StarDestroyer.Net BBS

What are the advantages to having WAN IP address for each computer in a house?

You don't have to bother forwarding ports for servers to a specific local IP. Thats about it I think? I'm sure someone will think of something else though

They can all run UDP applications on the same port without problems. Port forwarding doesn't work for UDP (at least without application-layer tricks) if more than one host tries to use the same port.

Plus it's just the way the internet was designed to work damnit. Don't any of you heathens have any respect for purity of network topology? Doesn't hiding your real IP seem fundamentally... dishonest... to you? Are you not ashamed of your dirty NAT tricks? No? (mutters to self)

NAT (particularly the bad implementations found in typical consumer grade routers) is annoying for network application design, but only mildly so, compared to firewalls.

Oh and globally visible IPs mean you can assign a unique globally visible reverse DNS entry for each of your computers. This has absolutely no utility other than making your IRC channel entrances more impressive.

Starglider wrote:They can all run UDP applications on the same port without problems. Port forwarding doesn't work for UDP (at least without application-layer tricks) if more than one host tries to use the same port.

How would that affect Bittorrent? (the only reason I'm even considering paying Comcast 5 dollars more a month)

Plus it's just the way the internet was designed to work damnit. Don't any of you heathens have any respect for purity of network topology? Doesn't hiding your real IP seem fundamentally... dishonest... to you? Are you not ashamed of your dirty NAT tricks? No? (mutters to self)

What the hell are you talking about? How the hell is my LAN IP my "real" IP Address?

NAT (particularly the bad implementations found in typical consumer grade routers) is annoying for network application design, but only mildly so, compared to firewalls.

...

Uh-huh. Let's pretend for a second that I don't regularly design network applications.

Oh and globally visible IPs mean you can assign a unique globally visible reverse DNS entry for each of your computers. This has absolutely no utility other than making your IRC channel entrances more impressive.

While we're pretending things, let's also pretend it's not 1989 and that I don't use IRC.

Dominus Atheos wrote:

Starglider wrote:They can all run UDP applications on the same port without problems. Port forwarding doesn't work for UDP (at least without application-layer tricks) if more than one host tries to use the same port.

How would that affect Bittorrent? (the only reason I'm even considering paying Comcast 5 dollars more a month)

It wouldn't, Bittorrent uses TCP. Though I really wish I'd thought of splitting out the content distribution system from my first (MMORPG) startup back in 2001 or so. It was considerably more efficient and featureful than Bittorrent, and used UDP where possible. Generally though only realtime games and voice/video conferencing software uses UDP.

I still think it sucks that only TCP, UDP and ICMP survive at the IP layer. Back in the day, there were a whole host of IP layer protocols, but just try getting anything other than TCP and if you're lucky UDP (and if you're very lucky, ICMP) through a firewall today.

What the hell are you talking about? How the hell is my LAN IP my "real" IP Address?

NAT causes a problem in that the client IP address the server sees at the TCP/IP level is not the same as the IP address the client reports itself as having at the application level. This messes up things like software multicast, where you try and get clients to forward stuff to each other to cut server bandwidth requirements, and server-mediated peer-to-peer apps with some peers on the WAN and some peers on the LAN. You can code around it, but I wish I didn't have to.

The Internet was designed to have a single global IP space, with unfettered transmission of IP packets from any host to any other host, regardless of port or protocol. Truly all rejoiced in its purity of design, but then vice and sin invaded this perfect realm, followed shortly by network equipment salesmen, and we have long since fallen from this original state of grace, and are now beset by the manifold horrors of NAT and firewalls and messing about with port forwarding rules every time you try to run a server.

Uh-huh. Let's pretend for a second that I don't regularly design network applications.

Oh for actually designed network applications yourself unique IPs are nearly essential, NAT and similar crap is immensely irritating in the design/prototyping process. I just meant it's annoying (to a much lesser degree) when you have to allow for end users running it.

While we're pretending things, let's also pretend it's not 1989 and that I don't use IRC.

SaCrIlIdGe! IRC ROXXORS!

Actually despite it's age IRC is /still/ better than 99% of the chatroom solutions I've seen, including in particular the horrible AIM chatrooms. Although designed in 1988, IRC didn't actually become popular until the mid 90s, usage probably peaked in the late 90s.

Starglider wrote:

What the hell are you talking about? How the hell is my LAN IP my "real" IP Address?

NAT causes a problem in that the client IP address the server sees at the TCP/IP level is not the same as the IP address the client reports itself as having at the application level. This messes up things like software multicast, where you try and get clients to forward stuff to each other to cut server bandwidth requirements, and server-mediated peer-to-peer apps with some peers on the WAN and some peers on the LAN. You can code around it, but I wish I didn't have to.

