Fedora's metrics have ripple effect (Linux.com)
Fedora announced this month that by using a tracking tool to monitor unique IP addresses, it was able to determine that Fedora Core 6 now has more than one million users. What does all this metric gathering mean for future Fedora releases? Moreover, what does it mean for the Linux community at large? The answer on both counts: plenty."
Posted Jan 30, 2007 6:06 UTC (Tue)
by quozl (guest, #18798)
[Link] (36 responses)
IP addresses aren't identifiers. Metrics based on non-identifiers are risky.
Posted Jan 30, 2007 7:34 UTC (Tue)
by tyhik (guest, #14747)
[Link]
Posted Jan 30, 2007 13:03 UTC (Tue)
by RobSeace (subscriber, #4435)
[Link] (33 responses)
> IP addresses aren't identifiers.
No, not anymore, when we have junk like NAT ruining things for us... Usually, NAT tends to have the reverse effect of what you're describing (multiple people counted as only one, due to them all appearing to come from the same IP), but either is problematic...
I'm just a grumpy old network software coder who longs for a return to the days when IP addresses DID accurately represent a single specific machine... And, I hope and pray that if/when IPv6 is ever adopted in a widespread manner, it'll be a return to those days... But, I fear some people won't give up their NATs, no matter what, even though they serve absolutely no legitimate purpose in a situation where plentiful public IPs are available... Some people mistakenly think it makes them more secure; that's what a firewall is for, not a NAT box... There's no need to break the end-to-end nature that's at the very heart of the Internet (which NAT certainly does) in order to gain this security...
Posted Jan 30, 2007 13:35 UTC (Tue)
by Chexum (guest, #19123)
[Link] (3 responses)
I have to ask: what's the point of such a weirdo NAT setup? I read the commenter's setup as: "I'm using ADSL from a provider who forces me to change my single public IP address periodically from its /16 pool, and all my systems are NAT-ed behind this ever changing IP." Maybe because I'm in a similar position. I'm getting a new IP address if I reconnect; and I'm forcibly disconnected every 24 hours.
Posted Jan 30, 2007 15:04 UTC (Tue)
by RobSeace (subscriber, #4435)
[Link] (1 responses)
Posted Feb 4, 2007 14:59 UTC (Sun)
by JohnNilsson (guest, #41242)
[Link]
Posted Jan 30, 2007 22:52 UTC (Tue)
by quozl (guest, #18798)
[Link]
That's one way to put it, but no, it is an HSDPA 3G mobile telephony service, and I was amazed when I first detected the behaviour.
I knew already it was a NAT'd service, because of the local IP address of the PPP interface. While packing to go to linux.conf.au, I was setting up /etc/hosts.allow on my home system so that I could SSH in. So I tested where the connections were coming from.
Each connection on various ports arrived from different source IP addresses. Honest. Reproducible.
I'm at a loss as to exactly why it is done this way ... but it probably has to do with the planned deployment of millions of 3G mobile telephones pulling data over TCP/IP via these mere 65534 public IP addresses. And I don't really know there are 65534 of them ... they could have a whole lot more.
My point is, metrics based on IP addresses are worth less, not just because of simple NAT we're all familiar with, but also because of strange NAT like what I see now.
Posted Jan 30, 2007 14:37 UTC (Tue)
by xav (guest, #18536)
[Link] (28 responses)
Posted Jan 30, 2007 15:17 UTC (Tue)
by RobSeace (subscriber, #4435)
[Link] (27 responses)
Posted Jan 30, 2007 16:05 UTC (Tue)
by jreiser (subscriber, #11027)
[Link] (26 responses)
Posted Jan 30, 2007 17:10 UTC (Tue)
by i3839 (guest, #31386)
[Link] (5 responses)
- Added security: You mean the default "disallow incoming connections, allow outgoing ones and replies" policy provided by NAT? Any firewall can provide that. Worse, even a firewall isn't really needed for that, as connections to closed ports are "denied" anyway. All open ports should have a purpose, or not be open in the first place (why is that server running if no one should connect anyway?). But for the lazy ones, yes, you can use a firewall.
- Many attackers fail to find your host at all. Many attackers fail to hack your OS when they go for Windows and you have something else. Many attackers can hack your "hardware router" and get full, stealthy control over your network. What was your point again?
