On Feb 14, 2008, at 4:16 PM, Iljitsch van Beijnum wrote:
On 14 feb 2008, at 21:49, Florian Weimer wrote:
The prevailing assumption is that IPv6 end nodes will be globally
addressable for practical purporses. I think this is a very unlikely
Are you saying that there will be IPv6 NAT?
Absolutely. 100% guaranteed that some organizations out there will
continue to use NAT even with IPv6.
In my opinion, anyone who thinks otherwise does not understand how
wedded corporate enterprises are to NAT and how NAT will only be
removed when the keyboard is pulled from the cold, dead fingers of
the last remaining sysadmins.
Instead of the "private addresses" of IPv4 as defined in RFC1918 it
will simply be the "Unique Local Addresses" of IPv6 as defined in
RFC4193 - http://tools.ietf.org/rfcmarkup?doc=rfc4193 Instead of
starting with 10. (or 192. or 172.), the address block will start
with FC00... but the end result will be the same. (And look, this
time around it even has it's own TLA ("ULA")!)
Corporate enterprises love NAT for several reasons. Here are two:
1. "SECURITY" - There is this belief that an organization is more
secure by hiding the topology of their entire network behind a few
public addresses that can be locked down and secured by appropriate
firewalls and gateways. IT staff don't give a darn about our
glorious visions of end-to-end connectivity... they only care about
"securing the perimeter" and many (most?) see NAT as one way of doing
that. We can argue endlessly that this may simply be an illusion
(delusion?) on their part and that NAT really doesn't provide real
security, but from what I have seen it *is* the prevailing view out
there within the IT community.
2. CONTROL - Organizations like the control that comes with defining
their own address ranges. They don't need to obtain permission from
anyone to number certain networks. They just do it. Simple. Easy.
They can create a master plan across all their locations on their
WAN. As they add more networks through growth (either new
installations or through mergers/acquisitions), they can simply
assign those new networks numbering blocks out of their master plan.
In fact, I would argue that ULA addressing (there I go with that
TLA!) makes that even nicer since the recommended means of generation
of the ULA block (in RFC4193) *should* wind up reducing the conflicts
we have today where merging entities are both using identical
sections of the RFC1918 10.x block. In theory the networks should be
even easier to merge. Likewise, if a network gets split off from
another one, it may be able to be merged into its new owner very
easily (and without renumbering) via ULA addressing.
In this last instance, think of what happens if I'm using assigned
IPv6 addresses from Company A and now my network is sold to Company
B. Now I have to renumber my entire network to use Company B's
assigned IPv6 addresses. If I just use ULA addressing I don't have
to renumber (unless by some freak chance I happen to be using the
same ULA block that some other network in Company A is using).
So yes, I absolutely think that NAT will continue in IPv6. Corporate
enterprises are comfortable with it and expect it. That's the reality.
And that we should design protocols running on top of IPv6 to take NAT
If yes on both, how can we do that without a NAT specification so that
the IETF can design protocols to work with NAT and vendors can build
NATs that work with IETF protocols?
I.e., either we assume no NAT in IPv6, or create a NAT standard. Those
are the only sane options.
My 2 cents,
Dan York, CISSP, Director of Emerging Communication Technology
Office of the CTO Voxeo Corporation dyork(_at_)voxeo(_dot_)com
Phone: +1-407-455-5859 Skype: danyork http://www.voxeo.com
Blogs: http://blogs.voxeo.com http://www.disruptivetelephony.com
Bring your web applications to the phone.
Find out how at http://evolution.voxeo.com
Ietf mailing list