Operational challenges of no NAT

[Ted Mittelstaedt]

On 10/29/2010 3:25 PM, George Bonser wrote:
>>>
>>> That is because the only thing v6 offers is "more IP addresses". It
>>> greatly complicates things for no additional benefit from the
>>> perspective of many end users.  Now if there were some new
> technology
>>> that could only be supported on v6 and there was some great clamor
>> for
>>> that technology, that would act to pull v6 into the network.  There
>> are
>>> no such technologies or applications at present.
>>
>> I doubt that there will be, the days of the networking industry being
>> driven by that sort of thing have been gone for some time.  Even the
>> iphone for all it's coolness, has not caused the majority of cell
> phone
>> owners to run into the store and upgrade their phones.
>
> Well, there are SOME cases where it is compelling and a network
> technology is dragged in.  An example is multicast which never really
> lived up to its potential.  It was designed to save bandwidth when that
> was at a premium.  You send one copy of something, and many people get
> it at the same time.  Then available bandwidth skyrocketed and it sort
> of just died.  Now it is making a comeback in the mobile networks where
> many users might be subscribed to the same content at the same time and
> bandwidth IS tight.  Verizon's VCAST is an example and multicast
> capability is a big part of the 3G and 4G standards.
>

I think I missed that, vcast as far as I've seen is mainly a unicast 
service, except for the sports fanatics and their live games, the 
content on it is on-demand.

I see multicast on mobile as mainly used for content that the users
are willing to schedule their lives around.  And there really isn't
much of that other than sports games, perhaps a handful of news
programs/current events, and a few political speeches and such.  Most
of the rest of the content out there the users don't want to watch
it all at the same time.

There were some interesting stats in an article I read recently on
the upcoming Jon Stewart march or whatever he calls it in D.C., it said
that of all the eyes watching his show, 2/3 of them watch it in
streaming off the web, rather than when the show comes on cable TV.

I have to say for myself, that after I bought our first flat panel TV
set a year ago, I hooked a computer to it and today we watch just about
everything off the web.  We will even do stuff like turn on the TV
and watch a show off the web that is being broadcast on that same
day - simply because we can watch it an hour earlier or later.  It makes 
no difference that we are 2 or 3 episodes "behind"  And I can't
believe we are all THAT weird.

I'd agree multicast will continue to be useful but in a niche, it
isn't ever going to become the predominant means of delivering
content.

>> But what there WILL be are the millions of NEW Internet users who get
>> on with only IPv6, and some kind of IPv6->IPv4 translator to get at
>> the legacy stuff.  That is already driving the content providers to
> get
>> on IPv6.
>
> To some extent, yes.  But the number of unique ASNs in the v6 routing
> table is still pretty small and the number that actually offer any v6
> service even though they are routing v6 is even smaller.  If you take
> the people who are just routing v6 out of that number, what you are left
> with is something pretty small.
>
>
>>
>> When Sally Schmoe the Marketing Manager throws her old home laptop to
>> the kids and buys a brand new one that speaks IPv6 out of the box
>> to her home DSL line, it will not be long before she is in the network
>> admin's office demanding to know why this cool app that is IPv6 only
>> that works great at home isn't working on the company network.
>
> If the network admin works for the marketing manager, yeah, that might
> be a big deal.  Otherwise she needs to go up the chain and justify to
> corporate management why her app working at work is worth the company
> engaging on a migration scheme "right now" to make it work.
>

Corporations don't work this way unless they are really, really big. 
Like Coca Cola or Ford or something like that.  But I assure you that
anything smaller than 500 employees doesn't work that way and if you
subtract the Federal Government, the majority of people working in the
US are not working at the behemoth companies.

Anyone in a less-than-500 person company that is associated with
sales in any fashion, if they bring in customers, they will
win every argument that any IT person wants to pick with them.  And 
don't think for a second that they don't know it.