- Pseudo-anonymity, what's that? Something like not knowing who's behind the computer? With IPv6 you do things even better, and use a different IP address each day of the year, what's that for pseudo-anonymity? Point being, yes, you can group a bunch of people together with NAT, and add some obscurity in the network traffic. But it won't add much at all. You can do better without NAT, in a simpler way.
- NAT has nothing to do with your beloved hardware, other than the thing needs to implement NAT in software, with the added complexity and load (especially with many connections), making it more complex and expensive than strictly needed. The added complexity also increases the chance that a critical bug is present that can be used to exploit the thing.
What NAT does is breaking internet in a non-fatal way. Of course it hampers everyone expecting it to work properly, and you dare to call that security?
Posted Jan 30, 2007 17:54 UTC (Tue)
by jreiser (subscriber, #11027)
[Link] (1 responses)
You are wrong. Without NAT, *my* monthly bill would be 3 times as large.
- Added security.
As I said, I have firewalls, more than one in any external path. I have closed all ports that are not relevant to my needs. I also do other things for security; I believe that multiple failures must occur before a "successful" penetration. I still *like* the extra hurdle that NAT provides. Even though it is nowhere near impenetrable, it has detered some attackers.
- Pseudo-anonymity.
It's enough to confuse some attempts to track identity and usage. I like what it does.
- NAT has nothing to do with your beloved hardware ...
On the contrary, it has quite a lot to do with *my* hardware. And the retail price that *I* paid was no more than devices that did not have NAT.
- What NAT does is breaking internet in a non-fatal way.
What NAT does is provide choice in monetary cost, features, usability, and administration to those who deal with the existing, imperfect, and slow-to-change consumer marketplace.
Posted Jan 31, 2007 14:45 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link]
That's /your/ problem, not ours. It's a contract between you and your ISP, if all the local ISPs do it and you feel that's unfair it's a matter to take up with your government's consumer protection officials.
The IP addresses themselves are free, as a matter of policy, they're allocated by a hierarchy that approximates the topological distribution of the network. Firstly to RIRs (e.g. RIPE in Europe) and then to LIRs (e.g. a major ISP) and finally down to organisations or individuals.
In the long term a "grey market" for IPv4 addresses is almost inevitable. But that's still 5-10 years away even with pessimistic estimates. Today the RIRs have lots of /8 networks available to allocate, your ISP could get the addresses you need for the price of an email. That they choose to charge you $5 or $10 or whatever per month to use them is just a matter of market segmentation.
What NAT does is cripple your network. Maybe you want your network crippled, although from your description it sounds as though you're the type of person who uses both NAT and a lot of NAT-disabling or NAT-bypassing technology (e.g. Skype or STUN) and believes that the resulting spaghetti is "safer" because they don't understand it. Make no mistake, the blackhats understand it perfectly well. I don't think we should be encouraging people to cripple their Internet access. When a user spends a dollar on Joel Spolsky's NAT-busting remote desktop access, that's two dollars of work that was never necessary, firstly to prevent it from working as intended by the Internet, and then to re-enable it using an HTTP proxy service on a 3rd party machine. Resorting to the inevitable car analogy it's as though we'd decided to rip up all the roads to reduce environmental costs associated with car ownership, and then everyone went out and bought a 4x4 offroader so that they can still drive to the shops.
Posted Jan 30, 2007 18:23 UTC (Tue)
by bronson (subscriber, #4806)
[Link] (2 responses)
Yes, it's imperfect, but it's the only realistic solution today. I look forward to when IPv6 rolls out but it's going to take a few more years yet.
Posted Jan 30, 2007 19:53 UTC (Tue)
by i3839 (guest, #31386)
[Link] (1 responses)
But some people don't see how ugly it is and even love it, giving invalid arguments for why it's so great, and worst of all, want to keep it even when IPv6 comes. It's a crutch, one that should be cast away as soon as possible. And yes, that means until IPv6 is used widespread.
Posted Jan 31, 2007 5:03 UTC (Wed)
by drag (guest, #31333)
[Link]
The internet was originally designed as a Peer-to-Peer network. Due to the need for NAT and ISPs blocking ports it's turning into a client-server model and is realy starting to limit the potential of the internet.
Things like VoIP and such.
There is more to the internet then the web (and email, and irc)!
Posted Jan 30, 2007 17:32 UTC (Tue)
by RobSeace (subscriber, #4435)
[Link] (12 responses)
> The monthly bill from my ISP is less than for 10 static IP4.