The Internet was designed to have a single global IP space, with unfettered transmission of IP packets from any host to any other host, regardless of port or protocol. Truly all rejoiced in its purity of design, but then vice and sin invaded this perfect realm, followed shortly by network equipment salesmen, and we have long since fallen from this original state of grace, and are now beset by the manifold horrors of NAT and firewalls and messing about with port forwarding rules every time you try to run a server.

Well that and the fact that we were starting to run out of addresses since they weren't and aren't ideally distributed but rather distributed in ranges (which is rather necessary because of forwarding CPU utilization and overall responsiveness on routers - and by this I mean the actual big routers that the internet depends on, not the consumer crap, for those in the audience), the fact that the internet wasn't the happy place where everyone got together and sung kumbaya but rather a place filled with script kiddies, and a multitude of other crap. The original design was very elegant, however it was also utterly naive and didn't account for the extremely fast spread of the Internet. Hopefully once we migrate to IPv6, some of that can be regained (although that migration is starting to look like a clusterfuck, but I digress).

DA, considering your responses, this service is not something you need, and it will leave you somewhat more vournable to attacks. Its mostly useful if you have a need to run servers - and even then I can't really see the need for multiple unique IP addresses in a home setting beyond getting one fixed address for your connection.

Netko wrote:Hopefully once we migrate to IPv6, some of that can be regained (although that migration is starting to look like a clusterfuck, but I digress).

IPv6 is horribly overengineered, in classic second-system style, 'let's load everything we think someone somewhere might need onto this spec'. Something like the Simple Internet Protocol Plus would've been quite adequate, ideally with the utterly cool Internet Stream Protocol universally implemented at the router level for demanding applications. But don't mind me. I still lament the loss of Network Block Transfer (the protocol used by the Destiny Star system to transfer large content files was essentially an updated peer-to-peer version of NETBLT layered over UDP).

DA, considering your responses, this service is not something you need, and it will leave you somewhat more vournable to attacks.

Agree.

Its mostly useful if you have a need to run servers - and even then I can't really see the need for multiple unique IP addresses in a home setting beyond getting one fixed address for your connection.

What you say? Evey home should not have at least three web servers, an FTP server and a private Bittorrent tracker? How do you ever expect to progress as a IT salesman with an attitude like that?

Starglider wrote:Plus it's just the way the internet was designed to work damnit. Don't any of you heathens have any respect for purity of network topology? Doesn't hiding your real IP seem fundamentally... dishonest... to you? Are you not ashamed of your dirty NAT tricks? No? (mutters to self)

Yes, yes, you academics with your ivory towers babbling about straightforward end-to-end connectivity! Meanwhile those of us in the Real World don't want to pay extra for each IPv4 address if we can get away with it

phongn wrote: Yes, yes, you academics with your ivory towers babbling about straightforward end-to-end connectivity! Meanwhile those of us in the Real World don't want to pay extra for each IPv4 address if we can get away with it

What academia giveth, the private sector taketh away.

phongn wrote:Yes, yes, you academics with your ivory towers babbling about straightforward end-to-end connectivity!

You DARE call me an acdemic sir!

I demand a pistol duel at dawn, to settle this slight to my honour! No scratch that, let's do it in the HAB and use nuclear bazookas, more fun for spectators.

You can easily use UDP through a NAT...
the problem is not TCP/UDP, but Client/Server...

The server side of a connection cannot be hidden under a NAT because the Client has to know the Port number to access the server (it could be done with some kind of central server).

HRogge wrote:You can easily use UDP through a NAT...
the problem is not TCP/UDP, but Client/Server...

Only as long as the clients behind the NAT are using different ports. It won't work if they all try to use the same port. UDP is stateless; the client/server distinction only exists at the application layer. Intelligent firewalls typically notice outbound UDP packets to unknown Internet hosts and dynamically create a port forwarding rule so that incoming UDP packets to that port go to the client that initiated the exchange, but this does not work when the remote host tries to initiate an exchange. To get around this in a peer-to-peer situation you normally use a server to relay IP addresses for all peers to each client and then send a meaningless packet out to prime the firewall - then another one to test that the firewall is actually allowing UDP packets to pass properly. With sucky firewalls that disallow TCP, if you have raw socket access you can often fake an outgoing TCP connection at both ends, but ignore the rest of the TCP spec. It's a load of hassle that would be unnecessary if people didn't run firewalls and NAT - which would in turn be unnecessary if a) Windows hadn't been so popular and pathetically insecure and b) the IETF hadn't pissed about with IPv6 for so long and had just implemented 64-bit addressing and some cleanup in the late 90s. Although gestapo sysadmins and sucking ISPs trying to lock down customers would still be an issue, and we'd still have to use tricks to bypass their efforts.

