« April 2003 | Main | June 2003 »
May 29, 2003
What NATs Break: NAT=bad, Part 2
Things NATs break
Global addressibility
Global uniqueness
Persistence of host-to-address binding
Address structure
Deployability of new applications
Reliability
Scalability
Private address spaces and VPNs
These apply also to a future topic: Things IPv4-to-IPv6 gateways break.
Previous in this series: Problems with NAT, IP Address Thunking: NAT=bad, Part 1
Posted by pete at 1:09 PM
May 28, 2003
Makes me appreciate my day job
By my calculations, I've hauled out over 3 TONS of rocks that I've manually sifted (with my wife) out of our garden over the last 2 weeks. It's a good work-out, but sure makes me appreciate my (sedentary) day job.
Mike still has me beat, though.
Posted by pete at 10:30 AM
May 25, 2003
Humbled by Google
It was my 15 minutes of fame I guess, being the #1 entry for "network engineer" on Google. Checked today, I'm not on the list anymore.
I wonder if it's because I bragged about it. Google is the all-seeing eye of the Internet. Someone found out and took me off.
My 15 minutes of fame
Humbled again
So, my new strategy is to take out the competition: find all the other results for "network engineer" and brag about each of them as if I had manipulated Google to get those positions.
Update: Read on Jeremy's blog that my Google experience is becoming more common for bloggers. Still today, I get my entry as #1 about half the time.
Posted by pete at 2:58 PM | Comments (4)
May 24, 2003
Amazing Race, back
While I spent the day in hard manual labor (manually sifting rocks out of a huge back-yard garden), I heard that Amazing Race 4 starts next week. I saw parts of the last Amazing Race, and really enjoyed it. Time to set the Tivo season pass.
Posted by pete at 9:51 PM
Google, do my bidding
A few months ago I started fiddling around with making Google rank me where I want to be ranked (at the top, suprisingly). I wouldn't say it's very sophisticated, but it's fun to see what I can do to make Google do what I want.
It wasn't hard to get "Pete Kruckenberg" to hit my site. It wasn't hard to get "Kruckenberg" and "Kruckenberg Family" to go to my family site. So I took on some tougher tasks.
Some I've succeeded on, others I can't figure out why my Google-nipulation hasn't worked yet.
I discovered the most interesting result tonight, one that I had thought wasn't working the last time I looked a few weeks ago. A search for "network engineer" now lists my resume as the first result. I have no idea why this worked and the others didn't (maybe not so many links referencing network engineers). But, it worked, who cares why.
Related previous entry.
Posted by pete at 12:32 AM
May 22, 2003
Ready for NANOG
This week and next are the culmination of my most high-profile committment yet: the equivalent of inviting 300 Martha Stewarts to stay at your house for a weekend (I used that analogy the last time, too). I finished up the basic network connection tonight (with a lot of help from UEN's Field Ops) to the hotel, and after a bunch of fine-tuning, got everything working. Big sigh of relief. I was hoping to not worry about NANOG over the Memorial Day weekend.
Pretty much everything is in place for NANOG now. There's some planning to finish up for the set-up on May 31, and coordination for the 18 or so volunteers from UofU and UEN who will staff NANOG. Next weekend will be very busy, but I've tried to get as many things as possible out of the way before then, so we don't have much left to the last minute.
NANOG has been a huge undertaking, but it's not nearly as intimidating as I had expected. Working on it a bit at a time since January, and with lots of help from UEN staff, it's been much more enjoyable than I had expected.
Though this is getting ahead of myself, I am looking forward to hosting NANOG again, possibly in February 2005 with the Internet2 Joint Techs.
Posted by pete at 7:36 PM
May 21, 2003
Visit to AT&T Labs
I spent Monday and Tuesday at the AT&T Labs in Middletown, NJ. I attended the AT&T Government Solutions Innovation Forum. AT&T Labs does a much larger Innovation Forum, but this is the first time they've done a smaller one specifically focused on Government.
We flew in early, took the JetBlue red-eye and arrived in New York at 6:00am Monday morning. That gave us most of Monday to walk around Manhattan. By that evening, I was ready to sit.
