can we please have the discussion about what to do with the last /8 at the risk of not ever needing the bit of policy that comes out of it? The least thing it does is showing the outside world that we, as a community, care. Best, Remco On 08-07-09 15:46, "Masataka Ohta" <mohta@necom830.hpcl.titech.ac.jp> wrote:

...

Gert Doering wrote:

...
...
Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8,

Why?

Assuming reduction of address space consumption by mandating NAT, I can't understand how the last /8 could be reached before IPv4 will be replaced by something not likely to be IPv6.

Could you elaborate?

...
...
and *this* discussion is only covering the rules for the last /8.

I don't think it off topic to discuss whether there will be the last /8 or not.

It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8.

Masataka Ohta

This email is from Equinix Europe Limited or one of its associated/subsidiary companies. This email, and any files transmitted with it, contains information which is confidential, may be legally privileged and is solely for the use of the intended recipient. If you have received this email in error, please notify the sender and delete this email immediately. Equinix Europe Limited. Registered Office: Quadrant House, Floor 6, 17 Thomas More Street, Thomas More Square, London E1W 1YW. Registered in England and Wales No. 6293383.

Masataka Ohta

4:47 p.m.

Remco van Mook wrote: Note that inappropriate characters in my environment is automatically converted to question marks.

...

Dear Masataka,

Would you please enlighten us by sharing how this scheme would work ?

I'm saying the scheme should work.

...

I?m intrigued. Given the current rate of consumption I don?t see how we could possibly not hit the last /8. If you think the single act of mandating NAT will make the rate of IPv4 consumption stop on a dime it would have happened long ago and at the same time would not change the non-technical aspects of the problem at all.

The current rate is the rate without NAT mandated. With mandated NAT, ISPs have difficulty to authorize their address requests unless the amount of the requests reduced by NAT. If NAT is mandated before the final /8 (among classes A, B and C), we have much time to support unicast class E, which further delay the final /8.

...

Regardless of how exactly you do it, adding NAT (or any other form of complexity) inevitably adds cost. LIRs on the whole are strongly cost-driven, especially in the current financial climate; investing in more kit than strictly required is a no-sell business case.

Considering the so much delayed deployment of IPv6, when we start allocating the final /8, addition of NAT is inevitable, especially because buying already allocated space will cost a lot. Moreover, adding IPv6 costs a lot more than adding NAT, even when IPv6 is not popular and used by few customers, which is partly why IPv6 is not and will not be deployed very quickly.

...

Just using up more IPv4 is cheaper in the short run than any other alternative, so it will be the preferred way for a lot of people.

And, it is not fair for those people requesting IPv4 in the future.

...

Can we please have the discussion about what to do with the last /8 at the risk of not ever needing the bit of policy that comes out of it?

The best thing we can do with the last /8 is to prevent the occurrence of it. Masataka Ohta

Gert Doering

10:53 p.m.

Hi, On Wed, Jul 08, 2009 at 10:46:36PM +0900, Masataka Ohta wrote:

...

Gert Doering wrote:

...
Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8,

Why?

Assuming reduction of address space consumption by mandating NAT, I can't understand how the last /8 could be reached before IPv4 will be replaced by something not likely to be IPv6.

Could you elaborate?

There is no mandate to use NAT in the RIPE region (and I think that this is a good thing, as NAT might be useful, but overall it takes away freedom from the Internet users, and this shouldn't be forced on anybody). If the RIPE community wants to force NAT on people, well, they can of course change the policy. But in the policy as it is now, there is nothing that can force NAT on anybody. Given this, and given the growth of Internet in less-developed regions, yes, it is very likely that we'll reach the last /8. And soon.

...

...
and *this* discussion is only covering the rules for the last /8.

I don't think it off topic to discuss whether there will be the last /8 or not.

By decree of the WG chair it is off-topic *in this discussion thread*. It is not off-topic on the list per se, but to keep some semblance of structure, *this* thread needs to focus on a very specific question.

...

It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8.

Yes. But this specific discussion thread is about a very specific aspect of the proposal. Since we have different last-/8-Proposals on the table, we're trying to merge them into a common proposal, which you can then be opposed to. But please do this in a new discussion thread with a new Subject: line. Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 128645 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

Jeffrey A. Williams

11:31 p.m.

Gert and all, Nice bit of deflection/pigionholing I must say. But yes the subject line is with finding a consensus policy, however that consensus if such exists, is measured, for determining what is now questionably perceived to be the last /8. So far I prefer Leo's earlier suggestions as such at least provides for the possibility of some future recovery of unused IPv4 addresses in a round about way. Gert Doering wrote:

...

Hi,

On Wed, Jul 08, 2009 at 10:46:36PM +0900, Masataka Ohta wrote:

...
Gert Doering wrote:

...
Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8,

Why?

Assuming reduction of address space consumption by mandating NAT, I can't understand how the last /8 could be reached before IPv4 will be replaced by something not likely to be IPv6.

Could you elaborate?

There is no mandate to use NAT in the RIPE region (and I think that this is a good thing, as NAT might be useful, but overall it takes away freedom from the Internet users, and this shouldn't be forced on anybody).

If the RIPE community wants to force NAT on people, well, they can of course change the policy. But in the policy as it is now, there is nothing that can force NAT on anybody. Given this, and given the growth of Internet in less-developed regions, yes, it is very likely that we'll reach the last /8. And soon.

...
...
and *this* discussion is only covering the rules for the last /8.

I don't think it off topic to discuss whether there will be the last /8 or not.

By decree of the WG chair it is off-topic *in this discussion thread*.

It is not off-topic on the list per se, but to keep some semblance of structure, *this* thread needs to focus on a very specific question.

...
It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8.

Yes. But this specific discussion thread is about a very specific aspect of the proposal. Since we have different last-/8-Proposals on the table, we're trying to merge them into a common proposal, which you can then be opposed to.

But please do this in a new discussion thread with a new Subject: line.

Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 128645

SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

------------------------------------------------------------------------ Part 1.2Type: application/pgp-signature

Masataka Ohta

9 Jul 9 Jul

12:39 a.m.

Gert Doering wrote:

...

...
...
Even with reclamation efforts, eventually we will reach the last /8,

Assuming your point above is on topic, I don't think so.

...