Irrelevent... That's only due to IPv4 space being extremely limited these days, making IPs valuable/expensive... In an IPv6 world, that won't be an issue anymore... Even home users with a single machine should get at least a /64 (they're talking about just giving most people /48s)... So, you'll have no shortage of available IPs... I'm sure a few ISPs might try to gouge customers, giving most people a single /128, and charging extra for a /64, but they'd be instantly recognized as scum for doing so, and should be abandoned by their users, since they have absolutely no legit reason for doing so (unlike modern ISPs, who while they may be greedy, also have a legit excuse in the shortage of IPv4 space)...
> The "hurdle" imposed by NAT is a useful addition to my defenses against
No, it's not... If you want the sort of protection that NAT accidentally provides you as a side-effect of its nature, then set up a firewall on your router to perform the same task (in a much more secure manner)... However, this "protection" is generally major overkill, and destroys lots of useful things (such as P2P), so you'd probably want to be a bit more discriminating in your firewall rules, anyway... Using NAT for any kind of "security" is like nailing your doors shut instead of installing locks; sure, it prevents most people (unless they've got a hammer on them to yank out the nails) from getting in, but it also prevents legitimate users from getting in or out...
> The extra complexity and code required to tunnel other protocols over
Huh? How so?? I don't get this one, at all... Or, do you just take pleasure in making network programmers suffer greatly? ;-)
> NAT also provides some pseudo-anonymity.
Only if you've got several machines behind the NAT box... But, they can still figure out you're one of the people behind it, even if they can't exactly ID your particular machine... So, I'm not sure exactly how useful that is... And, in fact, with tools like "0trace" (search recent bugtraq posts), even that pseudo-anonymity is gone, since it's able to figure out your private internal LAN IP... So, no, your machine is just as identifiable either way...
> Even when IP6 comes (and it will take some years), I will *still* use NAT
That sort of attitude just makes me want to scream, and beat my head against brick walls... ;-/ There's NO benefit at all to NAT in such a situation... None, zero, zip, nada... There are only detriments... Several of them... Any perceived "benefits" you think you get from NAT, you can get via a properly configured firewall, instead...
Posted Jan 30, 2007 18:50 UTC (Tue)
by flewellyn (subscriber, #5047)
[Link] (11 responses)
I certainly see how, in an IPv6 world, NAT becomes unnecessary...but I wasn't aware it was actually harmful.
Posted Jan 30, 2007 19:35 UTC (Tue)
by RobSeace (subscriber, #4435)
[Link] (9 responses)
For more info, see Things that NATs break and RFC-1627: Network 10 Considered Harmful...
Posted Jan 30, 2007 19:51 UTC (Tue)
by flewellyn (subscriber, #5047)
[Link] (8 responses)
So, in a non-NAT, IPv6 world, how would one achieve the "LAN behind a single firewalling box" effect? Just have the LAN machines route through the firewall box, using it as a router?
Posted Jan 30, 2007 19:59 UTC (Tue)
by liljencrantz (guest, #28458)
[Link] (7 responses)
There is no need for the firewall to do NAT as well.
Posted Jan 30, 2007 20:40 UTC (Tue)
by RobSeace (subscriber, #4435)
[Link] (6 responses)
Posted Jan 30, 2007 22:21 UTC (Tue)
by flewellyn (subscriber, #5047)
[Link] (5 responses)
Are "they" (IETF, I assume?) really considering giving everyone a /64? Giving businesses /48s? Never mind "what home user needs 18 quintillion addresses?", what BUSINESS needs a septillion? Even Google doesn't have that many servers yet.
I kinda think a /32 would be enough for home users, maybe even enough for most businesses. Of course, that then gives us the ability to give 4 billion IP addresses to each of 79 octillion people...
Geez, IPv6 scares me sometimes.
Posted Jan 30, 2007 23:00 UTC (Tue)
by nix (subscriber, #2304)
[Link] (1 responses)
Posted Jan 31, 2007 2:40 UTC (Wed)
by flewellyn (subscriber, #5047)
[Link]
Posted Jan 30, 2007 23:13 UTC (Tue)
by RobSeace (subscriber, #4435)
[Link] (2 responses)
Mostly waste them, just to be able to have automagic IP assignment for any machine by using its Ethernet MAC in the lower 64 bits... (Yes, a MAC is only 48 bits, but there's some method or other of munging it into a 64-bit value, which is one proposed method of automagic config-free IP assignment... There are other methods as well, but mainly just to cope with paranoid people who seem to believe that giving out their MAC address is somehow a horrible thing which will render them instantly vulnerable to every cracker on the Net... ;-))
> Are "they" (IETF, I assume?)
