<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-text-plain" wrap="true" style="font-family:
-moz-fixed; font-size: 14px;" lang="x-unicode">
<pre class="moz-quote-pre" wrap="">On 5/10/2019 4:23 PM, John Denker wrote:
</pre>
<blockquote type="cite" style="color: #000000;">
<pre class="moz-quote-pre" wrap="">On 5/9/19 10:00 PM, Christian Huitema wrote:
</pre>
<blockquote type="cite" style="color: #000000;">
<pre class="moz-quote-pre" wrap=""> The technique was standardized
by the IETF in STUN (RFC 5389, 2003).
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">Somewhat off-topic, but less so than the rest of this thread....</pre>
</blockquote>
</div>
<div class="moz-text-plain" wrap="true" style="font-family:
-moz-fixed; font-size: 14px;" lang="x-unicode"><br>
</div>
<div class="moz-text-plain" wrap="true" style="font-family:
-moz-fixed; font-size: 14px;" lang="x-unicode">It *is* off topic,
wonder why the moderators are not cutting that off already.<br>
<blockquote type="cite" style="color: #000000;">
<pre class="moz-quote-pre" wrap="">
As ||ugh Daniel was fond of pointing out, NAT is an abomination.
It is a sad commentary on the whole industry that we are even
discussing it.
There is a STUN RFC from 2003, but there is an IPv6 RFC from
1995. IPv6 was already widely supported in the early 00s
e.g. by windows 2000.
It should have been obvious for many years now that every box
that does NAT should do native IPv6 if available, and should
terminate 6to4 (or 6rd) tunnels otherwise. This his how
every network I've set up in the last 15 years has done it.
a) IPv6 makes a great many NAT-related questions moot.
Every client on the subnet behind the NAT box can have
its own globally-routable address.
b) It also simplifies IPsec deployment.
c) Note that (a) and (b) are not unrelated.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">If I were king, that would have happened years ago. But you know, rough consensus and running code and all that. Perry tried to precipitate the movement with whisky shots and toasts to the universal deployment of IPv6, but that was not too successful either.
It took some time for IPv6 to ship on most platforms -- Windows only got a production ready version in 2003. In between, NAT became entrenched. Something to do with business models. NAT was giving you an immediate tangible benefit, connect several computers while paying just one ISP bill. The economic incentive were well aligned: customer shells out maybe $100 for a device, recovers the price in a few month by saving on the ISP bill. The economic incentives of IPv6 were much more "long term", to use an euphemism.
</pre>
<blockquote type="cite" style="color: #000000;">
<pre class="moz-quote-pre" wrap="">When will NAT-box manufacturers get with the program?
You'd think this would be a selling point.
What in the name of Godot are they waiting for?
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">At this point, they are waiting for explicit requirements from ISP. It is getting there, because it turns out that Net 10 + Carrier Grade NAT does not work well if you have more than 16M customers. With IPv4, ISP cannot give a unique address to each of their customer premise equipment, and that makes network management very costly. Same thing is happening in big data centers.
But then, having a unique stable address/identifier for each device has some pretty nasty privacy implications. It is not hard to find privacy advocates who believe that Carrier Grade NAT is great, because it lets people hide.
-- Christian Huitema
</pre>
</div>
</body>
</html>