There is no mandate to use NAT in the RIPE region (and I think that this is a good thing, as NAT might be useful, but overall it takes away freedom from the Internet users, and this shouldn't be forced on anybody).

OK. I'll come back later after finishing a proposal of "end to end NAT", which has end to end transparency to be able to support ftp port command, SCTP, IPsec, DNS reverse look up, multicast, mobility and so on.

...

If the RIPE community wants to force NAT on people, well, they can of course change the policy.

As DRC wrote: : It isn't about creating more addresses. It is about using the existing : addresses more efficiently. Given the widespread availability of NAT, : how many addresses does the average organization actually need? Two : (one for their NAT gateway, one for their publicly available : services)? Particularly if they have a financial incentive to : use address space more efficiently? I think use of NAT in the future is inevitable and want fairness between policies today and in the future. Masataka Ohta

Jeffrey A. Williams

3:51 a.m.

Masataka sama and all, I agree that NAT's are inevitable and are also a means by which the more efficient use of IP addresses can ( should? ) be realized. Masataka Ohta wrote:

...

Gert Doering wrote:

...
...
...
Even with reclamation efforts, eventually we will reach the last /8,

Assuming your point above is on topic, I don't think so.

...
There is no mandate to use NAT in the RIPE region (and I think that this is a good thing, as NAT might be useful, but overall it takes away freedom from the Internet users, and this shouldn't be forced on anybody).

OK.

I'll come back later after finishing a proposal of "end to end NAT", which has end to end transparency to be able to support ftp port command, SCTP, IPsec, DNS reverse look up, multicast, mobility and so on.

...
If the RIPE community wants to force NAT on people, well, they can of course change the policy.

As DRC wrote:

: It isn't about creating more addresses. It is about using the existing : addresses more efficiently. Given the widespread availability of NAT, : how many addresses does the average organization actually need? Two : (one for their NAT gateway, one for their publicly available : services)? Particularly if they have a financial incentive to : use address space more efficiently?

I think use of NAT in the future is inevitable and want fairness between policies today and in the future.

Masataka Ohta

Masataka Ohta

16 Jul 16 Jul

3:46 p.m.

New subject: Mandating NAT toward the final /8

Masataka Ohta wrote:

...

Gert Doering wrote:

...
There is no mandate to use NAT in the RIPE region (and I think that this is a good thing, as NAT might be useful, but overall it takes away freedom from the Internet users, and this shouldn't be forced on anybody).

...

I'll come back later after finishing a proposal of "end to end NAT", which has end to end transparency to be able to support ftp port command, SCTP, IPsec, DNS reverse look up, multicast, mobility and so on.

I have written an Internet Draft to explain end to end NAT. http://tools.ietf.org/html/draft-ohta-e2e-nat-00 You can see the only reason to deploy IPv6 to keep the freedom of end to end transparency is now non-exsitent. So, to keep IPv4 until we are ready with something much better than IPv6, why not mandate some form of NAT, legacy, end to end or whatever. Masataka Ohta PS First thing we should do is to make initial PA allocation /24 and reduce the number of IP addresses allocated to an end user by 1/256 or so.

Garry Glendown

4:16 p.m.

New subject: Mandating NAT toward the final /8

Masataka Ohta wrote:

...

I have written an Internet Draft to explain end to end NAT. http://tools.ietf.org/html/draft-ohta-e2e-nat-00

You can see the only reason to deploy IPv6 to keep the freedom of end to end transparency is now non-exsitent.

So, to keep IPv4 until we are ready with something much better than IPv6, why not mandate some form of NAT, legacy, end to end or whatever.

Masataka Ohta

PS

First thing we should do is to make initial PA allocation /24 and reduce the number of IP addresses allocated to an end user by 1/256 or so.

Please say you don't really mean this and it's just a joke you're playing on the Internet community ... NAT has been a kludge from the beginning, and now you try to "fix" the low availability of IPv6-capable hardware (which is finally starting to pick up a bit) by implementing yet another, even worse kludge? And what's that, "ready with something much better than IPv6"? Heck, it took much too long for working v6-equipement already, with even large vendors not having implemented it completely and reliably ... you mean to tell folks now to flush 10+ years of work down the drain, just because you have the "miracle cure" against (temporary) IPv4 shortage, and we now have another 10-20 years until we _REALLY_ run out of IPs? (please check on the time it usually takes standards committees to pass something like a new protocol, e.g. how long it took to get IPv6 standardized ...) Also, I don't see where your E2E really fixes reachability issues that current NAT has. Sure, it may fix the multiple-port problems of current NAT (which is already fixed by decent firewalls) Apart from that, your draft requires changes in both the gateways AND the applications --- do you honestly believe that _that_ can be implemented decently before IPv4 exhaustion? But maybe I'm just too stupid to see the genius behind your proposal ... -garry

Gert Doering

4:17 p.m.

New subject: Mandating NAT toward the final /8

Hi, On Thu, Jul 16, 2009 at 10:46:15PM +0900, Masataka Ohta wrote:

...

...
I'll come back later after finishing a proposal of "end to end NAT", which has end to end transparency to be able to support ftp port command, SCTP, IPsec, DNS reverse look up, multicast, mobility and so on.

I have written an Internet Draft to explain end to end NAT.

http://tools.ietf.org/html/draft-ohta-e2e-nat-00

You can see the only reason to deploy IPv6 to keep the freedom of end to end transparency is now non-exsitent.

Given that all currently available operating systems fully support IPv6, and none of them support the modifications necessary to "help the NAT gateway", I can't see how this would be a step forward. But this is far out of scope for RIPE APWG anyway - if there is consensus in the IETF that *this* is the way forward, then it's time for us to amend policies for this. Right now, it's a personal draft and one personal opionion. regard, Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 128645 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

Florian Weimer

4:26 p.m.

New subject: Mandating NAT toward the final /8

* Gert Doering:

...

Given that all currently available operating systems fully support IPv6,

Nit: "Full support" is neither generally available nor necessary. IPv6 support levels are typically sufficient, although usually not RFC-conforming (just like IPv4, where we've learnt not to enable certain protocol features).

...

and none of them support the modifications necessary to "help the NAT gateway", I can't see how this would be a step forward.