IANA, ARIN, RIPE, and others, all talking together, I believe...
> really considering giving everyone a /64? Giving businesses /48s?
Yeah... /64 is really the smallest you can get, anyway... Because the lower 64 bits are all host-specific, and the upper 64 are for routing... You could theoretically get a single fixed /128 IP, but it'd be pulled out of some /64 (or less) subnet somewhere... Like I said, slimy ISPs might try to do something like that for home users... But, they really should just give them all their own /64...
Anyway, yeah see RFC-3177 for what I believe are the current recommendations... Or, this RIPE document...
> I kinda think a /32 would be enough for home users
You've got the CIDR /bits backwards: a /32 would be a HUGE allocation of IPs! ;-) The lower the /bits value, the bigger the subnet... It's a count of the fixed 1 bits in the netmask, starting at the left... So, what you really meant was /96, which leaves 32 bits for host use... However, as I say, you can't really do that with IPv6: the upper 64 are the routable portion, and the lower 64 are the host ID portion... That's just the way they did things... Is it overkill to allow for 2^64 hosts on each subnet? Um, yeah, probably... ;-) But, hey, I'd rather them go overkill than not enough... And, with 2^64 /64s available, I don't think they'll run out of those for a while, either... ;-) (Yeah, actually, there are slightly less than that many currently allowed publically assignable IPs, since I think they're all in a /3, but it's still an outrageously huge number...)
Posted Jan 31, 2007 2:44 UTC (Wed)
by flewellyn (subscriber, #5047)
[Link] (1 responses)
I can see the massive advantages in terms of simplicity of this approach. Probably simplify
While I'm asking you silly questions, I noted upthread that you mentioned HTTP wasn't that well-
Posted Jan 31, 2007 11:38 UTC (Wed)
by RobSeace (subscriber, #4435)
[Link]
I'm really just bitter because I had to deal with a stupid CC authorization protocol pointlessly layered on top of HTTP a while back, which made things far more difficult and inefficient than they should've been... Basically, it takes the same protocol you would use if dialing them up over modem and inappropriately stacks it on top of HTTP, rather than simply having a new listening TCP daemon on some port for handling it, as one would logically suspect they might do... It's just silly...
Posted Jan 31, 2007 13:35 UTC (Wed)
by mennucc1 (guest, #14730)
[Link]
for example, NAT is incompatible with IPSEC
Posted Jan 30, 2007 20:00 UTC (Tue)
by job (guest, #670)
[Link] (6 responses)
That sounds very strange. IP addresses should have no value. If you need more you should allocate more. We're not out of them yet. I don't know where you live, but here in Europe it is absolutely forbidden to charge monthly fees for IP addresses. That is a clear violation of the RIPE rules.
Posted Jan 30, 2007 20:46 UTC (Tue)
by RobSeace (subscriber, #4435)
[Link]
Posted Jan 31, 2007 8:59 UTC (Wed)
by khim (subscriber, #9252)
[Link] (1 responses)
They just pack IP address and some other "service" together. For example they can (by default) filter 80th and 25th port (for "security") but if you want "your own sever" - sure they'll give you "free" IP address, open access to 80th and 25th ports for "measly" sum of $5 per month per IP. Something like that... And it's not done out of malice BTW. I've worked for small ISP at some point - they literally don't have enough public IP addresses. Yes, they can request them from RIPE (and they are doing it), but it's slow process and they need to somehow connect customers now. Hopefully IPv6 will solve this, but when ?
Posted Feb 1, 2007 17:28 UTC (Thu)
by job (guest, #670)
[Link]
That is not true, for several reasons. The ISP has a block of addresses to allocate from, and when it is getting close to fully allocated you get a new block to work from. You you really can't blame slow administrative procedures, it's pretty well thought out and as long as you do it properly you'll be ok.
