Re: Problem statement, was: Re: Follow-up work on NAT-PT

[John Curran <jcurran@mail.com>]

At 10:17 AM +0100 11/12/07, Iljitsch van Beijnum wrote:
>As per the above, that's a somewhat philosophical question. For a large content site deploying IPv6 is non-trivial, and you can't really ease into it. So as long as all the users are on IPv4, few of the content people are going to do IPv6. You don't need much IPv4 space for serving up content so the IPv4 depletion per se isn't going to push the content people to IPv6.

Agreed.

>For ISPs this is very different: for them, it's much more doable to give some of their customers IPv6 without needing to convert the infrastructure for their current customers (obviously I'm talking big picture here, I'm not saying it's completely trivial). Also, the IPv4 depletion WILL hit ISPs. The problem is that ISPs can't give their customers IPv6-only connectivity while the content is still only reachable through IPv4.

Also agreed.

>Now here's the philosophical issue: is it better to run IPv6-only + translation to IPv4, or is it better to have dual stack IPv6 + NATed IPv4?
>
>As someone who used to configure routers for a living, my answer is: ditch IPv4 in as many corners of your network as possible, routing just IPv6 is much simpler. But I don't think this sentiment is universally shared.

Agreed; the ISP's I speak with aren't 'ditching IPv4' within their 
backbones; i.e. they see dual-stack for their *backbone* network
infrastructure as somewhat inevitable.   This is not the case for
the ISPs distribution infrastructure, and/or what is finally used to
connect individual customers.  No big new IPv4 address blocks
from the RIR's means no way to assign such blocks to a given
metro region, and this means IPv6 has to be used for expansion.

>An argument that many people aren't going to buy into would be that if IPv4/NAT and IPv6 must be provisioned separately this probably means that in a lot of instances, just IPv4/NAT will be provisioned and even with no new IPv4 addresses available we may not see much IPv6 adoption.

I'm going to elaborate a bit on this: we *will* see ISP's squeezing
IPv4 address space out of every corner of their infrastructure, and
from their downstream customers who had provider assigned (PA)
IP space, and from anyplace else they can get better utilization,
and then reusing the IPv4 pieces within their infrastructure with
something resembling a hard customer requirement that the
customer run NAT internally and live behind a handful of IPv4
addresses.  Whether or not IPv6 will also be available over that
connection depends entirely on the vision of the ISP, and might
be rather depressing for the next few years.

Eventually, ISP's run out of internal and delegated already routed
IPv4 address space remnants, and things begin to get very, very
interesting.  For a short-time, I imagine that there may be some
ISP's who succeed in obtaining new, large, significant IPv4 address
space blocks from sources unknown, and immediately deploy them
for customer growth as described above.  This also works for a short
while, only with whatever expense is occurred obtaining the blocks
added to the operational expense.  The routing impact of this is also
minimal, as it adds many new customers for each new block routed,
and resembles our existing suboptimal-but-working routing dynamics.

FYI - one would hope that the new customers being offered connectivity
behind a handful of IPv4 addresses & NAT is also being offered IPv6
(but then again, it's possible that the IPv6 network upgrade budget
went instead into finding those new IPv4 address blocks... ;-) 

At some point in time, the ability to connect new customers with any
form of provider allocated IPv4 space simply becomes untenable.  For
a while, customers will still be able to get connected with IPv4, under
the innovative "BYOA" (bring your own address) plan.  This is where
the fun really starts, since customers only value IPv4 uniqueness,
and hierarchical original and aggregatability aren't likely foremost in
the mind of the corporate IT manager who's been told to get the
company connected at any cost.  We go through an interesting
period of attempting to add high numbers of very small customer
provided IPv4 blocks completely lacking in hierarchy to the routing
tables, until it becomes painfully obvious that this doesn't work.

At this point (and not much prior in some unfortunate cases), ISP's
will realize the need connect new customers via just IPv6, and have
their customer obtain access to the 'legacy' IPv4-connected portion
of the Internet via some form of NAT-PT or equivalent translation
(with all the downsides that such entails).

>Another argument is that if ISPs are going to do NAT, this pretty much means that most customers, who run their own NAT, are going to be behind two layers of NAT, which is worse than just one layer of NAT. The reason for this is that there is no easy way for an ISP to provision multiple IPv4 addresses on a single customer link. With IPv6+translation you can use DHCPv6 prefix delegation to give users enough IPv6 space for all their hosts and only the translator does a single round of NAT.
>
>In my opinion, we shouldn't try to get consensus on whether IPv6+translation is better than dual stack IPv6+IPv4/NAT, but just go ahead and make the best IPv6+translation solution we can and let the operators choose what they want to deploy.

Thank you.  That's the only responsible approach for the IETF
to take on this issue, since the alternative of insisting on just
dual-stack presumes perfect forecasting of the actual business
situation of every ISP five years from now...

/John