One of the highlights was meeting AT&T's Chief Scientist, David Belanger. I got several opportunities to talk to him about the future of The 'Net, and enjoyed talking to someone who has thought about the network as much as he has. I also got to spend time with several AT&T Researchers. These kinds of visits are somewhat dangerous for me, because they make me really want to pursue a research career direction.
I found an interesting phenomenon. The speakers who wore suits inevitably had presentations much less compelling than those who didn't. I got to the point where I would look for the sessions with suit-less speakers. Not a large enough sample to be representative, but I'll have to keep this rule-of-thumb in mind for future conferences.
The conference and side-bar discussions left me with a lot to think about, and write about in the next few weeks.
Posted by pete at 2:17 PM
May 14, 2003
Hmm
For a company that believed top-to-bottom (or so they said) in Open Source, and benefited tremendously from it (they would never have gone public, or lived past 2002 without having ridden the Linux coat-tails), Caldera has sure done an interesting turn.
Now, not only are they suing IBM for IP infringements, they are threatening to go after individual Linux users. Interesting strategy.
I've been involved with Caldera since they spun off from Novell's Corsair project. I was a strong advocate for Linux when I worked for a sister company. Linux was pervasive throughout the entire group of companies.
Mr. McBride may be protecting the interests of his stakeholders, but it's at the expense of the principles the company was founded on. And I think it's against the principles of SCO's largest shareholder, but I may be misinformed. And what are principles these days, anyways. I'm glad to be some distance now from this embarrassing disaster. I hope they go away soon, before the black eye spreads further.
Posted by pete at 8:29 PM
May 11, 2003
IP Address Thunking: NAT=bad, Part 1
In the early 90's, PC's used 16-bit processors, which normally could only access 64KB of memory. Through a process called "thunking", they were able to access 4GB, by accessing 32-bit addresses with a 2-step addressing process. Several technologies tried to make this transparent to application developers, PC technicians and users. Phar Lap was a very popular 32-bit development environment for DOS-based applications, Windows 3.1 had "Win32s," and Windows95 used thunking to support many 16-bit functions that were retained from Windows3.1. WindowsNT and later operating systems are native 32-bit and work only on 32-bit processors (Intel 386 or later), so they do not need to thunk.
But thunking was not transparent. For the developer, thunking makes development much more complicated. For the user, thunking probably isn't very visible, but it can make things more confusing (ie which version of software works with which version of Win32s) and much less reliable. Most importantly, for PC technicians, thunking was a support nightmare, especially under Windows. There was no end to the crashes, diagnostic complexities and support issues. Windows95 was a welcome improvement, and Windows2000 finally resolved most of the reliability problems.
Something similar to 32-bit thunking is widely used on the Internet today. It's called "Network Address Translation," or NAT. As more people have connected to the Internet, the 32-bit address space provided by IPv4 quickly became insufficient. NAT provides something like a 64-bit thunk, where an entire network can be addressed using "private" addresses, then a NAT gateway translates those to a few "public" addresses visible to the rest of the network.
NAT was created as a temporary solution for address shortages until the network could migrate to IPv6. In the process, NAT somehow became the solution instead of the band-aid, and now many people wonder if there's any reason to move to IPv6.
This is a short-sited perspective. Unfortunately, it has become more popular recently as NAT continues to placate the IPv4 limitations. I read lots of articles about the issues NAT has to address, and how NAT impacts the network, but few or none of those articles even mention IPv6 as as possible alternate solution.
NAT has problems analogous to those we experienced with PC thunking. These result from the NAT gateway having to make changes to packets as they pass from the private address space to the public. Some applications are oblivious to the address change, but many applications break completely with NAT. Voice, video, security, network filesystem, VPN and many other types of applications expect the packet to arrive unaltered. For these applications to work with NAT, the gateway must have application-specific capabilities, which often include encryption interception. The NAT gateway becomes an application and security gateway for dozens and eventually hundreds of network applications.
The functionality, performance and reliability of the network are increasingly dependent on NAT gateways. These devices are increasingly complex while at the same time much less mature than traditional network devices (routers, etc). Their impact on the network is supposed to be transparent, so they are invisible to the devices communicating through them. This adds up to NAT gateways being the greatest cause of network problems, but being the least-noticeable device in the network.
