They are saying that NAT is not
a appropriate for solution in a IPv6 world. It adds a lot
more complexity than just a stateful firewall.
A stateful firewall doesn't also provides provider
independence and an ability to have a form of multi-homing
without playing BGP games or even telling your ISPs.
This could be done using ULA-random addresses and a form of IPv6 address
translation that does a pure one-to-one mapping of internal and external
addresses. In other words, no PAT because that is where the concept of
NAT and firewall really start to become confused. Straightforward
address translation doesn't need to carry any state in the translation
device because it is simply swapping the address prefix bits.
I am also a bit confused how a "dual stack" transition strategy to
IPv6 is going to work when the IPv4 address free pool is
exhausted in a few years without some form of NAT/ALG, but
maybe that's just me.
I don't think the IETF needs to do anything to enable ALG between v4 and
v6. People are going to write code to do that anyway.
--Michael Dillon
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf