Part of the real problem has been that the IETF failed to carefully
study, and take to heart, the operational capabilities which NAT
provided (such as avoidance of renumbering, etc, etc), and then
_failed to exert every possible effort_ to provide those same capabilities in
an equally 'easy to use' way.
I agree with Noel on that one -- as surprising as it may sound. The IETF did
recognize several problems, from privacy to renumbering to multi-homing, but
the quality of the proposed solutions has been uneven. The IPV6 response to
privacy protects the host with privacy addresses, but exposes internal network
routes. Renumbering works fairly well in small networks, but does not provide a
replacement for folks who insist in hardwiring IP addresses into filters. The
response to multi-homing requires an additional layer of protocol in the hosts
and is probably 15 years from being deployed.
Of course, NAT does not really solve multi-homing either -- it is one of the
points where the brittleness is most apparent. But NAT's do hide the internals
of a network, and do isolate networks from renumbering issues. NAT also break
lots of applications, which is why so many of us hate them. But so do
firewalls, and it seems that IPv6 firewalls are encouraged. Oh well.
-- Christian Huitema