[arin-ppml] IPv4 Depletion as an ARIN policy concern

Owen DeLong owen at delong.com
Tue Oct 27 10:31:57 EDT 2009 

> I don't know about that.  The transition was started in time but has  
> been
> stonewalled by those planning to monetize their IP real-estate.  The
> stonewalling has been in the form of continued FUD regarding IPv6  
> NAT.  It
> has also been slowed by short-sighted implementors who fail to see  
> that
> there is no value in IPv6 until a v6 node can access 100% of the IPv4
> Internet as well.
>
I don't buy into either of those statements.

First, I'm not really sure why you think NAT is necessary in IPv6.  It  
really isn't,
and, it really isn't a good idea.  This isn't FUD, it's fact.  There's  
really nothing
in NAT that helps anything except address conservation. Many people  
mistake
the fact that NAT requires a stateful inspection gateway to function for
security being provided by NAT.  The security is not provided by NAT, it
is provided by stateful inspection.

Second, there is lots of value in IPv6 even though IPv6 nodes cannot
access the IPv4 internet.  True, there's not much value today in having
an IPv6 only node, but, there's lots of value in having dual-stack  
nodes,
which is what we are really trying to get as many people as possible to
move towards between now and IPv4 free pool depletion.

> The bridge from v4 to v6 has only two real obstacles: 1) a  
> standardized
> version of IPv6 NAT, and 2) a 1:1 mapping of legacy v4 routing to  
> v6.  But
> you won't hear much about these two roadblocks in this forum due to  
> the
> signal to noise ratio, skewed by planning (sometimes salivating)  
> over the
> coming v4 resale market.
>
Again, please explain why you think that NAT and all that it breaks is a
necessary tool for IPv6 migration?  What functionality is it that NAT
provides that isn't already available without NAT?

Second, I'm not sure what you mean by a 1:1 mapping of v4 routing
to v6.  There are already IPv4 mapped addresses in IPv6
in the form of ::ffff:192.168.5.3. If you're talking about some way
for all IPv6 only nodes to reach all IPv4 only nodes and/or vice-versa,
that's been shown to be a very difficult problem to solve, but, there
are two solutions that seem to be gaining some traction.

There is IPv4 NAT-PT, and, there is work by ISC and Comcast on
a process known as Dual-Stack Lite (ds-lite).  Both have their
issues (mostly related to the kind of brokenness you expect
from NAT), but, within certain limitations, seem to mostly work.

In any case, if you think that changes to ARIN policy can in some
way make this better, please let us know what changes you would
like to see or, better yet,  submit a proposal to effect those changes.

Owen

More information about the ARIN-PPML mailing list