>>
>> She won't give a tinkers damn that it's because the corporate network
>> admin is going slow on IPv6 deployment, in 2 shakes she's going to be
>> in the CEO's office peeing in his ear about how incompetent the
> network
>> people are if you don't have something for her.
>
> Most network administrators WANT to deploy v6.  They aren't the one
> holding up the train.  It is management who might not want to shell out
> money to replace those old network switches/routers that were end of
> life 5 years ago from the vendor, are being "supported" by buying used
> replacement parts as they fail, and have no code updates anymore to take
> them to v6 but work perfectly well for IPv4.
>
>
>> At least, that's how it's always worked in the orgs -I'VE- worked at.
>
> Maybe so, but YOU'RE experience doesn't necessarily project across the
> entire scope of network administrators internet wide.   How many
> Cat6500's are deployed worldwide with old SupI and SupII blades and not
> even enough RAM to upgrade to the last code release available on them?
> I am not even going to start into the Cat4000's or PIX firewalls. How
> many of those companies are barely operating at a profit as it is or are
> losing money currently?  Would such an effort literally cost a job in
> not being able to hire someone this quarter or year because you have to
> get a few hundred thousand dollars worth of network gear?
>

Maybe it would but frankly, it's not your call.  Your the network admin
not the CEO it isn't your responsibility to make those decisions.

You tell your CEO that right now you can get by with IPv4 but he
better budget for the upgrade because in 2-3 years you will have to
dual stack.  If he asks for a business justification then you simply
tell him that there is no justification, IPv6 is being forced on him
the same way that HIPAA and Sarbanes-Oxley and he can either choose to
comply, or ignore.  If he chooses to ignore HIPAA then he will get
away with it for now but sooner or later someone will sue him and the
company will be found liable and he will be fired.  If he chooses to
ignore Sarbanes-Oxley the same thing can happen although he might end up 
in jail.  And if he chooses to ignore IPv6 then sooner or later the
company will be unable to get on to an increasing amount of the
Internet, and once more, he will end up being fired for incompetence.
(and long before then you will be at some other company, of course)

This isn't a "business case" thing.  The world is moving to IPv6 and
no amount of thrashing around, saying "we don't have the money" is
going to matter one iota.  You can choose to play on the Internet
or not.  If you do not upgrade you are choosing to stand still while
the rest of the world slowly moves away.

> It isn't *just* a technical decision in many cases.  It is also a
> business case call.  There is a LOT of old crap still running out there
> and doing a perfectly acceptable job.  You have to have a case that
> justifies spending the money in addition to having a technical argument
> and in this economy, you need more justification that normal, at least
> in the US.
>

And what exactly is wrong in those cases with doing nothing?  Let's have
just a bit of reality here.  We still haven't hit IPv4 runout.  Once we 
do the IPv4 transfer market will swing into gear.  And a few more years
that will peter out.  And most ISP's have a LOT of slop in their IPv4
assignments.  I've read that Comcast uses /29's for all it's business
links.  They could go IP unnumbered.  I think a lot of these orgs can
self-fulfill IPv4 for at least 2 more years after the transfer market
dies.

So I think we are at least 5 years off before any ISP is really going to 
be forced into IPv6.  And then you know what?  There is
a huge amount of IPv4 tied up in the cellular market.  The cell carriers
are the ones who really are consuming these gigantic chunks of IPv4
allocations.  They already have had to start the process of switching to
IPv6.  And in 5 years they will have cycled a lot of their old phones
out of the system and since they have to operate with a homogeneous
network, they are going to be forced into using IPv6->IPv4 proxies and
gateways long before that.  And they will start dumping those 
allocations.  So I think the supply of IPv4 for the SMALLER networks is
assured for some time.  Certainly for another 5 years.  And if you are 
still using gear that is 15-20 years old then, well I will then be
in awe of you - the same kind of awe I have for the people who keep 
their old 1935 Packards on the road.

>>
>> It will come, just wait and see.  Have faith.
>
> Ted, this isn't a religion.  Religious arguments are matters of faith
> with no room for logical discussion as they are simply based on faith.
> Those are fine in matters of culture but that doesn't translate well to
> matters of technology.
>
> There needs to be a way to interoperate with v6 that isn't "painful".

painful or expensive?

> In the analogy you presented, which is easier, getting the CFO to
> refresh all the network hardware or getting the developer of the program
> to release an IPv4 version?  The developer's decision not to do that
> might be one of personal preference.  The CFO's decision might be one of
> actual dollars and cents.  You might be able to persuade the developer
> to accommodate v4 more easily than you can persuade the bank to
> accommodate an overdraft.
>
> The point is that the obstacles to more widely deployed v6 are more than
> technical or competency issues.  There are all sorts of infrastructure
> considerations.
>

There were all sorts of infrastructure problems with first deploying 
NAT.  But it came just the same.  People solved them.  People will solve
these, too.

After all it's just packets!!

Ted