Sunday, June 29, 2003

Home Wireless Fixed and NAT Update.

My home wireless network is now working.  I am posting this blog item from it.  The problem appeared to be some sort of NAT related thing so I went through the two week exercise of getting static addresses.  As soon as I got the static addresses configured, I tried the wireless to see what would happen.  It acted the same way.  Having static addresses ruled out a bunch of possible things that could be wrong. All that was left was looking at bits.  What I found was that Linksys 1.010 firmware would at random points in the TCP session flip a bit in the source-port or flag field and recompute the checksum.  That seems like pretty strange behavior for a device that claims to be a hub.  So the problem was not the NAT on the DSL modem, but a NAT-link feature or bug on Linksys.  Firmware 1.01c behaves like a regular hub and I can use it to post this blog.


7:35:26 PM    

No IPV4 Shortage?

The discussion between proponents of IPV4 and IPV6 continues.  This article discusses the idea that IPV4 is fine for the next 20 years and references other discussions of the topic.  It also includes references to articles that make the case that IPV6 is needed now.  Currently allocation policies only chew up 4 class A’s per year and we have 100 class A size blocks left. 

On the other hand 3G cell phone will have most phones using an IP address most of the time with 1 billion predicted users.  So just that one application can use up 60% of the remaining address space.  This also assumes one address per person.  My cell phone and my laptop with a 3G card will both need an address and might communicate.  Maybe my PDA will need one too. 

In one sense they both are right; we can stretch the IPV4 address space for a long time, but there are costs to the strategies that stretch address space.  Strategies like NAT take time to develop, manage and debug.  NAT makes some applications work, some applications not work, and other applications work in a different way.

For me, changing the way internet applications work to “fix” the IPV4 address shortage is the main issue.  If the 3G providers want to force customers to connect to other customers through a server, that is fine.  If the only reason they are implementing servers is because they can’t get enough addresses to do what they really want to do then I hope they provide an IPV6 alternative.

What I see happening is that the internet is being divided into separate groups.  A few years ago I was working for a company that restricted internet access to whatever you could get via a proxy server.  I like to think of people connected in this way as third class internet citizens.  My definition of how to implement third level service is to use application gateways or implement firewall policies that start out by blocking everything and then make it difficult or impossible to add useful services.  I would like to point out that when you let anything go into or out of the internet, some smart person will find a way to get viruses, worms and even file sharing into your network.

At the same time that my work offered third class service, I bought a new service call DSL that offered first class service.  A real address albeit not the same one each time, with no blocking or filtering applied.  This let me do things like play Age of Empires on two home machines connected to the Gaming Zone server.  Very cool. It didn’t let me do DNS on my real address without some fancy goofing around.  I could not have my own DNS or email server.  Still and all it was much better.  If some new internet thing is developed, I could try it out.   Firewall service is up to me which makes my life much easier.

A little later, my ISP decided to do a mandatory downgrade to my service and move me into the realm of second class internet citizenry.  I got NAT’ed.  This immediately broke my Gaming Zone fun.  About a year later somebody figured out how to make a single machine on your LAN not do port overloading.  This allowed me to play with a single home machine.  NAT is a very nasty idea.  It changes basic assumptions about how TCP works.  The thing I most object to with NAT is that in most implementations it is difficult to quickly determine if it is causing problems.  If I suspect that a firewall is breaking something I can quickly turn it off and see if the problem is fixed. 

Turning off NAT is neither simple nor quick.  To turn off NAT for my home DSL line, I needed to cancel service with my ISP, wait a week for them to process their order, order a new DSL line, wait a week for it to be installed, and order service from another DSL provider that offers static addresses. Most of the costs of NAT are hidden and only revealed when you least want to pay them.

At work, one of our schools found out that in order to do the out-of-state video call they wanted to make, they would need to switch from their private supposedly NATable addresses to real addresses.  Two network engineers spent two days finding all of the hidden dependencies between the two sites that needed to be tweaked before the real addresses could be made to work.

But I digress.  Solutions like NAT were temporary solutions to make the IPV4 address space last until the internet community could develop a plan with enough addresses.  NAT raises the bar for developing a new internet application.  Take Internet Messaging for example.  The only practical way to implement it now is to put an application on each machine that connects to a central server.   When that server is down your internet messaging is down.  This is a regular occurrence at work.  It is even more baffling when it affects some machines regularly and leaves others untouched.  If the majority of the internet community are first class citizens, somebody would design an IM system what is more resilient, more platform independent and gave more control to the users.  Right now as a Microsoft IM user, I am getting system broadcasts with sales messages which I think are connected to my IM installation.  I will need to spend time tracking this down, evaluation possible solutions and implementing something.  One solution I have rejected out of hand is the ad delivered by a system broadcast message offering a system broadcast blocker for a mere $39.95.  I have not found the place to turn off these messages in my IM client yet.

My vote is for a system like IPV6 that allows everybody to be a first class internet citizen.


10:31:05 AM    


© Copyright 2003 Allen Cole .
Last update: 6/30/2003; 3:28:36 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Allen Cole's Radio Weblog" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.