Posted Jan 31, 2007 11:44 UTC (Wed)
by Los__D (guest, #15263)
[Link] (2 responses)
Posted Feb 1, 2007 17:45 UTC (Thu)
by job (guest, #670)
[Link] (1 responses)
Posted Feb 4, 2007 15:40 UTC (Sun)
by JohnNilsson (guest, #41242)
[Link]
I couldn't find it in this document:
Posted Jan 30, 2007 15:19 UTC (Tue)
by obi (guest, #5784)
[Link]
I'm behind a NAT implementation owned by a major carrier that presents a range of 65534 possible IP addresses, such that if I touch a web site more than once the logs show different IPs every time. There's probably more of them. ;-)Fedora's metrics have ripple effect (Linux.com)
It is easy to combine ip address with other identifiers based on installed HW components. It is probably very hard to identify with 100% precision, but this is not the aim of that effort.Fedora's metrics have ripple effect (Linux.com)
I have to ask: what's the point of such a weirdo NAT setup?? Typically, the point of using NAT is that you only have a single public IP available, and need to have several machines all use it for interacting with the Net at large... But, if you have a full class B of public globally-routable IPs available, why on Earth would you bother with NAT?? Why not just give every machine a real globally-routable IP? You know, the way the Internet is SUPPOSED to work!Fedora's metrics have ripple effect (Linux.com)
Fedora's metrics have ripple effect (Linux.com)
Ok, that makes a bit more sense... However, the original post made it sound like the NAT box itself was picking a new IP from a pool for every single new outgoing connection, rather than it simply being reassigned a new dynamic public IP every so often... I can understand the latter (though, I still despise it, as I do all NAT usage), but I just can't comprehend why anyone would do the former... So, maybe they did just mean a simple dynamic IP reassignment periodically, and just overexaggerated by saying that every time they hit a web site it would be a different IP... (Unless their ISP forces them to change their dynamic IP every few seconds, or something, which I doubt...)Fedora's metrics have ripple effect (Linux.com)
Isn't this exactly the service Relakks charge their customers for? Kind of a poor mans TOR.Fedora's metrics have ripple effect (Linux.com)
I read the commenter's setup as: "I'm using ADSL from a provider who forces me to change my single public IP address periodically from its /16 pool ..."Fedora's metrics have ripple effect (Linux.com)
Even that firewall thingy tends to become stupid: nowadays we reinventFedora's metrics have ripple effect (Linux.com)
protocols that try to do remote communication though HTTP, just because
it's the only port+protocol that's guaranteed to work behind your regular
corporate/home firewall. Why exactely can't we do all these through plain
TCP ?
Yeah, that's a problem of overly paranoid network admins and/or management who orders such things... I think it's stupid, as well... What's the point of having a Net connection at all, if you're going to willingly cut yourself off from 99+% of it, and only allow outgoing HTTP traffic (and, usually, that's filtered through some kind of censoring proxy, as well)? It just seems a complete waste... And, ultimately, pointless, because as you point out, anything can be tunnelled through HTTP, if you want to badly enough... It just makes for more annoying coding, and crappier protocols than are necessary for most things (since HTTP isn't the best designed protocol on the planet to start with, before even trying to layer other protocols on top of it)... So, basically, it accomplishes nothing other than to annoy users/workers, annoy network programmers, and result in suboptimal network protocols and bad code... Yet, somehow, these brain-damaged people insist on retaining it, apparently still under the delusion that it accomplishes something useful...Fedora's metrics have ripple effect (Linux.com)
My small network has one externally-visible static IP4, I use NAT, and I *like* it. The monthly bill from my ISP is less than for 10 static IP4. The "hurdle" imposed by NAT is a useful addition to my defenses against network intrusions and malware. The extra complexity and code required to tunnel other protocols over HTTP is a *benefit* to me. Many attackers fail to clear the hurdle of NAT, and/or leave a trail when trying. NAT also provides some pseudo-anonymity. Inexpensive, quiet, cool, small, simple, and readily-available consumer-grade hardware routers and switches and firewalls work just fine for my needs. [Of course I also employ software firewalls and other defenses on every device, etc.] Even when IP6 comes (and it will take some years), I will *still* use NAT for a few things.NAT is useful
- Your monthly bill has nothing to do with NAT.NAT is useful
- Your monthly bill has nothing to do with NAT.NAT is useful
Your ISP can of course try to charge you $5 per month for each extra IPv4 address they route to you, or $1 per month for every non-HTTP port you connect to, or $10 extra in months when you send email which uses non-ASCII characters, or any other crazy scheme they invent and figure out how to bill you for.IP addresses (was Re: NAT is useful)
i3839, have you ever wondered why extra IPv4 addresses are so expensive? Until my ISP offers IPv6 and everyone else starts using it, our only realistic solution is NAT. This is what it has to do with the monthly bill.NAT is useful
That's the only useful thing it does, that's what it's made for, so you can connect multiple hosts with only one IP address. I don't deny that it isn't useful right now.NAT is useful
Having a true IPv6 IP would make things _sooo_ much better.NAT is useful
Nothing personal, but see, you're precisely the kind of person I hate... ;-)NAT is useful
> network intrusions and malware.