But this is far out of scope for RIPE APWG anyway

Is it? RIPE could promote 6to4 adoption (similary to what is done for ENUM). Perhaps it's more of a topic for the IPv6 WG, but I don't think this is IETF or ICANN material. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Gert Doering

5:02 p.m.

New subject: Mandating NAT toward the final /8

Hi, On Thu, Jul 16, 2009 at 02:26:32PM +0000, Florian Weimer wrote:

...

...
and none of them support the modifications necessary to "help the NAT gateway", I can't see how this would be a step forward.

But this is far out of scope for RIPE APWG anyway

Is it?

Yes.

...

RIPE could promote 6to4 adoption (similary to what is done for ENUM). Perhaps it's more of a topic for the IPv6 WG, but I don't think this is IETF or ICANN material.

This is a technical draft. RIPE hands out IP addresses according to need, and "need" is somewhat defined in the framework of IETF technology. As long as there is no IETF consensus on this sort of NAT (and implementations are widely available!), it makes no sense for policy to be adapted to it. (It's *especially* off-topic for the IPv6 WG, as this is purely about "not using IPv6 but sticking with IPv4 NAT for ever"). Maybe you misread the draft document? Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 128645 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

Randy Bush

17 Jul 17 Jul

1:04 a.m.

New subject: Mandating NAT toward the final /8

...

...
Given that all currently available operating systems fully support IPv6, Nit: "Full support" is neither generally available nor necessary. IPv6 support levels are typically sufficient

you're kidding, right? randy

Florian Weimer

10:06 a.m.

New subject: Mandating NAT toward the final /8

* Randy Bush:

...

...
...
Given that all currently available operating systems fully support IPv6, Nit: "Full support" is neither generally available nor necessary. IPv6 support levels are typically sufficient

you're kidding, right?

The joke is in RFC 4294 (sections 4.5.4 and 8 in particular). "Full support" of IPv6 requires conformance to RFC 4294, but some of its requirements are quite ridiculous, so real-world implementations typically chose saner defaults. Obviously, I think this is a good thing, but the result is a system which doesn't fully support IPv6 as specified. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Masataka Ohta

10:38 a.m.

New subject: Mandating NAT toward the final /8

Florian Weimer wrote:

...

The joke is in RFC 4294 (sections 4.5.4 and 8 in particular).

My favorite joke of IPv6 is in RFC4443: (e) An ICMPv6 error message MUST NOT be originated as a result of receiving the following: (e.3) A packet destined to an IPv6 multicast address. (There are two exceptions to this rule: (1) the Packet Too Big Message (Section 3.2) to allow Path MTU discovery to work for IPv6 multicast, and (2) the Parameter Problem Message, Code 2 You can send a 1500B packet with a forged source address of DDoS target to a multicast group with huge number of receivers using PPPoE at their last hops. As for feedback, I warned IPv6 WG about the problem, twice. Some sane people will completely disable and filter out "Packet Too Big Message"s including those against unicast packets. And there should be other jokes not all of which is recognized by operators. Masataka Ohta

Randy Bush

7:48 p.m.

New subject: Mandating NAT toward the final /8

...

...
...
...
Given that all currently available operating systems fully support IPv6, Nit: "Full support" is neither generally available nor necessary. IPv6 support levels are typically sufficient you're kidding, right? The joke is in RFC 4294 (sections 4.5.4 and 8 in particular).

no. the joke is macosx, winxp, ... the normal human being plugging them into an ipv6 network is not gonna get usable connectivity. randy

Masataka Ohta

16 Jul 16 Jul

4:59 p.m.

New subject: Mandating NAT toward the final /8

Gert Doering wrote:

...

...
http://tools.ietf.org/html/draft-ohta-e2e-nat-00

You can see the only reason to deploy IPv6 to keep the freedom of end to end transparency is now non-exsitent.

...

Given that all currently available operating systems fully support IPv6,

The reality is that there is no one with meaningful operational experience of IPv6. Worse, people trying to deploy IPv6 are now recommending to use NAT between 4 and 6. So, our choise is to operate 4 and NAT or to operate 4, 6 and NAT

...

and none of them support the modifications necessary to "help the NAT gateway", I can't see how this would be a step forward.

Read the draft. It is implemented and working on NETBSD5.0.

...

But this is far out of scope for RIPE APWG anyway - if there is consensus in the IETF that *this* is the way forward, then it's time for us to amend policies for this. Right now, it's a personal draft and one personal opionion.

In my previous mail, I wrote: why not mandate some form of NAT, legacy, end to end or whatever. So, though end to end NAT give you freedom, which was your reason for IPv6, you may use other forms of NAT some of which has been deployed for more than 10 years. Masataka Ohta

Gert Doering

5:08 p.m.

New subject: Mandating NAT toward the final /8

Hi, On Thu, Jul 16, 2009 at 11:59:02PM +0900, Masataka Ohta wrote:

...

Gert Doering wrote:

...
...
http://tools.ietf.org/html/draft-ohta-e2e-nat-00

You can see the only reason to deploy IPv6 to keep the freedom of end to end transparency is now non-exsitent.

...
Given that all currently available operating systems fully support IPv6,

The reality is that there is no one with meaningful operational experience of IPv6.

This assumption is completely unfounded, and quite obviously wrong (I know at least one counter-example). [..]

...

...
and none of them support the modifications necessary to "help the NAT gateway", I can't see how this would be a step forward. Read the draft. It is implemented and working on NETBSD5.0.

It's not committed - and even if it was, the amount of NetBSD machines out there is not relevant for home user deployments, where IPv4 shortage hits first. Come back when Microsoft has implemented this, and it's operational relevant enough that it's time to start discussing its impact on address policy. Gert Doering -- APWG chair -- Total number of prefixes smaller than registry allocations: 128645 SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279

Masataka Ohta

5:50 p.m.

New subject: Mandating NAT toward the final /8

Gert Doering wrote:

...

...
The reality is that there is no one with meaningful operational experience of IPv6.

...

This assumption is completely unfounded, and quite obviously wrong (I know at least one counter-example).

The foundation is that there is no IPv6 network with meaningful scale. So, there can be no meaningful operational experience gained.

...

...
...
and none of them support the modifications necessary to "help the NAT gateway", I can't see how this would be a step forward.

...

...
Read the draft. It is implemented and working on NETBSD5.0.

...

It's not committed - and even if it was, the amount of NetBSD machines out there is not relevant for home user deployments, where IPv4 shortage hits first. Come back when Microsoft has implemented this, and it's

As for windows, DLL replacement should be more than enough for which Microsoft involvement is not necessary (and is not likely for XP :-)

...

operational relevant enough that it's time to start discussing its impact on address policy.

Then, given the current operational status of IPv6, it's not yet time to start discussing IPv6 impact on IPv4 address policy. So, we must keep using IPv4 and accept NAT, legacy, end to end or whatever. Note again that I am talking about on address policy with NAT in general, including but not limited to end to end one. FYI, the following ID is one of the latest attempt to deploy IPv6: Prefix NAT: Host based IPv6 translation http://tools.ietf.org/html/draft-huang-pnat-host-ipv6-00 which is a lot more complex and a lot less transparent than end to end NAT and requires 4, 6 and NAT. Interestingly enough, as you can see from the title, it requires host software upgrade too. Do you like it? Or, can you show some realistic operational transition plan to IPv6? Masataka Ohta PS I have no intention to standardize end to end NAT in IETF only to waste yet another 10 years.

Sascha Lenz

6 p.m.

New subject: Mandating NAT toward the final /8

Hi, Masataka Ohta schrieb: [...not quoting the meaningless stuff for a reason...] waering all my hats as private internet citizen, network operator for my own network, network architect for a non-commerial organisation supporting new technologies, LIR, ISP, and IT Consultant for big to large customers, i hearby state that i ... a) have operational IPv6 networks for 6 years now b) don't like NAT c) don't need NAT d) don't use NAT e) don't sell NAT if not a requirement by a customer f) don't see a reason to conserve IPv4 space g) don't see a reason not to migrate to IPv6 h) don't see a reason to handle the last IPv4 /8 any different and add more complexity policy-wise here i) don't support any more complex NAT setup than we already have in the wild now j) ..get bored by this now and stop here even though i might come up with more points ...just my 0.02EUR [yes i know, this is a destructive, polemic statement, but it fits the tone of the original suggestion somehow...] -- ======================================================================== = Sascha Lenz SLZ-RIPE slz@baycix.de = = Network Design & Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ========================================================================

Masataka Ohta

8:51 p.m.

New subject: Mandating NAT toward the final /8

Sascha Lenz wrote:

...

waering all my hats as private internet citizen, network operator for my own network, network architect for a non-commerial organisation supporting new technologies, LIR, ISP, and IT Consultant for big to large customers, i hearby state that i ...

To be a good internet citizen, you should read Saltzer's paper on end to end argument.

...

a) have operational IPv6 networks for 6 years now

How many end users do you have?

...

b) don't like NAT

I don't like legacy NAT too because it is not complete nor correct. A direct consequence of the end to end argument is: NAT can completely and correctly be implemented only with the knowledge and help of the end hosts behind a NAT gateway. which is not the case with legacy NAT.

...

f) don't see a reason to conserve IPv4 space g) don't see a reason not to migrate to IPv6

The problem, here, is that there is no path to migrate to IPv6. Or, do you still believe dual stack approach work?

...

i) don't support any more complex NAT setup than we already have in the wild now

Fully agreed. Keep It Simple, Stupid. How do you think about proposals from people desperately working to deploy IPv6 to have complex and stateful NAT between 4 and 6? Masataka Ohta

Sander Steffann

10:20 p.m.

New subject: Mandating NAT toward the final /8

Hello Masataka, The document you sent to this list is only a draft. The chances of getting end to end NAT globally deployed before the IPv4 address space runs out are very close to zero, as it needs changes in hosts and gateways. Also remember that we make policy for all uses of IP addresses, not just end user networks that have/get/need a limited amount of public addresses. These policies also apply to datacenters where servers are hosted. There are many examples where you can not put those servers behind a NAT box. Mandating NAT in the way you have stated in your messages is therefore not possible. We are not going to change address policy in the whole RIPE region because of a draft document that only covers a part of what addresses are used for. For some people/companies this might be a very interesting subject, but please end this discussion on the address policy mailing list. Thank you, Sander Steffann APWG co-chair

Masataka Ohta

17 Jul 17 Jul

12:56 a.m.

New subject: Mandating NAT toward the final /8

Sander Steffann wrote:

...

Hello Masataka,

Hello. To summarize the discussion, my points are: IPv6 will not be deployed soon NAT is inevitable NAT can be harmless and I have seen no counter argument for the first two points.

...

The document you sent to this list is only a draft.

For IPv6 deployment, there are abandoned RFCs, which means being an RFC does not mean anything, and new drafts with NAT are coming, some of which needs changes in hosts.

...

The chances of getting end to end NAT globally deployed before the IPv4 address space runs out are very close to zero,

That's not my proposal, I just say "Mandating NAT", including legacy NAT, though those who want to make NAT end to end transparent may use end to end NAT or similar technologies. I heard that UPnP is supporting transparent TCP (only TCP), which seems to be, as transparent as end to end NAT, of course with host modifications. Instead, your statement mean

...

The chances of getting IPv6 globally deployed before the IPv4 address space runs out are very close to zero,

or, considering technical quality of IPv6 specification, exactly zero, which means we must use IPv4 NAT. My proposal gives a way to make NAT harmless.

...

Also remember that we make policy for all uses of IP addresses, not just end user networks that have/get/need a limited amount of public addresses. These policies also apply to datacenters where servers are hosted. There are many examples where you can not put those servers behind a NAT box. Mandating NAT in the way you have stated in your messages is therefore not possible.

What's the rational for data centers not to reduce amount of IP address consumption by not accepting virtual servers when IPv4 address is becoming scares and IPv6 is not ready?

...

We are not going to change address policy in the whole RIPE region because of a draft document that only covers a part of what addresses are used for.

See above on the consequence of your reasoning that IPv6 will not be deployed soon and NAT is inevitable, which, so far, has nothing to do with my draft. Masataka Ohta

Sander Steffann

1:09 a.m.

New subject: Mandating NAT toward the final /8

Hello Masataka,

...

What's the rational for data centers not to reduce amount of IP address consumption by not accepting virtual servers when IPv4 address is becoming scares and IPv6 is not ready?

