At 12:55 PM 4/25/00 -0400, J. Noel Chiappa wrote:
The basic key *architectural* problem with NAT (as opposed to all the
mechanical problems like encrypted checksums, etc, some of which can be
solved with variant mechanisms like RSIP), as made clear by Keith's comments,
is that when you have a small number of external addresses being shared by a
larger number of hosts behind some sort of "address-sharing" device, there's
no permanent association between an address and a host. It's *that* that
causes many of the worst problems - problems for which there *is* no good
work-around (because the problem is fundamental in nature).
Now, if you have a site which has more hosts than it can get external IPv4
addresses for, then as long as there are considerable numbers of IPv4 hosts a
site needs to interoperate with, *deploying IPv6 internally to the site does
the site basically no good at all*.
I think we've been through all this already and we explored it deeply at
the IAB Network Layer Workshop. One of the conclusions is that an IPv6
network NAT'ed to the IPv4 Internet isn't any better than what we have
today with
IPv4-NAT-IPv4, yet it will allow the given network to move to IPv6 in hopes
of someday connecting to other IPv6 networks without using NAT.
So if you are NAT'd to the public Internet today, you shouldn't have a
problem with converting internally to IPv6. At least from an architectural
sense. :)