making better use of ipv4 space

As of 2023, many ISPs still do not offer ipv6. 

Geektards' naming of ipv4 addresses as "legacy" is aspirational, not factual.

No ISP in Guernsey offers ipv6.

Static ip addresses with an ordinary internet connection only cost around 5 GBP(2023) extra, except for the Guernsey vodafone, which quoted me many times that.  For those reading from the future, this is around the price of a nice coffee.

Twenty years ago, you could get a /24 from techie ISPs like aaisp or zen, for next to peanuts.  The addresses are scarce, but could better use be made of them?  

Assumed here is that one wants the internet to be end-to-end, as originally designed, and thus be able to run services from, connect in to, the site with the internet connection.

Let's take as a reference point the fact that one can't really run more than one HTTPS web site from a single static ip at the moment.  There are some ways, like a proxy with all the keys, and possibly some horrific pre-starttls item, and by having explicit port numbers in URLs, and not using https because it's pretend and silly, but these are not really "ways".

Let's note that ISP-supplied routers tend to do port-forwarding, of both TCP and UDP, configurable via whatever web interface comes with the router.

The simplest idea is to have a new set of application-level protocols which are defined as using SRV records instead of A records.  An A record has an address, and the port number is implicit.  An SRV record has an address and port (and a bit more).  So each of the 65k ports on the ip address could be used for a different service, without having port numbers in the services' URLs.  Pragmatically, for small setups, each service could be configured with a TCP port forward set up on the router.

Some protocols already have this (example: IMAP).  Others don't.  Examples: HTTP, HTTPS.  HTTP(S) is not going to be changed.  I suspect a decent transition could be designed, but it's not happening.  This doesn't matter, because HTTP(S) has no value, and may have negative value.  As a tangent, the objections tend to be things like: well both would have to still work, and we can't add any delay to web clients.  Well, both could be queried in parallel, and an A record could be defined as equivalent to an SRV record with port 443, at a set priority and weight, for this protocol.  Clients would have to support SRV records before SRV-only web sites would work, and this is strictly bad because it imposes a new requirement on user-agents.  But in the case of the web, where real clients are limited to massive proprietary and quasi-proprietary hairballs implementing the very latest JS and other fashions, I don't see why anyone would care.  Ending the tangent, it's probably better to just replace the web.

The second idea is to have something with more addresses / networks that runs easily over the current internet.  Probably something like this has been tried.  The port number in UDP/ipv4 could be commandeered as an extra 16 bits of address, with the invention of some related protocols.  Since the customer-connection routers already support UDP port forwarding, if it's done in the right way, it could run over existing connections and equipment.  Equipment explicitly supporting the new protocol(s) might be able to do more granular routing, instead of just 65k further networks effectively routed internally via a form of udp encapsulation.  The exact number of extra bits after the old port number to also commandeer for extra address space is a tradeoff, because of eating into packet sizes and MTUs, which matters.  Hopefully the high-level design is reasonably obvious, even if I haven't spelled things out.

The third idea is connection-broker hack like that described in Could a TCP "connection broker" set up a direct connection between two NATed endpoints? [0].  The idea is that a station "fully on the internet" might be able to fake tcp handshakes so that two stations not fully on the internet can then talk directly to each other.  Or perhaps so that a client can "connect in" to something behind NAT, without port forwarding, again utilising the connection-tracking of near-edge router(s) doing the NAT.  This might be equivalent.  Might also be possible for particular UDP protocols.  Hacky, and don't know if such things are possible, but it would be fun to try.


Comments

Post a Comment

Popular posts from this blog

the persistent idiocy of "privileged ports" on Unix

TCP and UDP have ports.  These are 16 bit; there are 65535 or so per IP address. These protocols don't care to differentiate between the ports.  Elsewhere, IANA presumes to operate a process to allocate "well-known" ports in the range 1-1023, "registered ports" in the range 1024-49151, and to reserve the remainder, 49152–65535, for "ephemeral" ports.  The caller end has to have a port, which is how replies get back within the virtual connection, and these are conventionally picked from the ephemeral range by the OS's networking stack. The whole idea of ports is ridiculous, because it allows ISPs to arse around presuming to decide which services they will "not allow".  Anything that allows IPSs to do anything other than shift opaque packets will allow ISPs to meddle and break things, and due to the Law of Meddling, if they can, they will.  I am currently working around an issue with Claro, a pretend ISP, blocking port 5060, allocated to SI
Read more

google is giving more and more 500 errors

Image
Total state capture and moral bankruptcy are not the only problems facing Google.  They are also giving an increasing rate of 500 Internal Server errors.  This is the sort that means they've messed up, but not in a way that they should have messed up.  On the other hand, they have drawn a lovely picture of a robot falling apart. Today's example is from Google Calendar under calendar.google.com.  I was trying to make an appointment, and now I'm doing this. I remember, in 2018, a friend trying to convince me that 500 Internal Server Errors no longer happened, or if they did it was my fault, and that they hadn't seen any for years, and some other things.  They assured me that they would love to see screenshots of such a rare specimen, which I bored them with for a while.  That friend happens to be a Google employee. Well, there are plenty of others posting about Google Calendar on twitter today, including screenshots of 500 Internal Server errors, so I doubt this one is en
Read more

Guernsey Waste in incorrect bag-rejection horror May 6th, 2024

Image
The rubbish collection folk at my new place seem pickier than at other places on Guernsey. Last week, they removed some card packaging that I'd included in the card and paper (plastic) clear bag, and left it on the lane.  This week, they have attached a rejection label entitled "Polite Notice".  Just like modern software-engineered error messages (see attached tag "extremely_general_error_handling"), this does not give a specific reason why the bag was rejected, but instead lists miscellaneous possible "reasons", leaving the victim guessing, or perhaps trying to follow a process of elimination. In this case, some possible reasons, which the label does not claim to be exhaustive ("was most likely because ..."), and of which none apply, are: (i) "did not have the required payment sticker" -- no, I applied to 90 litre sticker; or  (ii) (a) "too heavy" -- no, I estimate it was 3kg, and I easily supported the bag's weight o
Read more