[arin-discuss] Trying to Understand IPV6
David Farmer
farmer at umn.edu
Mon Sep 13 17:28:21 EDT 2010
On 9/13/10 15:44 CDT, Matthew S. Crocker wrote:
>
>
> In short because NAT is evil. Customers don't normally have a clue what NAT means or if it actually provides security or not. A properly configured home IPv6 appliance can provide the same levels of security without NAT. Stateful packet inspection and real IPv6 addresses on all devices is far superior to NATted IPv4
Can we please not have another thread go down the NAT vs. no-NAT
argument drain.
> NAT is the bane of my existence as a VoIP provider. If only my phones supported IPv6...
While I tend to agree with the no-NAT camp personally. IPv6 transition
cannot afford to be bogged down by NAT v. no-NAT. It is a bad idea for
IPv6 to require a no-NAT network design.
> -Matt
>
> ----- Original Message -----
>
>> From: "Mike Lieberman"<mike at netwright.net>
>> To: arin-discuss at arin.net
>> Sent: Monday, September 13, 2010 4:17:37 PM
>> Subject: Re: [arin-discuss] Trying to Understand IPV6
>>
>> I have been reading all these discussions (mostly silently) for a
>> long, long
>> time. I understand what a /48 is and a /56, /64 and /128. I understand
>> the
>> notation.
>>
>> Quite frankly what I don't get is why anyone thinks that consumers
>> want
>> public numbers inside their home/LANs. Once my customers understood
>> the
>> benefit of hiding behind a NAT, they embraced it quite emphatically.
>>
>> Put a private residence on public IPv6? Sorry but that makes no sense.
>>
>>
>> Yes I agree that I don't know what people will need in 20 years. And
>> YES it
>> is nice that we will have address space in 20 years. But allocating a
>> /48 to
>> a home that today uses an IPv4 /30 with a private NAT seems beyond
>> humorous.
>> It just sounds insane. Using private addressing that home already
>> potentially has access thousands of subnets and millions of addresses.
Standardization and one-size fits all has a number of technical,
logistical and marketing advantages in many fields of endeavor,
assigning /48s to sites IPv6 is just following that well understood idea
and bringing it into the networking world.
>> RFC 4193 provides even more addresses for use with firewall/NAT
>> appliances.
>> Why does a home or business using RFC 4193 need a /48 or even a /56 or
>> /64.
RFC 4193, provides a locally assigned /48, by providing a /48 public
assignment this allows a 1-to-1 NAT gateway to be used, this can be
implemented fully stateful or stateless. So even if your customers plan
to implement NAT in IPv6, there are advantages to assigning /48s to all
sites.
>> Just because we have the numbers does not mean we should distribute
>> them.
What are you going to do with them then? You can't eat them. :)
Take a look at Owen's analysis earlier in the thread. While it may not
seem like it, /48 is actually a relatively conservative amount of
address space to give to a site. Remember there are 128 bits to work
with, a /48 in IPv6 is about 6 orders of magnitude more conservative
than a /29 in IPv4.
--
===============================================
David Farmer Email:farmer at umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 612-626-0815
Minneapolis, MN 55414-3029 Cell: 612-812-9952
===============================================
More information about the ARIN-discuss
mailing list