Visit Your Local PBS Station PBS Home PBS Home Programs A-Z TV Schedules Watch Video Donate Shop PBS Search PBS
I, Cringely - The Survival of the Nerdiest with Robert X. Cringely
Search I,Cringely:

The Pulpit
The Pulpit

<< [ I Want My NerdTV ]   |  Through a Metal Detector, Darkly  |   [ Sprint Nextel's Hidden Advantage ] >>

Weekly Column

Through a Metal Detector, Darkly: How NAT traversal could set us free

Status: [CLOSED]
By Robert X. Cringely
bob@cringely.com

There is a scene in Joseph Heller's book Catch-22 where the WWII U.S. Army Air Force camp in Italy goes through a loyalty-oath frenzy. In order to do anything -- even eat -- airmen are forced by the intelligence officer, Captain Black, to sign a new loyalty oath each time, which reminds me a lot of signing Microsoft End-User License Agreements, except Microsoft doesn't also require that we sing the National Anthem, which Captain Black did. This absurd scene ends when the mysterious Major -- -- deCoverley shows up in the mess line, refuses to sign, and says "Gimme eat," breaking forever the loyalty oath cycle of pain. Oh to be Major -- -- deCoverley today, since I am writing this in the Mineta San Jose International Airport having just lost my toothpaste and Purell to the Transportation Security Administration and almost lost the very notebook computer I am typing on.

I'm all for public safety, but according to a friend on the staff of the U.S. National Security Council, the simple armoring of airliner cockpit doors (accomplished before the end of 2001) was enough to return airline safety to pre-1967 levels of terrorist protection. Threats evolve, of course, and it is always harder to plan defense than offense, but the thought of business travelers being made to luggage-check their fragile computers, as they are being made to do now in the United Kingdom, might lead to civil unrest in Silicon Valley.

Gimme eat, indeed.

This week I promised to revisit the topic of Skype P2P and the problem of Network Address Translation (NAT) traversal, which I first covered a few weeks ago. My argument at that time was that the Skype architecture wouldn't scale well because of the required participation of "super nodes" that aren't behind NAT firewalls - nodes that are actually the computers of kindly (but usually unknowing) Skype users who have lots of bandwidth and are visible to the greater Internet. A number of very well-informed readers thought that my position was unfounded and even stupid. They saw Skype's super nodes as providing a simple introduction service after which they get out of the way and don't touch the actual bits. Funny, that's not what it says on Page 9 of Skype's own Developer Handbook. Nor is it what they say at Canada's University of Waterloo, which produces some of the best geeks on Earth and where Skype is actively discouraged because, "...our experience is that super nodes will consume lots of resources -- tens of gigabytes a day of network traffic as they relay voice and replicate the directory for others..."

I'm not saying that Skype is evil, just that it doesn't run the way people think it does. Those who think Skype super nodes perform a simple STUN service are ignoring the TURN and ICE servers running behind the scenes as well. To those readers for whom these terms are meaningless, just please understand that there are a LOT of computing resources running in background to keep Skype running smoothly, and they consume significant bandwidth as well as compromise--to some extent--the security of the networks upon which they run. Skype is innocent in this, of course, because it is all in strict accordance with the company's End-User License Agreement. But what if you are using Skype at work -- a place where most of us aren't legally qualified to commit company assets for this purpose? Good question.

But rather than worry about Skype, let's think a little more about the underlying problem all these servers are intended to solve. NAT helps us make do with IPv4 in a world that has more Internet devices than there are possible IPv4 addresses. NAT servers live in routers, wireless access points, and some modems, giving us unroutable 192.168.X.X-type addresses on our local networks. This, along with the use of dynamic IP addresses by our ISPs, not only stretches the pool of IPv4 addresses, it also makes it somewhat harder to compromise local networks -- a sort of poor man's firewall -- which is why all those STUN and ICE and TURN servers are required.

There are two ways I know of to overcome the limitations of NAT. One would be to move to IPv6 with its 128-bit addresses capable of supporting 50+ octillion unique addresses for each of the roughly 6.6 billion people alive today, compared to the measly 4.3 billion possible addresses of IPv4. If 4.3 billion addresses seems like a lot, try figuring how many addresses it would take to cover every digital device in your life. IPv6, which is supposed to become the backbone de facto by 2008, is slow in being implemented because NAT has been so useful, but more importantly because IPv6 replacement hardware will cost a lot of money if taken all the way down to desktop and mobile devices.

A better way of handling the problem of IPv4, one might argue, would be to simply solve the problem of NAT traversal - to enable all the good parts of NAT while overcoming the bad parts. Alas, in the 12 years since NAT was invented, nobody has claimed to have found a way to overcome NAT without simultaneously compromising firewalls or violating Internet RFC (request for comments) rules... that is until now.

A pair of ex-Intel engineers claims to have solved the NAT traversal problem. I don't know if they have solved it for sure, and until they've completed all those pesky patent applications we won't have any technical details. But, from what I understand, the still-in-stealth-mode duo, whom I have known for some time, are quite confident of their technology. Assuming that it does work and that it doesn't cost too much to implement in software or hardware, what would an elegant NAT traversal scheme mean for the rest of us?

For Voice-over-IP (VoIP) telephone users it would mean Skype without the technical complication or Vonage without the monthly bill. Imagine buying a WiFi phone, for example, and having it Just Plain Work without ANY back-end telephony system whatsoever. Further imagine a network of a few million such phones with interconnection to the public switched telephone network (PSTN) allowing you to call a PSTN phone by bridging through the phone of another user in your target city. But VoIP is the least of it. With the transparency of an IPv6 network but without the overhead of IPv6, every refrigerator and air conditioner could be addressed by the electric company. Every nannycam could be viewed from every mobile phone with the correct cryptographic authorization. The possibilities go on and on.

I, for one, hope it works. Gimme eat.

Comments from the Tribe

Status: [CLOSED] read all comments (0)