Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NANOG: users

shared address space... a reality!

  

 
First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded


mysidia at gmail

Mar 15, 2012, 6:32 PM

Post #26 of 40 (706 views)
Permalink
Re: shared address space... a reality! [In reply to]
On Thu, Mar 15, 2012 at 3:57 PM, Robert E. Seastrom <rs [at] seastrom> wrote:
>
> More like "wasting no time in fulfilling the prophesy that people will
> treat it like just another rfc1918 space and deploy it wherever they want".

The draft indicates you can deploy it anywhere as long as you meet the
special requirement:
You have a router capable of performing address translation across
router interfaces when addresses are identical on two different
interfaces.

The other option is that you are a service provider
If you meet the router capability requirement you don't have to be a SP.


--
-JH


tjc at ecs

Mar 16, 2012, 12:18 AM

Post #27 of 40 (706 views)
Permalink
Re: shared address space... a reality! [In reply to]
On 15 Mar 2012, at 21:03, Valdis.Kletnieks [at] vt wrote:

> On Thu, 15 Mar 2012 13:35:13 PDT, George Herbert said:
>> What, senior network people testing out new test/transitional space at
>> home before they test it at work is bad?
>
> Either that, or Randy was being snarky about how long the promise to *only* use
> the address space for numbering CGN interfaces and not as additional RFC1918
> space was going to last in reality....

So where is that new /10 leaking to already? ;).

Tim


alvarezp at alvarezp

Mar 16, 2012, 11:01 AM

Post #28 of 40 (702 views)
Permalink
Re: shared address space... a reality! [In reply to]
On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
<christopher.morrow [at] gmail> wrote:

> NetRange: 100.64.0.0 - 100.127.255.255
> CIDR: 100.64.0.0/10
> OriginAS:
> NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED

Weren't we supposed to *solve* the end-to-end connectivity problem,
instead of just letting it live?

Sure, this lets CGN to be more organized for operators, but those that
already have RFC5735 addresses implemented will not switch to 100.64/10
just because there's a new block. Only new players will actually benefit
from this. It will only make it easier for new players to play in
IPv4 instead of being pushed to IPv6.


--
Octavio.


morrowc.lists at gmail

Mar 16, 2012, 11:33 AM

Post #29 of 40 (703 views)
Permalink
Re: shared address space... a reality! [In reply to]
On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
<alvarezp [at] alvarezp> wrote:
> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
> <christopher.morrow [at] gmail> wrote:
>
>> NetRange:       100.64.0.0 - 100.127.255.255
>> CIDR:           100.64.0.0/10
>> OriginAS:
>> NetName:        SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
>
>
> Weren't we supposed to *solve* the end-to-end connectivity problem,
> instead of just letting it live?

ha!

> Sure, this lets CGN to be more organized for operators, but those that

ghuston has a great presentation about CGN deployments, and how they
essentially become permanent (or could, according to his
chickenbone-readings)... It's an interesting thought
experiment/discussion, and one I'm curious to see play out.

> already have RFC5735 addresses implemented will not switch to 100.64/10
> just because there's a new block. Only new players will actually benefit
> from this. It will only make it easier for new players to play in
> IPv4 instead of being pushed to IPv6.

are you really asking: "Why on why did we go through all this hard
work for something with basically no easy to quantify return?"

hell, this may get more use than SCTP does, and sctp took a LOT longer to do...

-chris


gbonser at seven

Mar 16, 2012, 12:35 PM

Post #30 of 40 (703 views)
Permalink
RE: shared address space... a reality! [In reply to]
> From: Octavio Alvarez

> Sure, this lets CGN to be more organized for operators, but those that
> already have RFC5735 addresses implemented will not switch to 100.64/10
> just because there's a new block. Only new players will actually
> benefit from this. It will only make it easier for new players to play
> in
> IPv4 instead of being pushed to IPv6.
>
>
> --
> Octavio.

This is yet one more moving parts in the growing assemblage of moving parts that is required to make v4 work going forward. At some point (soon) we will reach a point of diminishing return and people are simply going to realize that it is easier to deploy v6 native than it is to attempt to keep v4 limping along. A new player is probably going to buy new gear. New gear isn't going to have the problems with v6 that older networks might have who could still be using ancient gear and can't afford to "forklift" their stuff out. A new player entering the market these days looking to use this for a native v4 deployment going forward any significant period of time ... is probably not making the wisest choice.

And with every additional moving part there is something else that impacts performance, something else to break, something else to become CPU or memory bound ... performance over v4 will become increasingly poor, increasingly unreliable, and people are just going to realize that any pain of v6 migration is a lot less than keeping the bailing wire, super glue, and rubber bands around v4. This will be true of their own networks and the networks they are communicating with. V4 performance in general from here on out is simply going to go south. Umpteen NATs, routing table bloat as the nets shatter into smaller and smaller blocks, at some point v4 isn't worth it. Maybe we should just propose more and more and more Band-Aids.

Many choose not to migrate to v6 out of simple laziness (if it ain't broken, don't fix it). At some point it will take so much more work to keep v4 going that the path of least phone calls in the middle of the night will be IPv6.


bill at herrin

Mar 16, 2012, 12:35 PM

Post #31 of 40 (698 views)
Permalink
Re: shared address space... a reality! [In reply to]
On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
<alvarezp [at] alvarezp> wrote:
> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
> <christopher.morrow [at] gmail> wrote:
>> NetRange:       100.64.0.0 - 100.127.255.255
>> CIDR:           100.64.0.0/10
>> OriginAS:
>> NetName:        SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
>
> Weren't we supposed to *solve* the end-to-end connectivity problem,
> instead of just letting it live?

"We" forgot to ask if all the stakeholders wanted it solved. Most
self-styled "enterprise" operators don't: they want a major control
point at the network border. Deliberately breaking end to end makes
that control more certain. Which is why they deployed IPv4 NAT boxen
long before address scarcity became an impactful issue.

Regards,
Bill Herrin


--
William D. Herrin ................ herrin [at] dirtside  bill [at] herrin
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


owen at delong

Mar 16, 2012, 12:47 PM

Post #32 of 40 (703 views)
Permalink
Re: shared address space... a reality! [In reply to]
In my perception, this is primarily a moving part that will be used by providers deploying IPv6 as a mechanism to compensate for things on the internet their customers want to reach that have not yet deployed IPv6.

If deploying IPv6 on your own network qualified as a complete solution to the problem, I suspect we'd actually be much further along in the process. Unfortunately, deploying IPv6 locally does not change the fact that you use the internet to talk to things not under your control and until they deploy IPv6, you cannot depend entirely on IPv6 to do that.

I don't think any sane provider will use this as yet another way to avoid deploying IPv4. OTOH, the number of not sane providers is somewhat scary, but, hopefully not of sufficient critical mass as to be meaningful in the long term.

Owen


cdel at firsthand

Mar 16, 2012, 1:21 PM

Post #33 of 40 (705 views)
Permalink
Re: shared address space... a reality! [In reply to]
NAT at the edge is one thing as it gives an easy to sell security proposition for the board. But CGN controlled by whoever sitting between their NATs does the opposite.



Christian de Larrinaga


On 16 Mar 2012, at 19:35, William Herrin <bill [at] herrin> wrote:

> On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
> <alvarezp [at] alvarezp> wrote:
>> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
>> <christopher.morrow [at] gmail> wrote:
>>> NetRange: 100.64.0.0 - 100.127.255.255
>>> CIDR: 100.64.0.0/10
>>> OriginAS:
>>> NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
>>
>> Weren't we supposed to *solve* the end-to-end connectivity problem,
>> instead of just letting it live?
>
> "We" forgot to ask if all the stakeholders wanted it solved. Most
> self-styled "enterprise" operators don't: they want a major control
> point at the network border. Deliberately breaking end to end makes
> that control more certain. Which is why they deployed IPv4 NAT boxen
> long before address scarcity became an impactful issue.
>
> Regards,
> Bill Herrin
>
>
> --
> William D. Herrin ................ herrin [at] dirtside bill [at] herrin
> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
> Falls Church, VA 22042-3004
>


owen at delong

Mar 16, 2012, 2:17 PM

Post #34 of 40 (696 views)
Permalink
Re: shared address space... a reality! [In reply to]
It may be easy to sell, but it's also fictitious.

NAT is antithetical to security, not beneficial to it.