That is not reality. NAT can't be used in all situations and IPv6 is being deployed by both small companies and large ISPs. And we are certainly not going to forbid things like the usage of virtual servers. Again: Please stop this discussion. Sander

Masataka Ohta

4:38 a.m.

New subject: Mandating NAT toward the final /8

Sander Steffann wrote:

...

And we are certainly not going to forbid things like the usage of virtual servers.

I'm rather encouraging, or even trying to mandate, the use of virtual servers to share an address and a port by many entities. Masataka Ohta

TJ

5:02 a.m.

New subject: Mandating NAT toward the final /8

"IPv6 will not be deployed soon" Brusque manner aside, I would be curious to know how you define "deployed". Is it alive, in production networks today? Yes. Are there _many_ organizations moving towards that goal? Yes. Obviously, it is not as widely deployed as IPv4 - but why should a current failing of our industry as a whole (getting IPv6 more available, sooner) encourage the yet-more-widespread use of a previous failing (loss of addresses as meaningful, unique identifiers)? Is some form of NAT going to be required - probably yes, but that is an unfortunate side-effect of the "current failing" I mentioned ... rather than being a noble goal unto itself. (For what it is worth - I have no problem with the idea of bringing some form of end-to-end'edness into NAT - whatever the mechanism, as long as it can be readily supported and doesn't pose any overwhelming security concerns of its own. I do, however, have a problem with it being forced down a network's throat. You imply that you have seen counter-arguments to "NAT can be harmless" - care to share?) /TJ

...

-----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg- admin@ripe.net] On Behalf Of Masataka Ohta Sent: Thursday, July 16, 2009 6:56 PM To: Sander Steffann Cc: Sascha Lenz; address-policy-wg@ripe.net Subject: Re: [address-policy-wg] Mandating NAT toward the final /8

Sander Steffann wrote:

...
Hello Masataka,

Hello. To summarize the discussion, my points are:

IPv6 will not be deployed soon

NAT is inevitable

NAT can be harmless

and I have seen no counter argument for the first two points.

...
The document you sent to this list is only a draft.

For IPv6 deployment, there are abandoned RFCs, which means being an RFC does not mean anything, and new drafts with NAT are coming, some of which needs changes in hosts.

...
The chances of getting end to end NAT globally deployed before the IPv4 address space runs out are very close to zero,

That's not my proposal, I just say "Mandating NAT", including legacy NAT, though those who want to make NAT end to end transparent may use end to end NAT or similar technologies.

I heard that UPnP is supporting transparent TCP (only TCP), which seems to be, as transparent as end to end NAT, of course with host modifications.

Instead, your statement mean

...
The chances of getting IPv6 globally deployed before the IPv4 address space runs out are very close to zero,

or, considering technical quality of IPv6 specification, exactly zero, which means we must use IPv4 NAT.

My proposal gives a way to make NAT harmless.

...
Also remember that we make policy for all uses of IP addresses, not just end user networks that have/get/need a limited amount of public addresses. These policies also apply to datacenters where servers are hosted. There are many examples where you can not put those servers behind a NAT box. Mandating NAT in the way you have stated in your messages is therefore not possible.

What's the rational for data centers not to reduce amount of IP address consumption by not accepting virtual servers when IPv4 address is becoming scares and IPv6 is not ready?

...
We are not going to change address policy in the whole RIPE region because of a draft document that only covers a part of what addresses are used for.

See above on the consequence of your reasoning that IPv6 will not be deployed soon and NAT is inevitable, which, so far, has nothing to do with my draft.

Masataka Ohta

Masataka Ohta

5:51 a.m.

New subject: Mandating NAT toward the final /8

TJ wrote:

...

"IPv6 will not be deployed soon"

Brusque manner aside, I would be curious to know how you define "deployed". Is it alive, in production networks today? Yes. Are there _many_ organizations moving towards that goal? Yes.

A problem is that the answers have been "Yes." for these 10 years.

...

encourage the yet-more-widespread use of a previous failing (loss of addresses as meaningful, unique identifiers)?

Problem of NAT is not there. Remembering a raw IPv4 address and a port number is human, while remembering a raw IPv6 address is divine, which may be the true reason why IPv6 is not really deployed at all. :-) Masataka Ohta

Randy Bush

1:19 a.m.

New subject: Mandating NAT toward the final /8

...

c) don't need NAT

given o ipv6 is address incompatible on the wire with ipv4 o during the transition, if it happens, we want to keep one internet, how do you do this with out 4/6 nats? randy

Sascha Lenz

10:12 a.m.

New subject: Mandating NAT toward the final /8

Hi Randy, Randy Bush schrieb:

...

...
c) don't need NAT

given o ipv6 is address incompatible on the wire with ipv4 o during the transition, if it happens, we want to keep one internet,

how do you do this with out 4/6 nats?

i'm sorry, as i tried to point out at the bottom of my the original response, this whole rant wasn't really meant 100% serious. Of course i'm aware that such things as 6to4 etc. might be called "NAT" too and might be needed indeed :-) It's just not the point of this thread, don't want to complicate it now. I think the more important thing is to show that there is little to no support for his specific approach (i hope). I just summed up some of my own point of views and exagerrated a little as a stylistic device. -- ======================================================================== = Sascha Lenz SLZ-RIPE slz@baycix.de = = Network Design & Operations = = BayCIX GmbH, Landshut * PGP public Key on demand * = ========================================================================

Masataka Ohta

10:49 a.m.

New subject: Mandating NAT toward the final /8

Sascha Lenz wrote:

...

...
...
c) don't need NAT

...

Of course i'm aware that such things as 6to4 etc. might be called "NAT" too and might be needed indeed :-) It's just not the point of this thread, don't want to complicate it now.

I'm afraid it's you who wrote:

...

...
...
b) don't like NAT c) don't need NAT d) don't use NAT

...

I think the more important thing is to show that there is little to no support for his specific approach (i hope).

My apprach is to accept NAT, including legacy ones. Note that, as is described in the ID, end to end NAT can and will be upper compatible to legacy NAT with ISP and user opt-in. If both GW and an end host deploy end to end NAT, the host can enjoy full end to end transparency. Otherwise, the host is as if it is behind legacy NAT. Masataka Ohta

Randy Bush

1:09 a.m.

