Thoughts aloud about IPv6, or why NAT won't save us
When I read news about IPv6, I get the impression that it all comes down to the conclusions:
At the same time, a lot of important details are forgotten, which greatly spoil the picture.
When the Internet was created, it seemed that 4 billion addresses were enough for everyone in abundance. Now, the number of devices that want to the network has long exceeded this number and each address is missing.
The most interesting thing is that the IP architecture was developed taking into account the excess of addresses - routing follows address prefixes. Ideally, from the point of view of IP, the networks should be in the form of a tree, each node of which has a prefix, including all subsidiary networks. Violation of this rule is punishable by adding additional entries to the routing table.
The following conclusions follow from this:
It is widely believed that NAT will save us.
In order to deal with it, you need to understand how it works. The general principle is approximately as follows:
This principle imposes the following limitations:
For example, it looks like this:
That is, we will receive problems with some sites during peak periods.
In reality, the numbers will be significantly less optimistic, for the following reasons:
Moreover, the list of resources that are massively used by users is not limited to sites. It also includes:
The following conclusions follow from this:
It is widely believed that a simple person does not need a white IP address, but this is not entirely true.
White IP address, you may need:
That is, a white IP is often vital for people who need to work from home. At the same time, it is not always possible to order the “white IP” service from the provider.
Also, organizations that provide support for other organizations via VPN may need subnets of white IP addresses: when several VPNs are used to different organizations, it becomes difficult to avoid the intersection of the address space within their own and third-party organizations.
In addition to increasing the address space, IPv6 has a number of advantages, among them I would like to note:
Personally, I have the following conclusions:
- The only plus of IPv6 is its virtually unlimited address space;
- IP addresses are few, but since most white addresses are not needed, NAT will save us;
- If you “squeeze” IP-addresses from companies that received large pools at the dawn of the Internet, then it will be enough for a few more years.
At the same time, a lot of important details are forgotten, which greatly spoil the picture.
About IP Lack
When the Internet was created, it seemed that 4 billion addresses were enough for everyone in abundance. Now, the number of devices that want to the network has long exceeded this number and each address is missing.
The most interesting thing is that the IP architecture was developed taking into account the excess of addresses - routing follows address prefixes. Ideally, from the point of view of IP, the networks should be in the form of a tree, each node of which has a prefix, including all subsidiary networks. Violation of this rule is punishable by adding additional entries to the routing table.
The following conclusions follow from this:
- The more tightly the address space is used, the larger the routing tables and the costs of maintaining them;
- Issuing IP addresses is possible only in batches;
- Redistributing the address space is expensive, that is, taking away IP addresses from snickering imperialists will not change the situation much.
Why is NAT not a panacea?
It is widely believed that NAT will save us.
In order to deal with it, you need to understand how it works. The general principle is approximately as follows:
- Each IP network connection has a combination of:
: <port on client> - : <port on server> - The port on the client can be arbitrary, thanks to this NAT can replace the internal address of the client with its own and communicate on its behalf.
To do this, he needs to store a plate with the correspondence:: <port on client> - : <port on server>, <port on NAT>
This principle imposes the following limitations:
- The total number of connections from one external IP address to one network resource (combination
: <port on the server>) there can be no more than the number of ports (for TCP and UDP it is 65535 - 4096 = 61439). - The server cannot be behind NAT if NAT does not know anything about it (on home routers this problem is usually solved using UPnP).
- Protocols that do not have a port concept (e.g. GRE) are identified in NAT only by
, because of this, behind NAT through these protocols only one client can connect to the server. - If the user behind the NAT is banned by IP, then everyone who is behind the same NAT suffers.
The total number of connections from one external IP address to one network resource can be no more than the number of ports
For example, it looks like this:
- Let's say 62,000 people are sitting behind a NAT;
- All these users will try to open a window with the sites yandex.ru and vk.ru;
- yandex.ru will open for everyone, since the name yandex.ru refers to 6 IP addresses;
- vk.ru will open only for some users, since the name vk.ru refers to 1 IP address (there were not enough ports).
That is, we will receive problems with some sites during peak periods.
In reality, the numbers will be significantly less optimistic, for the following reasons:
- browsers usually open multiple connections on one site;
- after the connection is closed, the port cannot be used for some time to connect to the same resource (this is especially true for UDP, where there is no closing fact).
Moreover, the list of resources that are massively used by users is not limited to sites. It also includes:
- instant messengers (ICQ, Google Talk, etc.);
- server with updating the operating system, antiviruses, etc .;
- online storage services (Google Android, Dropbox, Ubuntu one, etc.);
- time server;
- DNS server
- teredo server.
The following conclusions follow from this:
- NAT capacity is limited. NAT allows you to "push" the solution to a problem, but does not solve it.
- Too many users behind a NAT can lead to subtle problems.
Who needs a “white” IP address?
It is widely believed that a simple person does not need a white IP address, but this is not entirely true.
White IP address, you may need:
- For those who need a VPN before work.
In Microsoft Windows, the standard VPN implementation uses the GRE protocol, which has no concept of a port. Because of this, with NAT, this protocol does not work well.
OpenVPN, Cisco VPN do not suffer from this problem, but it’s more difficult for the user to configure them (they are not included in the Microsoft Windows bundle). - Those who need to use P2P connections.
VoIP, Torrent and some other applications like to transfer data directly without the participation of an external server. NAT prevents the creation of a direct connection. This is bypassed by cunning algorithms, the success of which depends on the type of NAT and the use of external servers.
That is, a white IP is often vital for people who need to work from home. At the same time, it is not always possible to order the “white IP” service from the provider.
Also, organizations that provide support for other organizations via VPN may need subnets of white IP addresses: when several VPNs are used to different organizations, it becomes difficult to avoid the intersection of the address space within their own and third-party organizations.
What kind of goodies does IPv6 provide besides increasing address space?
In addition to increasing the address space, IPv6 has a number of advantages, among them I would like to note:
- Simplification of routing.
IP was originally designed for sparse address space. - Increased data transfer rate.
In IPv4, the maximum data transfer rate over TCP due to the size of the "window" is: 64KB / <response time>
That is, if the response time is 150 ms, then data on one TCP stream can be pumped at a speed of no more than 426 KB / s .
Typically, this limitation is bypassed by transmitting data over UDP or to multiple TCP streams. It is because of this limit that countless programs for quick download from sites have appeared.
IPv6 has no such strict restriction. - Multicast.
Now Internet radio stations are forced to broadcast each user personally the same thing. On-air broadcasting with such a scheme is even scary to imagine.
In IPv6, you can send data to multiple subscribers at once.
Total
Personally, I have the following conclusions:
- The moment when the IP addresses run out at once will come very soon, but this is not easier;
- The process of transition to IPv6 is at a terrible pace and acceleration is not expected until real problems with obtaining an IP address begin;
- Due to the lack of IP addresses, more and more users will push over NAT;
- Users without IPv6 addresses behind the NAT th will begin to experience unexpected problems when accessing various resources.