SIPB: IS&T’s rollout of NAT creates more problems than it solves
Last Friday, with 12 hours of notice, IS&T began the rollout of a NAT (network address translation) system, which allows IS&T to replace existing publicly reachable IPv4 addresses on NET-18, MIT’s vast historical range of public addresses, with private addresses in NET-10. A few smaller buildings in West Campus, as well as the Walker Memorial, were affected.
While the NAT allows IS&T to compress MIT’s usage of NET-18 into a smaller range, and people connecting to the internet with their laptops and cellphones from campus won’t likely notice a change, all servers behind the NAT will no longer be reachable from the public internet.
Despite this side effect, a NAT, by itself, does not actually provide any security benefits: only properly configured firewall settings can. Although network security is one of IS&T’s stated purposes in implementing a campus NAT, they are actually achieving their claimed security by rolling out a campus firewall.
On Wednesday, IS&T posted an FAQ in which they confirm their plan to consolidate their use of NET-18 beyond the lower half of the range, presumably to sell more address space than originally announced by Ruiz. The Provost and the EVPT indicated that proceeds from selling addresses in NET-18 are to be used both to improve MIT’s network infrastructure and to fund research for the improvement of the internet. At a market price of $20 per address, the entire NET-18 range of 16 million addresses is worth around $334 million, a formidable fortune. Certainly, using this fortune to create immediate and tangible benefits at MIT is a noble goal.
However, the NAT, and IS&T’s rollout process, create many more problems than they set out to solve, especially since the address ranges MIT currently wishes to keep, the 8 million addresses in the lower half of NET-18, is more than sufficient for every Internet-enabled device on campus, and IPv6 adoption, which promises MIT more addresses than there has been picoseconds since the Big Bang, is measured by Google at barely 20% worldwide.
Although IS&T announced the general plan for the NAT in an IT Partners meeting earlier this month, the initial rollout was made on a very short notice, at the end of a work week. If IS&T continues this practice of making surprise changes, unless maintainers are standing by at the precise moment when IS&T performs network switchovers, their machines will fall off the public internet, possibly breaking their services. For example, last Friday, WMBR’s online playlists and MIT Student Cable became temporarily inaccessible when the NAT turned on in the Walker Memorial.
Until now, getting a static public address is a simple web form away, and students can set it up on any computer they wish; the NAT implementation places this power in IS&T’s dynamic host configuration (DHCP), tied down to specific hardware. As IS&T plans to eventually migrate almost all of MIT’s campus behind the NAT, including dorms, it will be harder for students to prototype internet services reachable from anywhere on Earth, even those not achievable with ordinary web technology, right in their dorm room.
In fact, the NAT doesn’t just hurt student developers who create new internet services; it also hurts all students who potentially use those services. Many popular student-developed projects, like CourseRoad and Planner, were built in dorm rooms, all thanks to the ease of obtaining public MIT addresses and hostnames combined with crufted hardware from reuse. And while BitTorrent will not be blocked, the service’s peer-to-peer nature may mean that the implementation of NAT will reduce download speeds.
SIPB believes that access to a virtually unlimited pool of public IPv4 addresses is a privilege that tremendously enhances the value of an MIT education, both for students learning to build new internet services and for students who use those services. As such, we advocate for a full rollback of NAT deployment on campus networks. We are currently working with IS&T to find a solution which ensures that students and other members of the MIT community are still able to set up public internet services with the ease static addresses afford, and we hope that these issues are resolved swiftly and peacefully.
Miguel Young de la Sota ’18 is the chair of the Student Information Processing Board (SIPB), MIT's volunteer student computing group. This article is written on behalf of the organization.
7/19/17: This article previously incorrectly stated that WMBR’s XM radio service was affected by the rollout of NAT. In fact, it was WMBR’s online playlists that were affected. WMBR has no service called XM.