New subject: Mandating NAT toward the final /8

ohta-san,

...

http://tools.ietf.org/html/draft-ohta-e2e-nat-00

while i find the draft interesting, i fear it is a bit glib. some comments from folk in our research community: to quote

...

For dynamic E2ENAT, a NAT gateway and end hosts must somehow communicate, details of which is not discussed in this memo.

i.e. "magic happens here"

...

NAT gateways may be nested. That is, a public interface of an internal NAT gateway may be connected to a private network of an external NAT gateway. Port numbers allocated by the external NAT gateway to the internal NAT gateway will be further divided"

this is e2e? randy

Masataka Ohta

4:22 a.m.

New subject: Mandating NAT toward the final /8

Randy Bush wrote: Hi, I'm told you are doing similar thing and start reading A+P.

...

while i find the draft interesting, i fear it is a bit glib. some comments from folk in our research community:

...

to quote

Thank you very much.

...

...
For dynamic E2ENAT, a NAT gateway and end hosts must somehow communicate, details of which is not discussed in this memo.

...

i.e. "magic happens here"

I haven't specified the protocol yet, merely because we have not yet implemented dynamic E2ENAT. Static E2ENAT is enough for ISPs, thus, RIPE. But, the scenario will be as follows: 1) An end host receives GW's (private?) address and (UDP?) port number to be used for dynamic NAT maybe with a supported version numbers through DHCP, PPP, UPnP etc. if there are multiple GWs, all the addresses and the port numbers are given 2) The end host (from in_pcb.c) request a port to GW The request may be retried several times after exponential time out (0.1, 0.2, 0.4, 0.8 and 1.6 second with random perturbation?) Three way handshaking may be used here to prevent DoS with a private network. If there are multiple GWs, the end host get a port number from a GW and try to reserve it with other GWs. If it fails, new port number will be tried. 3) The end host periodically (every 5 seconds with small negative random perturbasion?) send GW update messages of set of port numbers being active (even if there is no packet currently flowing on the active port) 4) GW will cancel port assignment if no update is received for a long time (30 seconds?) 5) GW recover from crash listen for update messages before starting operation port assignment may contain cookie to secure update messages Where is the magic? Note that: Depending on how port numbers are shared, there are static and dynamic E2ENAT or combinations of them. That is, an end host requiring a static port will use static E2ENAT, while the host may use dynamic E2ENAT for other purposes.

...

...
NAT gateways may be nested. That is, a public interface of an internal NAT gateway may be connected to a private network of an external NAT gateway. Port numbers allocated by the external NAT gateway to the internal NAT gateway will be further divided"

...

this is e2e?

Yes. End hosts behind an inner GW still use the shared public address. A destination address of a packet to the shared public address will be translated as follows: 1) At the source, the shared public address 2) On outer GW, a private address of outer private network assigned to the inner GW 3) Upon entry to inner GW, the shared public address 4) Before exiting from inner GW, a private address of inner private network assigned to an end host. 5) On the end host, the shared public address Steps 3) and 4) may be merged for optimization. Note that outgoing packets are not translated, because they already have source address of the shared public address. Masataka Ohta PS For detailed discussions on E2ENAT, a mailing list is provided: e2enat-en at mobile-broadband.org To join, send e2enat-en-ctl at mobile-broadband.org subscribe Your-Last-Name Your-First-Name Or, redirect me to some other mailing list.

trejrco＠gmail.com

9 Jul 9 Jul

1:23 a.m.

"It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8." Really? IMHO these are two very different conversations - one is an "if", the other is a "when". In a case like this - as long as it is possible, it is worth being prepared for ... (And prolonging IPv4 will probably just delay its successor (IPv6 or not) even longer, meaning we would still have a last /8 discussion - just later on ... And that is assuming such a delaying-policy was even feasible/successful) FWLIW - I also disagree WRT IPv6 not being the successor to IPv4, but that is _also_ a separate conversation ... /TJ Sent from my Verizon Wireless BlackBerry -----Original Message----- From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp> Date: Wed, 08 Jul 2009 22:46:36 To: Gert Doering<gert@space.net> Cc: Jeffrey A. Williams<jwkckid1@ix.netcom.com>; Nick Hilliard<nick@inex.ie>; Randy Bush<randy@psg.com>; Marco Hogewoning<marcoh@marcoh.net>; Milton L Mueller<mueller@syr.edu>; address-policy-wg@ripe.net<address-policy-wg@ripe.net> Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2 Gert Doering wrote:

...

Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8,

...

and *this* discussion is only covering the rules for the last /8.

I don't think it off topic to discuss whether there will be the last /8 or not. It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8. Masataka Ohta

Jeffrey A. Williams

3:55 a.m.

TJ and all, I disagree that IPv6 will be/is/should be the only successor to IPv4. trejrco@gmail.com wrote:

...

"It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8."

Really? IMHO these are two very different conversations - one is an "if", the other is a "when". In a case like this - as long as it is possible, it is worth being prepared for ...

(And prolonging IPv4 will probably just delay its successor (IPv6 or not) even longer, meaning we would still have a last /8 discussion - just later on ... And that is assuming such a delaying-policy was even feasible/successful)

FWLIW - I also disagree WRT IPv6 not being the successor to IPv4, but that is _also_ a separate conversation ...

/TJ

Sent from my Verizon Wireless BlackBerry

-----Original Message----- From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

Date: Wed, 08 Jul 2009 22:46:36 To: Gert Doering<gert@space.net> Cc: Jeffrey A. Williams<jwkckid1@ix.netcom.com>; Nick Hilliard<nick@inex.ie>; Randy Bush<randy@psg.com>; Marco Hogewoning<marcoh@marcoh.net>; Milton L Mueller<mueller@syr.edu>; address-policy-wg@ripe.net<address-policy-wg@ripe.net> Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2

Gert Doering wrote:

...
Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8,

Why?

Assuming reduction of address space consumption by mandating NAT, I can't understand how the last /8 could be reached before IPv4 will be replaced by something not likely to be IPv6.

Could you elaborate?

...
and *this* discussion is only covering the rules for the last /8.

I don't think it off topic to discuss whether there will be the last /8 or not.

It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8.

Masataka Ohta

TJ

4:21 a.m.

New subject: The final /8 policy proposals, part 2 ... veering onto a different (but realted topic) ...

