Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 23, 2013
An "enum" for Python 3
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
IPv6 on these little boxes in people's homes
Posted Dec 8, 2011 2:29 UTC (Thu) by tialaramex (subscriber, #21167)
The first is "Well, Cisco do it". Yes, and so do several other high-end switch/ router vendors. But they sell into the enterprise, where the guy installing the CPE knows what DHCP is and whether they want to enable NAT, not into homes where you need a diagram just to explain how to switch it on. Most importantly, they charge a LOT of money for these products.
The second is "This device requires you to plug it into an existing router". Ignoring for a moment the reality that this means you're not really doing native IPv6 but some kind of tunnelling (and so you will probably pay in terms of reliability and performance) it means an extra box per customer. That breaks the economics for the ISP. It's viable for a few fanatics, but it isn't a way to get millions of ordinary households
[ Digital broadcast TV is a useful comparison here. It was _possible_ to build boxes that turn a digital TV multiplex into an old-school PAL-encoded analogue signal to feed into a pre-SCART era television, and in fact such boxes were deployed where needed. But for the vast majority of people the digital TV upgrade happened when they purchased a new, better television which had the local DTV standard baked in ]
The only ISP in my country that actually has ordinary household IPv6 customers right now, so far as I can tell, has despaired about finding a way to deliver CPE without these tricks. Some of their customers can afford to buy an actual Cisco DSL device, and others are happy to burn custom firmware or run some unsupported beta, but to roll it out to the rest of their customers, as they'd like to do, they need a real solution, one that works, is properly supported, and is available (not "in beta") at non-luxury prices and they haven't found one. Right now (as-in, since November) they're experimenting with Technicolor, but this is only the latest in a series of experiments, and most of the previous ones were abandoned, because a manufacturer says "How hard can it be?" and promises to support a test rollout then they discover the answer is "Actually it's not as easy as we thought" and that's it. Hardware vendors are really bad at software.
Of course it will all fix itself somehow, just don't believe the people who say it's going to be painless.
Posted Dec 8, 2011 5:52 UTC (Thu) by mtaht (✭ supporter ✭, #11087)
I like to think we've identified a few more areas in IPv6 that need serious work.
Upselling to NAT
Posted Dec 8, 2011 18:59 UTC (Thu) by dmarti (subscriber, #11625)
As a big ISP, you could re-brand the change as an upgrade to "Family Friendly" or "High-Security Firewalled" service. Start out offering it as a paid upgrade, then make it "free for a limited time", then the default for new users. If it breaks some network service, just say that the other end doesn't like Families or Security.
This is so much easier than IPv6 that I don't see why the ISPs won't do this instead. (In Karachi, Pakistan, an ISP will sell you 100Mbps Ethernet to your neighbors, decent backhaul, and NAT for $8/mo. This works fine for Skype, Facebook, and YouTube.)
Posted Dec 8, 2011 22:13 UTC (Thu) by drag (subscriber, #31333)
They don't upsell, they just don't talk about it. They just do it. Then performance and reliability drops somewhat and irritates the people that depend on certain VPN software or VoIP for their work or whatever.
The problem ISPs now face is not enough public IPs for their customers, but not enough private IPs for their networks. When your a company like Comcast and you are forced to use multiple duplicate 10.0.0.0/8 networks you know you are running into some serious addressing limitations.
What we have going on right now is that ISPs are doing things like tunneling IPv4 over IPv4 in order to provide the network infrastructure necessary to deliver public addresses to customers. If you are going to give private addresses you are going to have to do some really crazy stuff like combination of tunning NAT connections some multiple NAT'd networks to get the TCP connections to customers. Tunneling IPv4 over IPv4 over Ipv4 type stuff.
On top of this NAT is not some sort of panacea that is going to buy you a lot of time.
The number of ports you have is limited to 16 bits minus whatever needs to be reserved. Each connection on a NAT router takes a port. So I'm guesstimating that leaves you about 30,000 useful TCP connections per public IP address. I am sure that things start to break down before that. Just doing a simple google about "linux" and clicking on a wikipedia link I get about 20 TCP connections started. So for every public facing IP address you can serve 1000-1500 active customers. And this is not really something you can ramp up for peak usage or anything.. it's a hard limit. Once customers start banging against connection number limits then things are going to suck for them.
What is going to happen, what I am guessing is happening is this:
ISPs are going to switch their networks entirely over to IPv6. They will be tunneling IPv4 over IPv6 to their customers. I expect that the larger ISPs are already well on their way. Once the roll out of the migration from IPv6 to IPv4 is complete then they will start fazing out support for DOCSIS 2.x modems and whatever the equivalent for DSL is. The newer 3.0 modems have IPv6 built in as a requirement for the protocol. Then they will require customers to purchase new routers. These things are probably going be pure IPv6 with a single IPv4 address mapped to it that tunnels over the IPv6 network.
'Computer Appliances' will start requiring IPv6 for various things. They won't really be advertising it as such they will just say things like ISP compatibility and DOCSIS requirements and such. It'll be a headache, but it will need to be done. They will require the higher performance that needs the newer level 1 protocols anyways. Blueray players, 'Smart' Televisions, IP-based cable boxes, PS3/XBox/etc, that sort of thing.
One thing that is important to keep in mind is that you don't really need IPv6 support on your 'home NAT router' to have IPv6 support in your appliances and in your OS. Any modern system can have full IPv6 internet access very easily on any "IPv4-only" NAT network. Full stack access. No firewalls, no port limitations, nothing. 100% unfiltered access right through any common NAT firewall. I think things like PS3 support this already. Microsoft already uses it for Windows 7.. it's requirement now for file sharing to work properly nowadays. Linux it's a bit more of a headache, but it's slowly catching up to Microsoft.
So it's not really necessary for customers to upgrade their home routers, but it will make things better.
While all this is happening it will slowly start to dawn on businesses in the USA that they will not be able to do business in certain parts of the world unless they have some sort of IPv6 connectivity support. Especially with China.
As IPv6 gradually moves to mainstream it will free up more and more IPv4 addresses to extend the useful life of that protocol.
Posted Dec 8, 2011 22:26 UTC (Thu) by dlang (✭ supporter ✭, #313)
actually, a connection is the set
source IP, source port, destination IP, destination port
so you can re-use the same source IP and source port if you have a different destination IP and/or destination port.
the OS doesn't re-use the source port by default, but it could. so there is really no long-term reason for the NAT boxes to run out of the ability to handle connections.
Posted Dec 9, 2011 16:39 UTC (Fri) by ncm (subscriber, #165)
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds