In message
<DD7FE473A8C3C245ADA2A2FE1709D90B1C828F(_at_)server2003(_dot_)arneill-py(_dot_)sacram
ento.ca.us>, "Michel Py" writes:
Ralph Droms wrote:
Would someone with first-hand knowledge of the reasons "several
major corporations publicly indicate that they intend to use NAT
with IPv6" be willing to compare those reasons with the reasons
listed in draft-vandevelde-v6ops-nap-01, and identify any reasons
that might be missing from Gunter's document? Might be useful to
consider extending draft-vandevelde-v6ops-nap-01 to address all
the known reasons for IPv6 NAT.
I'm not into this anymore, but two of the reasons are:
1. Significant numbers of enterprise network operators do not want
multiple addresses per host. It makes everything more complex: access
control, troubleshooting, internal firewalling, documentation, etc. And
during the transition, it also creates a network with two different
models. NATting at the edge instead is not a free lunch, but it is
well-known and maintains a single-model, simpler network. Stateful
firewalls capable of dealing with multi-address hosts that change IP
addresses on the fly will be a significant challenge.
Actually, NATting at the edge is a disaster for a lot of those reasons,
because of the difficulty it causes when you receive external trouble
reports -- who caused it?
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf