[arin-ppml] The role of NAT in IPv6

Gary T. Giesen ggiesen at akn.ca
Thu Apr 15 11:39:38 EDT 2010


On Thu, 2010-04-15 at 11:21 -0400, Gams, Matthew D wrote:
> This assumes that just because you access the Internet you should be globally routable. I know it's too late to debate addressing schemes as IPv6 is already here but just because you have an insanely large address pool doesn't mean every toaster needs to have a globally unique address.
> 
> I don't want NAT for security reasons as that is just the wrong model. I and that layer of abstraction between public and private resources. This is the same model used in just about every area you look. In the physical world and city addresses where multiple 5th Streets exist in different cities but you have state, city, zip to make the repeated address unique. This also occurs with computer memory etc. where the virtual address space is given independent of physical RAM and allows you to have more virtual RAM than physical.
> 
We actually have a pretty close analogue to this. The last /64 is the
"street address" which is repeated over and over, and the first /64 is
the combination of "city, state, country" just happens to be broken up
along more arbitrary lines (a group of /32's are assigned to ARIN as
your "region", and the individual /32's or /48's are assigned to your
ISP (or directly to you). It's really the same model. We're not
operating on the layer 2 model where it's a completely flat addressing
scheme....

GG

> As you might be able to tell I would have preferred a different approach than IPv6 altogether where the full IPv4 address space was used for private addressing and edge devices would have prefixes that made them unique based on geographic/country/ISP information. But anyway, I am not convinced that NAT should be abandoned...
> 
> 
> 
> -----Original Message-----
> From: Gary Giesen [mailto:ggiesen at akn.ca] 
> Sent: Thursday, April 15, 2010 9:55 AM
> To: Gams, Matthew D; 'arin-ppml at arin.net'
> Subject: Re: [arin-ppml] The role of NAT in IPv6
> 
> On 10-04-15 10:27 AM, "Gams, Matthew D" <Matthew.Gams at chartercom.com> wrote:
> 
> > I don't understand why everyone wants to go IPv6 with global addressing
> > everywhere. And the solution to renumbering is getting organizations with
> > their own blocks which will slowly make the routing tables just as ugly as
> > IPv4????
> > 
> > I would say NAT66 with Site-local "private" addressing on the inside.
> > 
> > On the networks I've ran, I would never want to worry about renumbering just
> > because of an ISP change and I am not thinking that GUA is the way to go.
> > 
> > Keep the internal network internal and only change your outside numberings
> > when you need along with static NAT/NAT pools.
> > 
> > Am I missing something???
> 
> Yes, NAT is an ugly beast that we wish would disappear...
> 
> Since we have abundant globally unique addresses, and no equivalent to
> RFC1918 in IPv6, it has reached the end of its usefulness...
> > 
> > 
> > -----Original Message-----
> > From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On Behalf
> > Of Chris Engel
> > Sent: Wednesday, March 31, 2010 9:56 AM
> > To: 'arin-ppml at arin.net'
> > Subject: Re: [arin-ppml] The role of NAT in IPv6
> > 
> > Owen Delong wrote:
> > 
> >> Actually, the places that most need to deploy IPv6 at this
> >> point being eye-ball ISPs and the public-facing portions of
> >> content and services providers, I don't think that NAT has
> >> been an actual barrier to adoption in either of those spaces.
> >> The vast majority of people calling for NAT66 are the
> >> enterprise interior, which is, IMHO, the least critical and
> >> least likely group to get on the IPv6 bandwagon quickly
> >> regardless of what is done to appease them.
> > 
> > 
> > Well, in addition to being an Enterprise...my company is also an ASP.... which
> > I believe would qualify as a "content and services provider" under your
> > definition.
> > 
> > So lets see, if I want to deploy IPv6 currently....
> > 
> >  - Huge transition costs
> > 
> >  - No support for tools I rely on every day to make MY environment work the
> > way I want it.
> > 
> >  - Out of compliance with current regulatory standards.
> > 
> > 
> > Gee Whiz... where do I get to sign up for that?
> > 
> > 
> > 
> > 
> > 
> > 
> > Christopher Engel
> > 
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> > _______________________________________________
> > PPML
> > You are receiving this message because you are subscribed to
> > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > Unsubscribe or manage your mailing list subscription at:
> > http://lists.arin.net/mailman/listinfo/arin-ppml
> > Please contact info at arin.net if you experience any issues.
> 
> 
> E-MAIL CONFIDENTIALITY NOTICE: 
> 
>  
> 
> 
> 
> 
> 
> The contents of this e-mail message and 
> any attachments are intended solely for the 
> addressee(s) and may contain confidential 
> and/or legally privileged information. If you 
> are not the intended recipient of this message 
> or if this message has been addressed to you 
> in error, please immediately alert the sender
>  by reply e-mail and then delete this message 
> and any attachments. If you are not the 
> intended recipient, you are notified that 
> any use, dissemination, distribution, copying, 
> or storage of this message or any attachment 
> is strictly prohibited.
> 
> 
> 
> 
> 
> 
> 
> 




More information about the ARIN-PPML mailing list