The server side of a connection cannot be hidden under a NAT because the Client has to know the Port number to access the server (it could be done with some kind of central server).

Or manually adding a port forwarding rule.

Dominus Atheos wrote:What are the advantages to having WAN IP address for each computer in a house?

Leaving aside the tech talk, the biggest advantage is that you can have several servers simultaneously on the same port in the same house. For example, you could have three computers running webservers on port 80, all in the same house. If you use port forwarding and NAT on a router, you could only set up one of those computers as a webserver on port 80.

Some online games also do not allow more than one computer to play from behind NAT, since to the server it looks like the connections are coming from the same IP address.

Edi wrote:Some online games also do not allow more than one computer to play from behind NAT, since to the server it looks like the connections are coming from the same IP address.

The thing is, in order to get real Internet IP addresses, you have to get them properly registered, which means you're going to have to negotiate with an organization that owns a lot of IP addresses (such as your ISP) and get some of them reserved for you (you'll probably need to buy up about 255 of them). And that will cost money, so who's going to do that?

Darth Wong wrote:

Edi wrote:Some online games also do not allow more than one computer to play from behind NAT, since to the server it looks like the connections are coming from the same IP address.

The thing is, in order to get real Internet IP addresses, you have to get them properly registered, which means you're going to have to negotiate with an organization that owns a lot of IP addresses (such as your ISP) and get some of them reserved for you (you'll probably need to buy up about 255 of them). And that will cost money, so who's going to do that?

Nobody really. But if you use a bridging ADSL or cable modem and IP addresses are assigned by DHCP, all of the computers in the house are going to get a public IP address out of the ISP's pool. Then it's possible to play from two computers at once from behind the same connection (assuming you have wide enough bandwidth, if it's bandwidth intensive).

Of course, there is nothing to prevent an ISP from setting limits as to how many computers you connect to the connection if you're using a bridged connection instead of NAT. Here it is generally the practice that you can have up to five computers behind a bridged connection, but enforcement is spotty. If somebody starts really hogging things, network monitoring will pick it up, they'll get a warning to fix things and if they don't heed, they'll get their connection shut down. But typical home users, even if they have three or four computers, no problem at all.

Of course, it pays to use a somewhat bigger, reliable ISP instead of one of the cutrate outfits that can't offer good terms.

Darth Wong wrote:The thing is, in order to get real Internet IP addresses, you have to get them properly registered, which means you're going to have to negotiate with an organization that owns a lot of IP addresses

WTF? Every Internet connection I've ever had, private and corporate, has had a static IP range. The last three have been with Demon Internet and they always ask 'would you like a dynamic IP, a single static IP for your router, or an IP range?' when you open the account. No registering, neogitating or extra fees required. That said I have always asked for less than 256 IPs and I have always gone for 'premium' grade connections, not the bog-standard $9.99/month crap with caps and shaping and filters and similar.

Starglider wrote:

Darth Wong wrote:The thing is, in order to get real Internet IP addresses, you have to get them properly registered, which means you're going to have to negotiate with an organization that owns a lot of IP addresses

WTF? Every Internet connection I've ever had, private and corporate, has had a static IP range. The last three have been with Demon Internet and they always ask 'would you like a dynamic IP, a single static IP for your router, or an IP range?' when you open the account. No registering, neogitating or extra fees required. That said I have always asked for less than 256 IPs and I have always gone for 'premium' grade connections, not the bog-standard $9.99/month crap with caps and shaping and filters and similar.

You either get expensive accounts or your ISPs are remarkably generous. Every organization around here charges extra for a single static IP, never mind an entire range. Business accounts often come standard with a static IP, but business accounts are far more expensive than home accounts so the cost is obviously hidden in the account fee.

Darth Wong wrote:You either get expensive accounts or your ISPs are remarkably generous.

The short answer is probably 'a bit of both'. My current home Internet connection costs $90/month, for 8M/512k low-contention DSL, which fortunately my company is paying for (I've been working from home quite a bit this year and since we closed the Sheffield office most of the test servers have been sited in my attic - hopefully they'll be going to the new office before Christmas).