Jim has written about NAT recently, as have I.
This week, I will be writing more about the dangers of NAT, and why we should be focused on moving to IPv6 instead of making NAT work better.
Posted by pete at 4:49 PM | Comments (4)
May 10, 2003
PGA: Personal Google Assistant
I use Google a lot. It has become my first reference source in almost every circumstance now.
I'm mostly intrigued at how much Google is a part of social interaction. I keep hearing about how people look up their date's name on Google. When I hear a name I've not heard before, or forgotten where I knew the person, I check Google first. I love having Google around when friends or family visit, and I can look things up as we conversate. People joke about how I can find the answer on Google before the question is finished.
I'd love to have a PGA: Personal Google Assistant. A PDA- or cell-phone-sized device that was optimized for Google, like the Palm is optimized for calendar and addresses. Then I wouldn't have to be on-line, on my computer to check something on Google. I could look things up as I ran across them, no matter where I am.
It would be interesting to have Google (or Teoma) integrated into wearable computers. A meta-database of geographic information tied to Google, so as I walk around, Google pops up information about and links for the things I am looking at or the people I am talking to.
I saw something not too far from this on Alan Alda's Scientific American Frontiers a few weeks ago. This is one of my favorite shows, and the topic was "Inventing the Future" (this was 1996, so the technology is probably better now). He showed a wearable computer from MIT Media Lab that could sub-conciously remind you (a 1/5th-second subliminal flash) of the name of people who you looked at and had met before (the first time it would show you more detail about them). I could really use that. It would be cool if it also popped up their Web page or Weblog with the latest entries, to seed higher-quality small-talk.
Posted by pete at 1:26 PM | Comments (3)
Better bookstores
I went to the book store this week. I had about $60 to spend in gift certificates, so I was looking forward to picking up some good, non-technical books.
It'd been a while since I'd been to a book store. But it didn't take long to notice how much my book-buying expectations have changed. Thanks, Amazon.
Browsing the book is only 1/3rd of the experience. I found myself wanting to check Amazon for reviews and a list of what other books people had bought or recommended. Without that information, the browsing was entertaining but not easy decision-making.
I wish book stores would incorporate Amazon-type information into their experience. It'd be cool to have a Tablet PC or PDA that I could check out at the store, and go around scanning books to pull up reviews and recommendations.
I also can't figure out why Barnes&Nobel have computers on the sales floor, but don't let their customers use them. I don't mind going to ask for help, but sometimes I'd like to just look for books on the computer.
Posted by pete at 12:18 AM | Comments (1)
May 9, 2003
Deceived
Remember when you first realized that Santa wasn't real (or maybe you still believe)?
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
A very sad show. This affected directly or indirectly almost everyone in the US, and many more around the world. You still got presents even after you found reality. A few people got presents in this story, courtesy millions of unwitting and unaware investors.
Not much sympathy for telecommunications companies anymore. Nobody paying attention to analysts now. Not many IPO's. Maybe they will get their just reward (except poor Jack Grubman who had to retire with a mere $30M severance).
The up-side is that lots of people have capital gains tax write-offs for the rest of their lives.
Posted by pete at 6:01 PM | Comments (1)
Problems with NAT
I've been collecting ideas for a paper (and probably series of blogs) on the problems with NAT and why NAT should be avoided like the plague.
Coincidentally, I was confronted with a NAT-related problem, that goes to one of many points I'm trying to make.
Got a message that someone couldn't reach a machine in Alpine School District. His traceroute stops two routers before the machine. So I asked him what address he's coming from. 172.16.1.1.
Now, if I was in my normal diagnostic stupor, I'd try "traceroute 172.16.1.1" from my machine, and then from that router. Here's where it gets confusing.
172.16.1.1 happens to be private address space. If I were to use that address space on my own network, and not recognize that it's a private address (a very common mistake, even for experienced people), I would chase my tail for a while trying to figure out why this guy is on my network (because that's how it would look).
