Stephen Sprunk wrote:
Thus spake "Keith Moore" <moore(_at_)cs(_dot_)utk(_dot_)edu>
NAT-PT really needs to be wiped off the face of the earth. It
provides all of the disadvantages of IPv4+NAT with all of the
transition costs of IPv6.
Indeed it does. However, it has significant benefits as well:
[arguments about NAT-PT avoiding the need to dual-stack hosts deleted]
Dual-stacking hosts is a non-problem. For the majority of deployed
hosts, it is already done.
Adapting existing networks to IPv6 is somewhat painful, but most of the
deployed hardware supports it.
On the other hand, adapting existing security policies, traffic filters,
network intrusion detection systems, explicit and interception proxies
is much harder. In some cases the products or upgrades don't even exist
for IPv6, and when they do, they're not mature.
If there is ever any significant penetration of NAT-PT, then the
pseudo-IPv6 network will not be able to support any more kinds of
applications than the NATted IPv4 does today.
In the beginning stages, yes. However, unlike v4 NAT, if one has a
problem with NAT-PT and how it affects applications, all one has to do
is deploy v6 and they go away.
That's like saying that if you are a IPv4 software developer and your
applications won't work at your customers' sites because they have NATs,
all you have to do is get rid of your own NAT and your customers'
problems will go away.
It simply doesn't work that way. NATs create problems even for people
who don't use them.
Besides, nearly everyone is behind a v4 NAT today, so things aren't
going to get any worse for v4 traffic, and they'll gradually improve
for v6 traffic as folks deploy it and start to bypass their NAT-PT
All of this "applications for v6 aren't designed to cope with NAT"
stuff is bunk. Applications are designed to use both v4 and v6
because there's no market for v6-only apps. Apps have already paid
the cost of dealing with NAT (if it affects them) and so will future
apps until we can manage to drop v4 entirely. If NAT-PT allows us to
drop v4 sooner, it's that much sooner app developers can stop paying
that cost, and that's good for everyone.
All of these gross generalizations about applications are bunk. The
patterns of interaction between nodes of an application, and the effect
that NATs have on them, vary widely from one application to another.
Any generalization of the form "applications do X" is dubious on its face.
There are basically two incentives to support IPv6: one is more
addresses, the other is a better behaved network that is capable of
supporting a wider range of applications at lower cost. If NAT-PT is
widely deployed, the second incentive is removed.
Ietf mailing list