...

-----Original Message----- From: Jeffrey A. Williams [mailto:jwkckid1@ix.netcom.com] Sent: Wednesday, July 08, 2009 9:56 PM To: trejrco@gmail.com Cc: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2

TJ and all,

I disagree that IPv6 will be/is/should be the only successor to IPv4.

trejrco@gmail.com wrote:

...
"It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8."

Really? IMHO these are two very different conversations - one is an "if", the other is a "when". In a case like this - as long as it is possible, it is worth being prepared for ...

(And prolonging IPv4 will probably just delay its successor (IPv6 or not) even longer, meaning we would still have a last /8 discussion - just later on ... And that is assuming such a delaying-policy was even feasible/successful)

FWLIW - I also disagree WRT IPv6 not being the successor to IPv4, but

...

_also_ a separate conversation ...

...
/TJ

Sent from my Verizon Wireless BlackBerry

-----Original Message----- From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

Date: Wed, 08 Jul 2009 22:46:36 To: Gert Doering<gert@space.net> Cc: Jeffrey A. Williams<jwkckid1@ix.netcom.com>; Nick Hilliard<nick@inex.ie>; Randy Bush<randy@psg.com>; Marco Hogewoning<marcoh@marcoh.net>; Milton L Mueller<mueller@syr.edu>; address-policy-wg@ripe.net<address-policy-wg@ripe.net> Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2

Gert Doering wrote:

...
Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8,

Why?

Assuming reduction of address space consumption by mandating NAT, I can't understand how the last /8 could be reached before IPv4 will be replaced by something not likely to be IPv6.

Could you elaborate?

...
and *this* discussion is only covering the rules for the last /8.

I don't think it off topic to discuss whether there will be the last /8 or not.

It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8.

Masataka Ohta

Regards,

Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama

"Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;

Well, to be fair - while I _do_ believe IPv6 is the best available /feasible answer - I never said it was the only possible (part of the) answer. (IMHO - IPv6 addresses (pun intended) one of the primary problems IPv4 is facing, and provides several other areas of advancement ... so why wouldn't it be the successor to IPv4? (Above and beyond those, it has been deployed in the real world and proven to work - and is being actively (if not quite aggressively) deployed by many others)) /TJ that is liability

...

depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827

Jeffrey A. Williams

5:38 a.m.

New subject: The final /8 policy proposals, part 2 ... veering onto a different (but realted topic) ...

TJ and all, I assume that there will be one or likely more than one successor ti IPv4 naturally. My previous point in part was that there is/will/should/ or could be more than one. My understanding was that there was or is only one. Such is/may not be true. My other implied point was that IPv4 is likely to be around for some time to come regardless of any replacement and that perhaps some reclamation is still in order so that there is not only a final /8. That is all... TJ wrote:

...

Well, to be fair - while I _do_ believe IPv6 is the best available /feasible answer - I never said it was the only possible (part of the) answer.

(IMHO - IPv6 addresses (pun intended) one of the primary problems IPv4 is facing, and provides several other areas of advancement ... so why wouldn't it be the successor to IPv4? (Above and beyond those, it has been deployed in the real world and proven to work - and is being actively (if not quite aggressively) deployed by many others))

/TJ

...
-----Original Message----- From: Jeffrey A. Williams [mailto:jwkckid1@ix.netcom.com] Sent: Wednesday, July 08, 2009 9:56 PM To: trejrco@gmail.com Cc: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2

TJ and all,

I disagree that IPv6 will be/is/should be the only successor to IPv4.

trejrco@gmail.com wrote:

...
"It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8."

Really? IMHO these are two very different conversations - one is an "if", the other is a "when". In a case like this - as long as it is possible, it is worth being prepared for ...

(And prolonging IPv4 will probably just delay its successor (IPv6 or not) even longer, meaning we would still have a last /8 discussion - just later on ... And that is assuming such a delaying-policy was even feasible/successful)

FWLIW - I also disagree WRT IPv6 not being the successor to IPv4, but that is _also_ a separate conversation ...

/TJ

Sent from my Verizon Wireless BlackBerry

-----Original Message----- From: Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>

Date: Wed, 08 Jul 2009 22:46:36 To: Gert Doering<gert@space.net> Cc: Jeffrey A. Williams<jwkckid1@ix.netcom.com>; Nick Hilliard<nick@inex.ie>; Randy Bush<randy@psg.com>; Marco Hogewoning<marcoh@marcoh.net>; Milton L Mueller<mueller@syr.edu>; address-policy-wg@ripe.net<address-policy-wg@ripe.net> Subject: Re: [address-policy-wg] The final /8 policy proposals, part 2

Gert Doering wrote:

...
Please stick to the topic of *this* discussion. Even with reclamation efforts, eventually we will reach the last /8,

Why?

Assuming reduction of address space consumption by mandating NAT, I can't understand how the last /8 could be reached before IPv4 will be replaced by something not likely to be IPv6.

Could you elaborate?

...
and *this* discussion is only covering the rules for the last /8.

I don't think it off topic to discuss whether there will be the last /8 or not.

It is a fair counter argument against a policy proposal on the last /8 to say there won't be the last /8.

Masataka Ohta

Marcus Stoegbauer

10:42 a.m.

Jeffrey A. Williams wrote:

...

TJ and all,

I disagree that IPv6 will be/is/should be the only successor to IPv4.

I disagree with you disagreeing, and I'm doing it while sitting on a pony wearing a helmet. That being said, IPv6 is not the point of the discussion in this thread where the topic is "How shall we proceed with the final /8", so could you please open a new thread for philosophic discussions on the state of the internets? Thanks a lot, Marcus -- man-da.de GmbH, AS8365 Phone: +49 6151 16-6956 Petersenstr. 30 Fax: +49 6151 16-3050 D-64287 Darmstadt e-mail: ms@man-da.de Geschäftsführer Marcus Stögbauer AG Darmstadt, HRB 94 84

Marco Hogewoning

7 Jul 7 Jul

1:10 a.m.

On Jul 7, 2009, at 12:41 AM, Randy Bush wrote:

...

...
Transfers from whom ? The /24 they are going to get for 1,000,000,000,000,000 dollar from an "old company" ?

is this the arin list, which is all about fantasy, black helicopters, and bullshit?