> HTTP is a *benefit* to me.
> for a few things.
This is possibly a silly question, but aside from the load issues, what are the detriments of NAT?NAT is evil?
It's very harmful... It totally breaks the end-to-end nature of the Internet, and renders it impossible, or at least extremely difficult, to do what should be very simple things (eg: have end-users connect directly to one another, a la P2P)... It was a bad idea that only survived due to necessity (the shortage of IPv4 addresses), but now has sadly become so entrenched that SOME strange people actually seem to LIKE it, which saddens me greatly as a network programmer (because, I know these people are going to continue making my life harder for many years to come, when it doesn't NEED to be any more)... ;-/
NAT is evil?
Ahh, this explains much.NAT is evil?
In a word, yes.NAT is evil?
Exactly... A lot of places have LANs that are already setup this way, even in IPv4 world... All it requires is enough IP addresses for all of your LAN machines... (Which, admittedly, can be expensive, especially if you need a very large subnet...) In IPv6 world, hopefully everyone will have AT LEAST a full /64 subnet to themselves, so no worries unless you need more than 2^64 machines on your LAN... ;-) (Or, want to further subnet your machines into multiple LANs, which is why they're talking about just giving everyone /48s, which would be super-sweet... ;-) I suspect it'll end up being that "business-class" customers get the /48s, and home users get /64s, though... Which is probably just fine, anyway...)NAT is evil?
I confess, it's somewhat shocking to me to imagine that IPv6 would allow a private, solitary person to have 18 quintillion (or so) possible IP addresses, without risking global exhaustion! What would we DO with them all? I don't see myself putting every cell in my body on a LAN anytime soon.A /64 for each user?
I think you meant `a /96' when you said `a /32'.A /64 for each user?
Yes, yes, of course. Sorry. I always get my ordering mixed up with those numbers.A /64 for each user?
> What would we DO with them all?
A /64 for each user?
Outrageously huge describes it quite well.A /64 for each user?
routing a whole lot as well.
designed. I'm curious, what are your criticisms of it?
Oh, I was mostly just being snarky... ;-) For what it was designed for, I suppose it's not that bad... It's just when people are forced to use it for layering other stuff on top of that it wasn't designed for (simply so they can be sure it'll get through sites with draconian firewalls/proxies) that it shows its weaknesses as a general transport protocol... But, in all fairness, it wasn't designed to be one, so that's hardly its fault... There might be a few things I would change about HTTP, but most of them would probably involve making it a better general-use transport, which wasn't its original goal...A /64 for each user?
readNAT is evil?
http://www.ana.lcs.mit.edu/papers/PDF/NewArch_wp_v1.pdf
around page 7
NAT is useful
They probably get away with on some technicality, of not actually charging for the IPs themselves, but for providing subnet routing for them, or something... But, the fact remains that if you want a subnet of publically-routable IPs for your LAN, you basically have to buy "business-class" ISP service, at least here in the USA... (And, the larger the subnet you need, the more expsenive...) For home users, they usually just give you a single dynamic IP that can change periodically, and if you need more than one machine on your LAN, you have to use RFC-1918 private IPs and a NAT box...NAT is useful
NAT is useful
NAT is useful
I've worked for small ISP at some point - they literally don't have enough public IP addresses. Yes, they can request them from RIPE (and they are doing it), but it's slow process and they need to somehow connect customers now.
You should tell that to all Danish ISPs... :/NAT is useful
I try to. I usually tell all ISPs that has tried this on me about it. When you cite the relevant RIPE policy documents they tend to listen. I once got a small ISP to stop breaking the rules. You should, too. IP addresses simply has no monetary value, and you should not try to make them. A market for these made up items would completely stifle the technical progress in for example deploying v6.NAT is useful
Could you pleas point to the relevant secions?NAT is useful
http://www.ripe.net/ripe/docs/ipv4-policies.html
I agree. I kind of like Debian's popcon mechanism, where a random number gets generated on installation of popcon, and that's used as an identifier.Fedora's metrics have ripple effect (Linux.com)