smd(_at_)ebone(_dot_)net (Sean Doran) writes:
John Kristoff <jtk(_at_)depaul(_dot_)edu> writes:
| To do nothing can be far more dangerous (as proven by the disdain
| for NAT).
The disdain for NAT is non-uniform. Personally, I rather like NAT.
Of course you would. You work for a provider and can get all the
address space you want.
NAT vendors will also tell everyone that the world needs more NAT.
Who doesn't like NAT? The end customers, who are spending literally
millions dealing with problems NAT causes in the network. Since Sean
doesn't see these issues, he has no reason to dislike NAT.
| Can IPv6 be worse for the net than NAT?
IPv6 and IPv4 will coexist for a time; the topology of the (large)
IPv4 Internet and the (tiny) IPv6 Internet are discontiguous, and
is unlikely to cease being so before IPv6 curls up and dies.
You know, nine months ago you used to say we wouldn't have any real v6
deployment at all -- and indeed, nine months ago, there were nearly no
systems that could even run v6 out of the box. Now, of course, the
system you yourself run is v6 capable (though I fully expect you turn
off the v6 code) and you speak of the two coexisting before v6 finally
dies, since you know many people (including me) actively use it.
I'm awaiting the next steps, which will include you denouncing the
high costs deployment is imposing upon you. I suspect that's about two
years off. :)
NAT and inter-protocol header translators (e.g. FAITH or 6to4,
ironically written by Carpenter and Moore, who both really hate NAT)
totally eliminate the near-term need to even consider ships-in-the-night
in the core. They also can reduce the weak pressure on the IPv4
address space by aggregating multiple hosts behind a single (IPv4) address.
I find this to be a best-of-both-worlds sort of situation.
I'm perfectly fine with using v4 as a link layer to connect together
end sites, with v6 being used over that link layer. Mechanisms like
FAITH and 6to4 allow us to move in that direction. It is completely
obvious that the v4 internet will remain dominant for some time to
come even as people find niche applications (like network management
through v4 NAT layers or end to end IPSec through v4 NAT) that only v6
can solve for them. Even after v6 begins to dominate, legacy v4
equipment will doubtless be around for decades simply because people
avoid getting rid of old hardware.
By using mechanisms that do v6<->v4 translation, we allow people to
gain the benefits of v6 deployment without requiring that v6 be widely
deployed. They can run their internal network on v6 addresses instead
of on 10.x.x.x, but still be able to do things that network 10 would
not allow them to do at all, and to the end user, all v4 web sites and
such are still just as accessible as they were through NAT.
Although it may annoy Sean, real companies are actually starting to
wake up to the fact that they can do this and are starting to
deploy. Most of them are highly technical organizations running
Unix based systems, but that will change in coming years.
Deploying solutions like this means that v6 will be able to smoothly
grow even without things like www.cnn.com being accessible over v6. It
appears this phenomenon is already occurring.
Perry E. Metzger perry(_at_)wasabisystems(_dot_)com
Quality NetBSD Sales, Support & Service. http://www.wasabisystems.com/