Let me be more clear. I personally don't think address transfers will save the world, sharing is difficult for most people, let alone if the resource in question is getting more and more scarce. Maybe it's just me, but transfers with or without money will probably not meet any of the fairness requirements we might come up with and I do think for the sake of it all we might want to try and keep it a level playing field as long as we can to prevent the worst case scenario of a netsplit. MarcoH

Scott Leibrand

1:18 a.m.

Marco Hogewoning wrote:

...

Let me be more clear. I personally don't think address transfers will save the world, sharing is difficult for most people, let alone if the resource in question is getting more and more scarce.

Maybe it's just me, but transfers with or without money will probably not meet any of the fairness requirements we might come up with and I do think for the sake of it all we might want to try and keep it a level playing field as long as we can to prevent the worst case scenario of a netsplit.

What do you think the important fairness requirements are? Is it sufficient to make sure that every network with IPv6 PI space can also get a small IPv4 PI block with which to talk to the IPv4 Internet? If so, I think that's pretty straightforward: reserve a /9 or /10 and give out a maximum of /22 or so, one block per multihomed org. Or do you think we need to attempt to make larger blocks available on some sort of justified need basis? If so, how do you propose to ration the space to meet your fairness requirements? -Scott

Marco Hogewoning

2:12 a.m.

On Jul 7, 2009, at 1:18 AM, Scott Leibrand wrote:

...

Marco Hogewoning wrote:

...
Let me be more clear. I personally don't think address transfers will save the world, sharing is difficult for most people, let alone if the resource in question is getting more and more scarce.

Maybe it's just me, but transfers with or without money will probably not meet any of the fairness requirements we might come up with and I do think for the sake of it all we might want to try and keep it a level playing field as long as we can to prevent the worst case scenario of a netsplit.

What do you think the important fairness requirements are?

Is it sufficient to make sure that every network with IPv6 PI space can also get a small IPv4 PI block with which to talk to the IPv4 Internet? If so, I think that's pretty straightforward: reserve a / 9 or /10 and give out a maximum of /22 or so, one block per multihomed org.

Or do you think we need to attempt to make larger blocks available on some sort of justified need basis? If so, how do you propose to ration the space to meet your fairness requirements?

I'm thinking about the first option. Give any applicant who can justify the need a small specific block to maintain enough infrastrcture to be reachable from "the other side", think about nameservers, MX hosts and such. Given the potientially huge numbers I don't think we can cater for an access infrastructure, for those you have to go NAT and deploy IPv6. MarcoH

Randy Bush

1:33 a.m.

...

...
...
Transfers from whom ? The /24 they are going to get for 1,000,000,000,000,000 dollar from an "old company" ? is this the arin list ...

...

Let me be more clear. I personally don't think address transfers will save the world, sharing is difficult for most people, let alone if the resource in question is getting more and more scarce.

i doubt many people think transfers will save the ipv4 internet, let alone the world. imiho, they are a small thing that can be done to make dealing with the self-inflited disaster a bit more flexible. and making them easy and open will improve the quality of our registration data.

...

Maybe it's just me, but transfers with or without money will probably not meet any of the fairness requirements we might come up with and I do think for the sake of it all we might want to try and keep it a level playing field as long as we can to prevent the worst case scenario of a netsplit.

perhaps it is my bad memory, but i have not heard anyone say that transfer will be particularly fair. i believe the proposals under discussion are meant to address that. i was particularly objection to your hyperbole on the likely price of a /24. randy

Marco Hogewoning

2:08 a.m.

On Jul 7, 2009, at 1:33 AM, Randy Bush wrote:

...

...
...
...
Transfers from whom ? The /24 they are going to get for 1,000,000,000,000,000 dollar from an "old company" ? is this the arin list ...

...
Let me be more clear. I personally don't think address transfers will save the world, sharing is difficult for most people, let alone if the resource in question is getting more and more scarce.

i doubt many people think transfers will save the ipv4 internet, let alone the world. imiho, they are a small thing that can be done to make dealing with the self-inflited disaster a bit more flexible. and making them easy and open will improve the quality of our registration data.

Absolutely true, if they do take place it should be clear what's transfered and under what conditions. But I don't think there will be much addresses to be transferred as a start.

...

...
Maybe it's just me, but transfers with or without money will probably not meet any of the fairness requirements we might come up with and I do think for the sake of it all we might want to try and keep it a level playing field as long as we can to prevent the worst case scenario of a netsplit.

perhaps it is my bad memory, but i have not heard anyone say that transfer will be particularly fair. i believe the proposals under discussion are meant to address that.

i was particularly objection to your hyperbole on the likely price of a /24.

The number of zero's I put in might be a bit big. On the other hand anything can happen, tulip bulbs once also cost a fortune. MarcoH

bmanning＠vacation.karoshi.com

5:25 a.m.

On Tue, Jul 07, 2009 at 08:33:35AM +0900, Randy Bush wrote:

...

perhaps it is my bad memory, but i have not heard anyone say that transfer will be particularly fair.

randy

i suspect that for a valid transfer, both (presuming only two, for the purposes of this discussion) parties will consider it fair. no doubt there will be some other party who finds the situation intolerable and will involke the Robert Mugabe-like policies of exapropriation in the name of universal good. fairness is often in the eye/routing table/wallet of the beholder. --bill

Jeffrey A. Williams

4:31 a.m.

Randy and all, I guess so? Seems that BS swirls around ARIN still much the same as it does ICANN. So what else is new? Randy Bush wrote:

...

...
Transfers from whom ? The /24 they are going to get for 1,000,000,000,000,000 dollar from an "old company" ?

is this the arin list, which is all about fantasy, black helicopters, and bullshit?

randy

5593

Age (days ago)

5605

Last active (days ago)

List overview

Download

56 comments

19 participants

participants (19)

bmanning＠vacation.karoshi.com
David Conrad
Florian Weimer
Garry Glendown
Gert Doering
Jeffrey A. Williams
Marco Hogewoning
Marcus Stoegbauer
Masataka Ohta
Milton L Mueller
Nick Hilliard
Randy Bush
Remco van Mook
Sander Steffann
Sascha Lenz
Scott Leibrand
Stream Service || Mark Scholten
TJ
trejrco＠gmail.com