Owen

On Mar 16, 2012, at 1:21 PM, cdel.firsthand.net wrote:

> NAT at the edge is one thing as it gives an easy to sell security proposition for the board. But CGN controlled by whoever sitting between their NATs does the opposite.
>
>
>
> Christian de Larrinaga
>
>
> On 16 Mar 2012, at 19:35, William Herrin <bill [at] herrin> wrote:
>
>> On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
>> <alvarezp [at] alvarezp> wrote:
>>> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
>>> <christopher.morrow [at] gmail> wrote:
>>>> NetRange: 100.64.0.0 - 100.127.255.255
>>>> CIDR: 100.64.0.0/10
>>>> OriginAS:
>>>> NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
>>>
>>> Weren't we supposed to *solve* the end-to-end connectivity problem,
>>> instead of just letting it live?
>>
>> "We" forgot to ask if all the stakeholders wanted it solved. Most
>> self-styled "enterprise" operators don't: they want a major control
>> point at the network border. Deliberately breaking end to end makes
>> that control more certain. Which is why they deployed IPv4 NAT boxen
>> long before address scarcity became an impactful issue.
>>
>> Regards,
>> Bill Herrin
>>
>>
>> --
>> William D. Herrin ................ herrin [at] dirtside bill [at] herrin
>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004
>>


Valdis.Kletnieks at vt

Mar 16, 2012, 2:44 PM

Post #35 of 40 (692 views)
Permalink
Re: shared address space... a reality! [In reply to]
On Fri, 16 Mar 2012 14:17:38 PDT, Owen DeLong said:
> It may be easy to sell, but it's also fictitious.
>
> NAT is antithetical to security, not beneficial to it.

Anybody want to hazard a guess what % of Vint Cerf's famous 140M compromised
boxes were behind a NAT and still got pwned by a drive-by fruiting?


gbonser at seven

Mar 16, 2012, 3:59 PM

Post #36 of 40 (693 views)
Permalink
RE: shared address space... a reality! [In reply to]
> -----Original Message-----
> From: Owen DeLong [mailto:owen [at] delong]
>
> In my perception, this is primarily a moving part that will be used by
> providers deploying IPv6 as a mechanism to compensate for things on the
> internet their customers want to reach that have not yet deployed IPv6.

I think it will be used mostly as the middle 4 in NAT444 and in links between networks where there are RFC1918 network assignment collisions. My gut tells me we will see that net block being used for NAT on a lot of VPNs between RFC1918 networks.


> I don't think any sane provider will use this as yet another way to
> avoid deploying IPv4.

I hope you're right.

> OTOH, the number of not sane providers is
> somewhat scary, but, hopefully not of sufficient critical mass as to be
> meaningful in the long term.


owen at delong

Mar 16, 2012, 4:19 PM

Post #37 of 40 (697 views)
Permalink
Re: shared address space... a reality! [In reply to]
On Mar 16, 2012, at 3:59 PM, George Bonser wrote:

>
>
>> -----Original Message-----
>> From: Owen DeLong [mailto:owen [at] delong]
>>
>> In my perception, this is primarily a moving part that will be used by
>> providers deploying IPv6 as a mechanism to compensate for things on the
>> internet their customers want to reach that have not yet deployed IPv6.
>
> I think it will be used mostly as the middle 4 in NAT444 and in links between networks where there are RFC1918 network assignment collisions. My gut tells me we will see that net block being used for NAT on a lot of VPNs between RFC1918 networks.
>

I would agree with both of those statements.

>
>> I don't think any sane provider will use this as yet another way to
>> avoid deploying IPv4.
>
> I hope you're right.
>

Certainly of the providers I have spoken with about the subject, that seems
to be the prevailing attitude.

So there is some hope.

Owen


bill at herrin

Mar 16, 2012, 4:22 PM

Post #38 of 40 (696 views)
Permalink
Re: shared address space... a reality! [In reply to]
On Fri, Mar 16, 2012 at 3:47 PM, Owen DeLong <owen [at] delong> wrote:
> I don't think any sane provider will use this as yet another way to avoid deploying IPv4.

I'm sure that's correct, but if you fix the typo it may not be. ;-)

Regards,
Bill Herrin


--
William D. Herrin ................ herrin [at] dirtside  bill [at] herrin
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


dedelman at iname

Mar 17, 2012, 10:33 AM

Post #39 of 40 (688 views)
Permalink
Re: shared address space... a reality! [In reply to]
Some major stakeholders are under legal or regulatory obligation to supervise and control. A small number of control points makes this less awful to effect.

