Dan York wrote :
In the IPv6-only world, to be reached at the end of the transition
period, NATs should IMO be prohibited.
I think we will have to respectfully disagree on this one. Count me in
the camp that says that NAT will *NEVER* go away as long as corporate
enterprises believe it is of value to them (as I noted in my previous
message). Even were we to somehow "prohibit" it, enterprises would
still do it... or our stance on prohibiting it would simply be yet
another barrier for them to seriously consider moving to IPv6.
NAT is here. NAT is loved (by many). NAT will be with us until long
after we are all long gone.
I agree that many love NATs.
But that's the existing ones, private v4 to public v4.
I guess that they will also love some king of v6-v4 NATs, the ones we DO
NEED to standardize.
Regarding v6-v6 NATs, the word "prohibit", I must accept it, was not
well chosen. (There is no way, nor is there any intent to check what
people do in private premises.)
The point is rather that IMHO there will be better ways to achieve the
same privacy and security functions that NATs happen to offer.
Here is such an other way: if a client host takes a new randomly chosen
"privacy IID" for each of its outgoing connections: (1) its address and
its chosen port will keep their E2E significance; (2) no one will know
where it is in its site; (3) any attempt to call such an address will
fail; (4) the host will easily clean up its state when it knows a
connection is finished, or when it resets, or when its power is turned
off; (5) no stateful logic is needed in any intermediate box; (6)
intermediate boxes are not concerned with protocols used (UDP, TCP,
SCTP...).
Reagards.
Rémi
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf