That's a terrible idea, because it would pander to the myths that
NAT is a security or policy tool.
Brian,
Several comments in this thread have suggested that security is the
primary driver for NAT.
While it is surely a factor, I believe the dominant driver for NAT is
addressing autonomy.
Unless/until enterprise (or even home) network operators have some
number of bits of address to call their own, without risk of forced
change or being held hostage to their ISP, you will have NAT for v6
just like for v4. I think you can take that to the bank.
They have that today without NAT. You are stuck in IPv4
think. You are thinking *one* address per interface.
IPv6 was designed with *multiple* addresses per interface
in mind.
Use ULA + global addresses. There is no need to NAT from
one address to another. Your internal network connects
over ULA, you external net connects of a global addresses.
Even with 1 to 1 NAT in IPv4 you have to use new global
addresses for people to reach you.
Note: this works today. link-local + ULA + global.
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=1b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
inet6 fe80::214:22ff:fed9:fbdc%bge0 prefixlen 64 scopeid 0x1
inet6 fd92:7065:b8e:0:214:22ff:fed9:fbdc prefixlen 64 autoconf
inet6 2001:470:1f00:820:214:22ff:fed9:fbdc prefixlen 64 autoconf
inet 192.168.191.236 netmask 0xffffff00 broadcast 192.168.191.255
ether 00:14:22:d9:fb:dc
media: Ethernet autoselect (10baseT/UTP <half-duplex>)
status: active
% env |grep SSH
SSH_CLIENT=fd92:7065:b8e:0:2e0:29ff:fe19:c02d 4656 22
SSH_CONNECTION=fd92:7065:b8e:0:2e0:29ff:fe19:c02d 4656
fd92:7065:b8e:0:214:22ff:fed9:fbdc 22
%
Mark
(Note that autoconf doesn't remove this need... enterprise operators
will have local host addresses sprinkled throughout a plethora of
departmental traffic disruption appliances, so renumbering will be
viewed by many as a non-starter.)
-teg
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews(_at_)isc(_dot_)org
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
http://www.ietf.org/mailman/listinfo/ietf