[arin-discuss] Trying to Understand IPV6

David Farmer farmer at umn.edu
Mon Sep 13 17:28:21 EDT 2010 

On 9/13/10 15:44 CDT, Matthew S. Crocker wrote:
>
>
> In short because NAT is evil.  Customers don't normally have a clue what NAT means or if it actually provides security or not.  A properly configured home IPv6 appliance can provide the same levels of security without NAT. Stateful packet inspection and real IPv6 addresses on all devices is far superior to NATted IPv4

Can we please not have another thread go down the NAT vs. no-NAT 
argument drain.

> NAT is the bane of my existence as a VoIP provider.  If only my phones supported IPv6...

While I tend to agree with the no-NAT camp personally. IPv6 transition 
cannot afford to be bogged down by NAT v. no-NAT.  It is a bad idea for 
IPv6 to require a no-NAT network design.

> -Matt
>
> ----- Original Message -----
>
>> From: "Mike Lieberman"<mike at netwright.net>
>> To: arin-discuss at arin.net
>> Sent: Monday, September 13, 2010 4:17:37 PM
>> Subject: Re: [arin-discuss] Trying to Understand IPV6
>>
>> I have been reading all these discussions (mostly silently) for a
>> long, long
>> time. I understand what a /48 is and a /56, /64 and /128. I understand
>> the
>> notation.
>>
>> Quite frankly what I don't get is why anyone thinks that consumers
>> want
>> public numbers inside their home/LANs.  Once my customers understood
>> the
>> benefit of hiding behind a NAT, they embraced it quite emphatically.
>>
>> Put a private residence on public IPv6? Sorry but that makes no sense.
>>
>>
>> Yes I agree that I don't know what people will need in 20 years. And
>> YES it
>> is nice that we will have address space in 20 years. But allocating a
>> /48 to
>> a home that today uses an IPv4 /30 with a private NAT seems beyond
>> humorous.
>> It just sounds insane. Using private addressing that home already
>> potentially has access thousands of subnets and millions of addresses.

Standardization and one-size fits all has a number of technical, 
logistical and marketing advantages in many fields of endeavor, 
assigning /48s to sites IPv6 is just following that well understood idea 
and bringing it into the networking world.

>> RFC 4193 provides even more addresses for use with firewall/NAT
>> appliances.
>> Why does a home or business using RFC 4193 need a /48 or even a /56 or
>> /64.

RFC 4193, provides a locally assigned /48, by providing a /48 public 
assignment this allows a 1-to-1 NAT gateway to be used, this can be 
implemented fully stateful or stateless.  So even if your customers plan 
to implement NAT in IPv6, there are advantages to assigning /48s to all 
sites.

>> Just because we have the numbers does not mean we should distribute
>> them.

What are you going to do with them then?  You can't eat them. :)

Take a look at Owen's analysis earlier in the thread.  While it may not 
seem like it, /48 is actually a relatively conservative amount of 
address space to give to a site. Remember there are 128 bits to work 
with, a /48 in IPv6 is about 6 orders of magnitude more conservative 
than a /29 in IPv4.

-- 
===============================================
David Farmer               Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota	
2218 University Ave SE	    Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

More information about the ARIN-discuss mailing list