172.16.1.1 isn't in use on our backbone. And I was alert enough (this time) to notice that it's private address space. So, must be behind a NAT gateway. Sigh.
More complications: the Alpine router is addressed using "private" 10.x addresses, so testing to/from that router can't be done. This is probably the most important router to be able to diagnose from, since it connects to the machine in question.
So, I request a trace-route from the guy (who is oblivious to the fact that he's NAT'd). Now, best-case, I can test from the router upstream from Alpine to his NAT gateway. And ... it works. But I already knew that, it's getting to the Alpine router and the machine past that doesn't work. But I can't test end-to-end from those points of the network, because of the private address/NAT issue.
Maybe I can do some kind of special traceroute that circumvents NAT. Except that routers don't do that kind of stuff. Hmm.
I guess I have to get a sniffer and put it at different parts of the network to see if I can see the traffic.
By now, I'm 3 hours into this problem (not working on it the whole time, but just collecting and exchanging information). And I haven't yet been able to run the most basic test: and end-to-end ping or traceroute.
And NAT is eliminating the need for IPv6? I guess you could say that, if you've never operated a network...
Posted by pete at 4:04 PM
May 8, 2003
Why MovableType
I started blogging using Radio Userland. I really liked the usability. It's a great way to start blogging, and also very powerful for experienced bloggers. But as I got to experience other blogging software, and got some experience Radio, I realized that Radio was not right for me. Some of the reasons I decided to go to MovableType.
1. Jim can't break it as easily.
2. It's Perl-based. It has a boat-load of plug-ins and a very active development community. I'm comfortable with Perl, and hope to contribute with my own MT modules. I am not proficient at XML or OPML, and found the Radio back-end poorly documented. Most of my experiences (usually involving Jim) with adding plug-ins to Radio were bad.
3. It's Web-based. One thing I really liked about Radio was it's off-line capabilities. And the WYSIWIG editor was great, if you are on Windows with IE. But I hated that I could only have one computer to blog from. MT has a great Web editing interface (not WYSIWIG), plus I can use a number of XML-RPC tools (with WYSIWIG) for desktop and off-line editing.
4. It's designed for independent operation. Radio was designed for use with the Radio hosting service. Making it work with my own personal server required opening up some security holes, and I lost access to many of the cool Radio features by not using it on their server. MT runs on my server, and was designed to work that way.
5. Draft mode. Radio has "Post" and "Publish". but they are very primitave. MT has true CMS Draft/Publish management, so I can pre-write blogs when I'm on a roll, and finish them up later.
6. Comments. Radio has comments, but they're managed in an ackward way, through the Radio hosting service (probably something that would work better if I wasn't hosting my own blog). So I turned comments off. MT handles comments better, so they're on (along with TrackBack and blog pinging).
7. Search. Radio doesn't have search built in. You can kludge it with Google or some third-party search engine. But that's lame (well, except for Phil's), it's not integrated, you have no control over it, and most search engines don't understand blogs, so you get links to the wrong place. MT has good search capabilities (including regexp's). And it supports Google SOAP integration.
I'm excited about what I can do with MovableType. I've been using MT for several months already for some other sites, so I've looked forward to the time when I got irritated enough with Radio to make the move.
I'd still like to see "MovableType Unleased". Though I came across this one that looks promising.
Posted by pete at 7:33 PM
New and improved
As you probably notice, I have made some major changes.
One change I've been wanting to make for some time is switching from Radio Userland to MovableType. I finished that migration yesterday.
I was happy to find that I was able to migrate all of my Radio blogs into MovableType. I found a few scripts that were supposed to convert Radio to MovableType, but they didn't work out of the box, and they were written in Python. I'm not a Python programmer (which is a personality characteristic I'm proud of), so I rewrote the script in Perl. With a bit of fudging, the import worked perfectly. You can see the results in the left column under "ARCHIVES" and "RECENT ENTRIES".
I have a bit of work left to do on the migration. The old blog is still (mostly) alive, and I will probably leave it there until I get everything mapped over properly. I'm especially interested in making sure that search engine links don't break, until the search engines re-index my site.
I'll write later about some things I'm excited about with MT.
Posted by pete at 11:33 AM | Comments (2)