Demon hand out IP addresses like candy because they've got plenty of them, having been around since 1992, and because they focus on high-paying commercial and 'power user' customers, so they're not in danger of running out. I have used other ISPs but back in the late 90s the IP shortage was for the most part still on the horizon, so most ISPs were willing to hand out static IPs if you managed to get past the clueless customer service drones and talk to the real network support staff.

IP addresses themselves cost nothing of course (even for the ISPs, the IANA assigns them based on some combination of demonstrated need and political maneuvering - officially they're not purchased), however...

Every organization around here charges extra for a single static IP, never mind an entire range.

This is undoubtadly some combination of 'because we can' and 'because we came late to the party, focused on low-margin bulk business, and thus have to discourage people from demanding static IPs or we'd soon run out'.

What you /do/ have to undergo a horrible amount of paperwork and pay a fairly hefty fee for is getting registered as an autonomous system, which means you truly get your own IP range as opposed to just borrowing some from your ISP. This entails being added to the routing tables for all the core routers on the Internet, so it's not surprising that it's a nontrivial process. This is only necessary for organisations that need multiple highly redundant connections to the Internet via different ISPs, which want to save bandwidth costs by directly peering with other large organisations (and even there routing rules usually do the trick without needing an ASN) or tier-one ISPs themselves.

Starglider wrote:The short answer is probably 'a bit of both'. My current home Internet connection costs $90/month, for 8M/512k low-contention DSL, which fortunately my company is paying for (I've been working from home quite a bit this year and since we closed the Sheffield office most of the test servers have been sited in my attic - hopefully they'll be going to the new office before Christmas).

That sounds about right in terms of pricing - 15/2 fibre with a static IP is $100/mo here with 2-year contract.

Darth Wong wrote:

Starglider wrote:

Darth Wong wrote:The thing is, in order to get real Internet IP addresses, you have to get them properly registered, which means you're going to have to negotiate with an organization that owns a lot of IP addresses

WTF? Every Internet connection I've ever had, private and corporate, has had a static IP range. The last three have been with Demon Internet and they always ask 'would you like a dynamic IP, a single static IP for your router, or an IP range?' when you open the account. No registering, neogitating or extra fees required. That said I have always asked for less than 256 IPs and I have always gone for 'premium' grade connections, not the bog-standard $9.99/month crap with caps and shaping and filters and similar.

You either get expensive accounts or your ISPs are remarkably generous. Every organization around here charges extra for a single static IP, never mind an entire range. Business accounts often come standard with a static IP, but business accounts are far more expensive than home accounts so the cost is obviously hidden in the account fee.

Here, there are no bandwidth caps on broadband connections. It's actually illegal to have them if the service is advertised as a 24/7 availability connection. Speeds vary from 256k/256k to 24M/1M connections.

For consumer connections, you do not get one single static IP, everything is assigned by DHCP so you can and do get a public IP address for each machine on a bridged connection, but it is likely to be different every time your computer is off for a while and if the IP isn't constantly renewed. Static IPs are only available for business connections (more expensive) and more static IPs cost more. The key difference here is public pool IP address vs static public IP address. The difference is from the ISP point of view quite significant.

Cost of a connection hereabouts varies from around €17 to €50 per month and somewhat from ISP to ISP. I have a 4M/1M connection that costs me €36 per month and no caps on traffic or other limitations, other than that I can't have a mail server at home (blocked).

the only advantage of having a direct ip address is for connections that required direct ip addresses, usually games, though that's slowly becoming a rarity. I've been able to do transfers with people that are double nat/firewalled while i'm behind a firewall/nat. On a cable modem/dsl modem you're usually not going to see any bandwidth increases. With some setups you will lose your internal network with out having a second card in each machine.

When I had DSL it used a protocol called PPPoE, which allowed me to have my private network and a direct connection as well. We also had a router looped back into the network so if you didn't want to use the direct PPPoE client (inherently safer due to the natural firewalling tendencies of NAT routers) we still had the NAT connection.

So unless you need direct web presence or you're getting more bandwidth from each ip, i'd say it's not worth the extra dough.

Ugh, I hate PPPoE.

Apache mod_proxy and name based virtual hosts gets around the inability to run multiple servers on a single IP, but virtual hosts doesn't work for SSL.

phongn wrote:Ugh, I hate PPPoE.

PPPoE has it's benefits and detractions, as long as it works, it is nice. If it doesn't work. well it sucks. What I enjoyed was the ability to have multiple computers on multiple networks (ie, bell, uoft) at the same time, and having computers grab multiple ip addresses (for fun i had one computer grab 80 ip addresses before i got bored). I never had a problem with it using it with os9, linux, unix (freebsd 4.2, osx (10.2)), windows 9x, me, 2k, xp.