Dave Edelman


On Mar 16, 2012, at 16:21, "cdel.firsthand.net" <cdel [at] firsthand> wrote:

> NAT at the edge is one thing as it gives an easy to sell security proposition for the board. But CGN controlled by whoever sitting between their NATs does the opposite.
>
>
>
> Christian de Larrinaga
>
>
> On 16 Mar 2012, at 19:35, William Herrin <bill [at] herrin> wrote:
>
>> On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
>> <alvarezp [at] alvarezp> wrote:
>>> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
>>> <christopher.morrow [at] gmail> wrote:
>>>> NetRange: 100.64.0.0 - 100.127.255.255
>>>> CIDR: 100.64.0.0/10
>>>> OriginAS:
>>>> NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
>>>
>>> Weren't we supposed to *solve* the end-to-end connectivity problem,
>>> instead of just letting it live?
>>
>> "We" forgot to ask if all the stakeholders wanted it solved. Most
>> self-styled "enterprise" operators don't: they want a major control
>> point at the network border. Deliberately breaking end to end makes
>> that control more certain. Which is why they deployed IPv4 NAT boxen
>> long before address scarcity became an impactful issue.
>>
>> Regards,
>> Bill Herrin
>>
>>
>> --
>> William D. Herrin ................ herrin [at] dirtside bill [at] herrin
>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>> Falls Church, VA 22042-3004
>>
>


cdl at asgaard

Mar 17, 2012, 10:42 AM

Post #40 of 40 (690 views)
Permalink
Re: shared address space... a reality! [In reply to]
Greetings Dave,

Having been one of the authors of this, and, at the time, unfortunately looking down the barrel of a CGN deployment (in AU). I can say, at least in our case, it had nothing to do with monitoring or intercept. In fact, CGN actually made that more difficult in some circumstances. And this was a carrier that definitely had that requirement.

Chris

On 17Mar2012, at 10.33, Dave Edelman wrote:

> Some major stakeholders are under legal or regulatory obligation to supervise and control. A small number of control points makes this less awful to effect.
>
> Dave Edelman
>
>
> On Mar 16, 2012, at 16:21, "cdel.firsthand.net" <cdel [at] firsthand> wrote:
>
>> NAT at the edge is one thing as it gives an easy to sell security proposition for the board. But CGN controlled by whoever sitting between their NATs does the opposite.
>>
>>
>>
>> Christian de Larrinaga
>>
>>
>> On 16 Mar 2012, at 19:35, William Herrin <bill [at] herrin> wrote:
>>
>>> On Fri, Mar 16, 2012 at 2:01 PM, Octavio Alvarez
>>> <alvarezp [at] alvarezp> wrote:
>>>> On Tue, 13 Mar 2012 23:22:04 -0700, Christopher Morrow
>>>> <christopher.morrow [at] gmail> wrote:
>>>>> NetRange: 100.64.0.0 - 100.127.255.255
>>>>> CIDR: 100.64.0.0/10
>>>>> OriginAS:
>>>>> NetName: SHARED-ADDRESS-SPACE-RFCTBD-IANA-RESERVED
>>>>
>>>> Weren't we supposed to *solve* the end-to-end connectivity problem,
>>>> instead of just letting it live?
>>>
>>> "We" forgot to ask if all the stakeholders wanted it solved. Most
>>> self-styled "enterprise" operators don't: they want a major control
>>> point at the network border. Deliberately breaking end to end makes
>>> that control more certain. Which is why they deployed IPv4 NAT boxen
>>> long before address scarcity became an impactful issue.
>>>
>>> Regards,
>>> Bill Herrin
>>>
>>>
>>> --
>>> William D. Herrin ................ herrin [at] dirtside bill [at] herrin
>>> 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
>>> Falls Church, VA 22042-3004
>>>
>>
>

--
李柯睿
Check my PGP key here: https://www.asgaard.org/~cdl/cdl.asc
Current vCard here: https://www.asgaard.org/~cdl/cdl.vcf
Check my calendar availability: https://tungle.me/cdl

First page Previous page 1 2 Next page Last page  View All NANOG users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.