Thinking out loud about IPv6, or why NAT won't save us

When I read news about IPv6, I get the impression that it all comes down to conclusions:

1. The only plus IPv6 - almost limitless address space;
2. There are few IP addresses, but since the majority do not need a white address, NAT will save us;
3. If you "squeeze" the IP-addresses of companies that have received large pools at the dawn of the Internet, then enough for another few years.

At the same time, a lot of important details are forgotten that spoil the picture.

About the problem of shortage of IP addresses

When the Internet was created, it seemed that 4 billion addresses would be enough for all in abundance. Now, the number of devices that want to network, has long passed for this number and each address is not enough.

The most interesting thing is that the IP architecture was developed taking into account the excess of addresses - routing follows address prefixes. Ideally, from an IP point of view, the networks should be in the form of a tree, each node of which has a prefix that includes all affiliated networks. Violation of this rule is punishable by adding additional entries to the routing table.
')
From this the following conclusions follow:

1. The more densely used the address space, the larger the routing tables and the cost of maintaining them;
2. You can only give IP addresses in batches;
3. Redistributing the address space is expensive, that is, taking away the IP addresses from snickering imperialists will not change the situation much.

Why NAT is not a panacea?

A very common opinion is that NAT will save us.

In order to deal with it, you need to understand how it works. The general principle is approximately as follows:

1. Each IP network connection corresponds to the combination: <client IP address>: <port on client> - <server IP address>: <server port>
2. The port on the client can be arbitrary, thanks to this NAT can replace the internal address of the client with its own and communicate on its own behalf.
   To do this, he needs to keep a sign with the corresponding:
   <Client IP address>: <port on client> - <server IP address>: <port on server>, <port on NAT>

This principle imposes the following restrictions:

1. The total number of connections from one external IP address to one network resource (combination <server IP address>: <port on server>) can be no more than the number of ports (for TCP and UDP it is 65535 - 4096 = 61439).
2. The server cannot be behind NAT if NAT knows nothing about it (on home routers, this problem is usually solved with the help of UPnP).
3. Protocols that do not have the concept of a port (for example, GRE) are identified in NAT only by <server IP address>, because of this, only one client can connect to the server using NAT for these protocols.
4. If a user behind a NAT is banned by IP, then everyone who is behind the same NAT will suffer.

The total number of connections from one external IP address to one network resource may not exceed the number of ports.

In an example, it looks like this:

1. Suppose for NAT sits 62,000 people;
2. All these users will try to open a window with the sites yandex.ru and vk.ru;
3. yandex.ru will open at all, as the name yandex.ru refers to 6 IP addresses;
4. vk.ru will open only for a part of users, since the name vk.ru refers to 1 IP address (there were not enough ports).

That is, we will get problems with some sites during peak periods.

In reality, the numbers will be significantly less optimistic, for the following reasons:

1. browsers usually open multiple connections to one site;
2. after the connection is closed, the port cannot be used for a while to connect to the same resource (this is especially true for UDP, where the fact of closing is absent).

At the same time, the list of resources that are massively used by users is not limited to sites. It also includes:

1. instant messengers (ICQ, Google Talk, etc.);
2. server with operating system updates, antiviruses, etc .;
3. online storage services (Google Android, Dropbox, Ubuntu one, etc.);
4. time server;
5. DNS server;
6. teredo server

From this the following conclusions follow:

1. NAT capacity is limited. NAT allows you to "push" the solution to the problem, but does not solve it.
2. Too many users behind NAT can lead to subtle problems.

Who needs a “white” IP address?

The opinion is very common that the common man does not need a white IP address, but this is not quite the case.
White IP address may need:

1. Those who need a VPN before work.
   In Microsoft Windows, the standard VPN implementation uses the GRE protocol, which has no port concept. Because of this, this protocol does not work well with NAT.
   OpenVPN, Cisco VPN do not suffer from this problem, but it is also more difficult for the user to configure them (they are not included in the Microsoft Windows package).
2. Those who need to use P2P connections.
   VoIP, Torrent and some other applications like to transfer data directly without an external server. NAT prevents the creation of a direct connection. It does this by tricky algorithms, the success of which depends on the type of NAT and the use of external servers.

That is, white IP is often vital for people who need to work from home. At the same time, it is not always possible to order the “white IP” service from the provider.

Also, the subnet of white IP addresses may be needed by organizations that provide support to other organizations via VPN: when several VPNs are used to different organizations, it becomes difficult to avoid intersection of the address space within their own and third-party organizations.

What kind of buns does IPv6 give, in addition to increasing the address space?

In addition to increasing the address space, IPv6 has a number of advantages, among them I would like to note:

1. Simplify routing.
   IP was originally designed taking into account the sparse address space.
2. Increase data transfer rate.
   In IPv4, the maximum TCP data transfer rate due to the size of the “window” is: 64Kbytes / <response time>
   That is, if the response time is 150 ms, then the data on a single TCP stream can be pumped at a speed of no more than 426 Kbytes / s.
   Usually this restriction is bypassed by transferring data over UDP or in several TCP streams. Because of this limit, countless programs have appeared for quick download from sites.
   In IPv6, there is no such hard limit.
3. Multicast.
   Now Internet radio stations are forced to broadcast to each user personally the same thing. Broadcasting with such a scheme even scary to imagine.
   In IPv6, you can send data to multiple subscribers at once.

Total

Personally, I suggest the following conclusions:

1. The moment when the IP addresses end at once does not come very soon, but this does not make it any easier;
2. The process of transition to IPv6 is going on at a snail's pace and acceleration is not expected until real problems begin with obtaining an IP address;
3. Due to the shortage of IP addresses, more and more users will push for NAT;
4. Users without IPv6 addresses behind NAT will experience unexpected problems when accessing various resources.