@foobarbuzz you seem to extrapolate your own situation on the whole world. Let's just finish it at this: there are various reasons, for some they may be valid, for some they may be not relevant. I'm seriously not willing to preach the IPv6 religion - but rather the pragmatic approach.
And I assert that in some scenarios IPv6 makes sense. In other scenarios, it does not make the sense right now.
Let's accept there is more than one answer. The world's more complex than we'd like it to be.
Address changes are much less frequent (normally) than TCP/UDP port changes.
Anyway, the circumstances are always different - and I don't think it's worth our time to try to argue either end as The Only Right one. So I think we can agree to disagree on some things.
@foobarbuzz I still have the same IPv4 for 18 days and it is likely to not change anytime soon.
Logging is not the challenge. In fact, even IPv6 will have very similar logging load because IPv6 will is still dynamically leased (due to easier management with dynamic leasing).
Logging was/is never a "sane" reason to switch to IPv6. This is bullshit.
You can ignore history (bullshit in the past decade), but the future will show you that something is badly fucked up.
- addressing: if you get to design the network. Think M&A.
- NAT scalable: think logging. Talk to your friendly SP with a few million subscribers.
As for NAT-compatible apps: sure. The root of the problem is the locator/id overloading for address. But this is even more holy matter than the NAT thing, I feel :)
@foobarbuzz that's not really heavy if you have sane translation timeouts. It doesn't happen frequently.
Plus, if a SP has millions of subscribers, then the actual "load" is not the NAT logs, but rather the bandwidth.
Trust me, you will hit other bottlenicks before you hit the loggin thing.
Plus, IPv6 also does the logging whenever a customer is assigned an IP address via (say) PPP/DHCP. They also do logging whenever a customer is Up/Down.
@securezone This is not scaring. Any mature network architect should be very aware of the reality of this problem and the impending exhaustion of IPv4 address space. NAT seems cool only because it was clever at first, but it only hides or delays the real problem with using it with RFC address space. Some simple maths proves you cannot connect with multiple networks which all use RFC IP addresses unless you have public address space equal to the sum of all the hidden networks...
@skeetabomb any networking asshole should also know that IPv6 is also "delaying" the problem. It is just that IPv6 delays is "more" than IPv4..
Reality shows, we aren't gonna need IPv6's massive space anytime soon. Guess what?companies release many of their IPv4 addresses during tough economic times. There is an extremely high chance that we will still be happy for 10+ yrs
Plus, WTF is "RFC IP address". Spit the RFC number. I take no bullshit.
@skeetabomb call me "immature", but at least I get my job done at minimal cost.
you can fancy yourself as a "mature" being, and continue to drag your employer to pay money to upgrade application + networking + supports contractors.
I won't blame you. I blame your employer.
The only exception is if you are a fucking "SALES" man of a technical firm.
@securezone Ignoring ur language 4 a mo, say you're a Service Provider. U have 30 v.large (global) cust's, all use 10.x.x.x IP space. All have an approach to address allocation breaking the globe into 4 (e.g.) regions. They all say "we'll never use 16.7M IPs" so they allocate ClassB ranges to each site, allowing for growth (sound fair?). Now I've a prob: they all use IPs across all 10/8, I must 'sticky' NAT all hosts, all NAT GWs have session, memory or NAT object ID limits. Ur solution is?
* A branch doesn't need a complete 10/8. Dumb. Hint: address heirarchy. E.g. you can have 256 branches, with each branch using 10.x/16 range internally. That's fucking enough.
* If you need more than 10.x/16 for a branch, then you can assign that branch multiple 10.x/16 ranges. However, if you have 256 branches already (extremely unrealistic), then you can use a 2nd-level NAT. It works. No need to upgrade the whole network.
@securezone It was immature and proud of me to call you 'immature'. I apologise for that. I count myself quite immature in some areas I consider more important . That said, there is still a problem. I admire your faith in the large corporates doing the 'right' thing and giving back un-used addressing. I don't think it wise to expect that, however. I agree, they ought to. I am geniunely interested to know if you have a solution, though.
@securezone ...so there is actually no saving of IP address space at all, UNLESS all your applications are fully TCP/IP aware & can policy route internally on the server (map processes to sockets & choose IPs), which is counter to 1 of the original design goals - to abstract the routing function from the application. Poorly written apps embed IPs within the packet payload & require a relationship between the IPs in the payload & the IPs in the packet header.
@skeetabomb using IPv6 to continue using legacy bad-wrtitten networking applications is crap ass fucker joke.
Fix the badly wirtten applications. Hell, even applications such as SIP are modified to be NAT-friendly.
IPSec has NAT Travelsal to be NAT friendly.
If you want to "UPGRADE" your network and software stack to IPv6 in order to use LEGACY CRAP-PROTOCOL then you are an assfuck with a pair of sneekers with lights on them.
Hell, why not just upgrade the software to NAT friendly?
natsgood? weird video should publish the transscript
apoc4223 2 months ago
I will buy IPv6 if it has NAT, NAT is GOOD ! :-))))
fredbovy 6 months ago
@foobarbuzz you seem to extrapolate your own situation on the whole world. Let's just finish it at this: there are various reasons, for some they may be valid, for some they may be not relevant. I'm seriously not willing to preach the IPv6 religion - but rather the pragmatic approach.
And I assert that in some scenarios IPv6 makes sense. In other scenarios, it does not make the sense right now.
Let's accept there is more than one answer. The world's more complex than we'd like it to be.
foobarbuzz 6 months ago
@securezone
Address changes are much less frequent (normally) than TCP/UDP port changes.
