Mark,
On Jul 2, 2007, at 6:49 PM, Mark Andrews wrote:
People arn't bashing NAT.
Oh, please. Sure they are.
They are saying that NAT is not
a appropriate for solution in a IPv6 world. It adds a lot
more complexity than just a stateful firewall.
A stateful firewall doesn't also provides provider independence and
an ability to have a form of multi-homing without playing BGP games
or even telling your ISPs.
What real benifits are there in NAT compared with carrying
multiple PA prefixes? Active connections are still going
to break when links go down. ICMPv6 will provide feedback
when the external link is gone.
I am also a bit confused how a "dual stack" transition strategy to
IPv6 is going to work when the IPv4 address free pool is exhausted in
a few years without some form of NAT/ALG, but maybe that's just me.
How many legacy boxes are going to need global connectivity
that can't be covered by a ALG, bump in the stack or something
else. I suspect most of the legacy boxes will only need
to talk locally and RFC 1918 addresses will suffice in most
cases.
If you offer a service to others you run "dual stack" either
natively or with a ALG (e.g. RIPE's whois over IPv6 did
this). When the crunch comes you start to see IPv6 only
services.
The problem is eveyone is waiting until the crunch and not
running "dual stack" now. Microsoft is doing the right
thing with Vista by turing on IPv6 on by default. Each
Vista box is a client waiting for you to turn on your dual
stack service.
This is the time when everyone should be running dual stack.
Rgds,
-drc
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf