[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Comments on the NAT66 draft

Gert Doering writes: 
On Sat, Nov 08, 2008 at 04:20:42AM -0700, EricLKlein@softhome.net wrote:
I have yet to hear one serious reason why we need NAT in v6 given that >> all of the requirements that lead to it and have kept it alive for years >> in v4 do not exist in v6 and in some cases using it will break v6 functionality. 

Well, the thing that I keep hearing is "we want to be able to change
providers at our whim and not renumber" (not from "SOHO" customers, but
from "a bit larger networks").
Having worked for 2 telecom operators and supported multiple ISPs I have never heard this request from customer. Renumbering has always been a problem and all of the DHCP solutions to fix it still exist. What I am guessing that they are saying is "I don't want to be tied to a specific ISP forever so I want an easy way to reconfigure when I change". And for the occasional change (maximum of what 1 time per year?) I do not think that breaking end-to-end links is the answer. If this is what they want then lets bring back site locals (I am sure that some people will implement them and not notice that they were depreciated anyway). This at least is a straight forward fix that will not require bringing back NAT into v6.
Two possible answers 
  - IPv6 PI space ("everybody's routing table gets hit")
- ULA space inside, NAT66 outside so what's the smaller evil? I can't say. (Regarding the "renumbering" bit: I didn't write "we can't renumber" - but for a largish network, renumbering can incur much much higher costs 
than just finding a vendor that provides a NAT66 box... and as soon as
enterprise customers are going to ask vendors about it, one of them will
build one. Well, I think you could already do that today with BSD pf(4)...)
I disagree, if it is understood that using "a NAT66 box" means that VoIP, Video, PTP, and firewalls will not work as expected then the cost will be much higher than reassigning numbers in the DHCP pool.
From an ISP point of view, I'd actually prefer NAT66 before IPv6 PI. 
Of course "everyone of our customers will stay there forever, so there's
no need to ever renumber" would be much preferred, but I think this is
about as unrealistic as assuming that there won't be NAT66 boxes.
As I said above, Site locals are preferable to NAT or IPv6 PI, don't break the end to end connectivity and don't undermine the security benefits of a consistent address through out the link.