Yep, that's the way it's traditionally been at MIT as well. The DHCP hosts get things like DHCP-ipaddressspelledoutinenglish.mit.edu. The fear is that it's all going away.
By default the service max out at 512 MB of RAM (yes, the service was invented in a different decade, way before AWS was cool). So if I want anything more than that, I'm better off running my own server.
Also ironically, I can't reach any of the newly NAT'd networks from my XVM instance. I bet the XVM maintainers haven't been warned about the NAT.
Did not know that. Honestly MIT's IT department should of given stakeholders more notice about this. I've honestly never had the chance to work on a public facing network (My alma mater, GMU, has a mostly natted network).
It still makes no sense that forcing researchers and students at MIT to access the Internet through a NAT has anything to do with innovation in IPv6, though, unless you count all the innovative ways students are going to come up with getting around the IPv4 NAT... which is a pretty pointless exercise.
Even in the old approach, you get publicly routable addresses over DHCP. The approval was for static addresses only, and was very fast, because you're literally on the same network as the DHCP addresses.
If they detect bad activity, they blacklist your MAC address so you can't connect. This is no different under the new scheme, and has nothing to do with NAT.
You don't need to run a Tor relay in order to run a hidden service. I have thrown in this idea as it's a dead simple (cheap/free, and you don't have to coordinate with anyone) to get your stuff publicly, let alone for experimental purpose.
Sure, but I'm just pointing out an example where MIT students get to be actors as well as playwrights, whereas now one must follow the prescribed lines and mustn't be too naughty.
Well, an average student isn't going to do anything interesting. The MIT I know works to enable its most resourceful and enterprising students, and is not satisfied with just enabling "being average".
How can MIT people use IPv6 when it hasn't been rolled out on campus yet? How does it make any sense to put the campus (Ethernet) network behind a NAT, when MIT still has 18.0.0.0/9, half of what MIT has before but more than plenty to go around?
NAT will make future sales of IPv4 blocks easier? As you say, MIT doesn't need all those 8 million IP addresses, and eventually will adopt IPv6 anyway. Might as well sell surplus v4 space while it's still valuable.
But why is MIT making money on those addresses more valuable than giving its students an opportunity to experiment and innovate? Why would selling those "unused" spaces to Amazon further the cause of IPv6?
> Net proceeds from the sale will cover our network upgrade costs, and the remainder will provide a source of endowed funding for the Institute to use in furthering its academic and research mission.
When the two are in direct conflict, is it more important for MIT to maximize the value it can extract out of its properties, or for it to promote adoption of improvements to technology?
I think MIT is in the process of rolling out IPv6 officially. They only got an allocation early last year, and I think right now it is being used on the VPN network.
There are advantages to being on a private network behind a firewall ... and they could still offer a DNS name and routing to your computer if it was on a private network. It's likely that the only difference is that you'd also have to specify what ports you want exposed to the outside world. This is a win for you from a security perspective - having additional layers of security won't hurt you.
I run our servers on public IP addresses, behind a firewall. Troubleshooting and debugging is made much easier, and there's never any conflict with VPNs etc.
> It's likely that the only difference is that you'd also have to specify what ports you want exposed to the outside world
Port 80, please. With NAT, you can't offer that to more than one computer.
You nailed it! Students love that they can just spin up a whole new web server, no questions asked. I certainly won't be where I am on sysadmin-type skills without the kind of tinkering that the un-NAT'd network affords.
That's great and all, but the majority of us have lived in a IPv4 NAT world for most of our lives. A previous poster even mentioned that a student group runs a cloud hosting service on campus, making some of this moot:
"SIPB (MIT's volunteer student computing group) offers free "cloud hosting" to anyone with an Athena account.
http://xvm.mit.edu/"
You have to scale the reverse proxy, and you've added another point of failure.
Not to mention - who runs it? It needs to be trusted to terminate TLS or do 5-tuple proxying based on the SNI destination (not all clients send SNI). Also if the MIT student is doing something akin to protocol level development it's possible a middle proxy will prevent them from doing their work.
There is also the hassle factor. You may stop people from ever trying something because of the added hoops they must go through.