Anyway, the circumstances are always different - and I don't think it's worth our time to try to argue either end as The Only Right one. So I think we can agree to disagree on some things.
foobarbuzz 6 months ago
@foobarbuzz I still have the same IPv4 for 18 days and it is likely to not change anytime soon.
Logging is not the challenge. In fact, even IPv6 will have very similar logging load because IPv6 will is still dynamically leased (due to easier management with dynamic leasing).
Logging was/is never a "sane" reason to switch to IPv6. This is bullshit.
You can ignore history (bullshit in the past decade), but the future will show you that something is badly fucked up.
securezone 6 months ago
@securezone
- addressing: if you get to design the network. Think M&A.
- NAT scalable: think logging. Talk to your friendly SP with a few million subscribers.
As for NAT-compatible apps: sure. The root of the problem is the locator/id overloading for address. But this is even more holy matter than the NAT thing, I feel :)
foobarbuzz 6 months ago
@foobarbuzz that's not really heavy if you have sane translation timeouts. It doesn't happen frequently.
Plus, if a SP has millions of subscribers, then the actual "load" is not the NAT logs, but rather the bandwidth.
Trust me, you will hit other bottlenicks before you hit the loggin thing.
Plus, IPv6 also does the logging whenever a customer is assigned an IP address via (say) PPP/DHCP. They also do logging whenever a customer is Up/Down.
securezone 6 months ago
bl8dy awesome!!! LOL...I need this :-)
Thanks for the effort, Dude. Good sales job.
skeetabomb 6 months ago
@securezone: I do not attempt to take sides in this scenario. As I write in the description - the time will show.
As for your comment overall: I agree with every odd statement in it.
foobarbuzz 6 months ago
scaring people about IPv4 is like scaring people about global warming.
we still have plenty of IPv4. NAT is cool. We will live at least one more hundred year without needing IPv6.
securezone 6 months ago
@securezone This is not scaring. Any mature network architect should be very aware of the reality of this problem and the impending exhaustion of IPv4 address space. NAT seems cool only because it was clever at first, but it only hides or delays the real problem with using it with RFC address space. Some simple maths proves you cannot connect with multiple networks which all use RFC IP addresses unless you have public address space equal to the sum of all the hidden networks...
skeetabomb 6 months ago
@skeetabomb any networking asshole should also know that IPv6 is also "delaying" the problem. It is just that IPv6 delays is "more" than IPv4..
Reality shows, we aren't gonna need IPv6's massive space anytime soon. Guess what?companies release many of their IPv4 addresses during tough economic times. There is an extremely high chance that we will still be happy for 10+ yrs
Plus, WTF is "RFC IP address". Spit the RFC number. I take no bullshit.
securezone 6 months ago
@securezone Clearly you are immature in character as well as understanding...I feel sorry for you, dude. I hope you find some light soon.
skeetabomb 6 months ago
@skeetabomb call me "immature", but at least I get my job done at minimal cost.
you can fancy yourself as a "mature" being, and continue to drag your employer to pay money to upgrade application + networking + supports contractors.
I won't blame you. I blame your employer.
The only exception is if you are a fucking "SALES" man of a technical firm.
Kiss my ass. I won't buy your shit.
securezone 6 months ago
@securezone Ignoring ur language 4 a mo, say you're a Service Provider. U have 30 v.large (global) cust's, all use 10.x.x.x IP space. All have an approach to address allocation breaking the globe into 4 (e.g.) regions. They all say "we'll never use 16.7M IPs" so they allocate ClassB ranges to each site, allowing for growth (sound fair?). Now I've a prob: they all use IPs across all 10/8, I must 'sticky' NAT all hosts, all NAT GWs have session, memory or NAT object ID limits. Ur solution is?
skeetabomb 6 months ago
@skeetabomb
* A branch doesn't need a complete 10/8. Dumb. Hint: address heirarchy. E.g. you can have 256 branches, with each branch using 10.x/16 range internally. That's fucking enough.
* If you need more than 10.x/16 for a branch, then you can assign that branch multiple 10.x/16 ranges. However, if you have 256 branches already (extremely unrealistic), then you can use a 2nd-level NAT. It works. No need to upgrade the whole network.
* NAT is scalable. no worries on memory.
securezone 6 months ago
@securezone It was immature and proud of me to call you 'immature'. I apologise for that. I count myself quite immature in some areas I consider more important . That said, there is still a problem. I admire your faith in the large corporates doing the 'right' thing and giving back un-used addressing. I don't think it wise to expect that, however. I agree, they ought to. I am geniunely interested to know if you have a solution, though.
skeetabomb 6 months ago
@securezone ...so there is actually no saving of IP address space at all, UNLESS all your applications are fully TCP/IP aware & can policy route internally on the server (map processes to sockets & choose IPs), which is counter to 1 of the original design goals - to abstract the routing function from the application. Poorly written apps embed IPs within the packet payload & require a relationship between the IPs in the payload & the IPs in the packet header.
skeetabomb 6 months ago
@skeetabomb using IPv6 to continue using legacy bad-wrtitten networking applications is crap ass fucker joke.
Fix the badly wirtten applications. Hell, even applications such as SIP are modified to be NAT-friendly.
IPSec has NAT Travelsal to be NAT friendly.
If you want to "UPGRADE" your network and software stack to IPv6 in order to use LEGACY CRAP-PROTOCOL then you are an assfuck with a pair of sneekers with lights on them.
Hell, why not just upgrade the software to NAT friendly?
securezone 6 months ago
Nat is not security, i use forward chain for filtering. :)
dt9394 8 months ago
@dt9394 absolutely :-)
foobarbuzz 8 months ago
i <3 NAT
lül
thegolum 11 months ago
NAT is great :))
SimeoNeO 1 year ago
This has been flagged as spam show
hahaha this is amazing.
SlaveExplosion 1 year ago