[arin-ppml] The role of NAT in IPv6
Gams, Matthew D
Matthew.Gams at chartercom.com
Thu Apr 15 11:52:20 EDT 2010
> -----Original Message-----
> From: Gary T. Giesen [mailto:ggiesen at akn.ca]
> Sent: Thursday, April 15, 2010 10:40 AM
> To: Gams, Matthew D
> Cc: 'arin-ppml at arin.net'
> Subject: RE: [arin-ppml] The role of NAT in IPv6
>
> On Thu, 2010-04-15 at 11:21 -0400, Gams, Matthew D wrote:
> > This assumes that just because you access the Internet you should be
> globally routable. I know it's too late to debate addressing schemes as
> IPv6 is already here but just because you have an insanely large address
> pool doesn't mean every toaster needs to have a globally unique address.
> >
> > I don't want NAT for security reasons as that is just the wrong model.
> I and that layer of abstraction between public and private resources.
> This is the same model used in just about every area you look. In the
> physical world and city addresses where multiple 5th Streets exist in
> different cities but you have state, city, zip to make the repeated
> address unique. This also occurs with computer memory etc. where the
> virtual address space is given independent of physical RAM and allows
> you to have more virtual RAM than physical.
> >
> We actually have a pretty close analogue to this. The last /64 is the
> "street address" which is repeated over and over, and the first /64 is
> the combination of "city, state, country" just happens to be broken up
> along more arbitrary lines (a group of /32's are assigned to ARIN as
> your "region", and the individual /32's or /48's are assigned to your
> ISP (or directly to you). It's really the same model. We're not
> operating on the layer 2 model where it's a completely flat addressing
> scheme....
>
Close is the key word. It is a flat address which is then being logically broken down. A true hierarchical model (closer to the OSI addressing) would have those layers built-in and be able to take them out when not needed. Also, the IPv6 model breaks down as you allow exceptions with bigger organizations getting direct allocations.
I like the level concept in IS-IS and wish IPv6 would have taken the concept and created something a bit different. Level-0, 1, 2, 3, and 4. We could have still ended up with 128-bit addressing if needed (or more) and been much more efficient. Organizations would still use their comfortable 32-bit IPv4 addresses and only the network "gods" would know anything about the larger space available. During transition RFC1918 would be kept intact but eventually DNS would respond with the updated prefixes to allow global routing of the new blocks and in theory the whole 32-bit address space could be used internally.
Routers would only know about the level are configured for with only Level-4 being the biggest back-bone routers that know the whole structure.
Oh well, maybe in another reality... :)
> GG
>
> > As you might be able to tell I would have preferred a different
> approach than IPv6 altogether where the full IPv4 address space was used
> for private addressing and edge devices would have prefixes that made
> them unique based on geographic/country/ISP information. But anyway, I
> am not convinced that NAT should be abandoned...
> >
> >
> >
> > -----Original Message-----
> > From: Gary Giesen [mailto:ggiesen at akn.ca]
> > Sent: Thursday, April 15, 2010 9:55 AM
> > To: Gams, Matthew D; 'arin-ppml at arin.net'
> > Subject: Re: [arin-ppml] The role of NAT in IPv6
> >
> > On 10-04-15 10:27 AM, "Gams, Matthew D" <Matthew.Gams at chartercom.com>
> wrote:
> >
> > > I don't understand why everyone wants to go IPv6 with global
> addressing
> > > everywhere. And the solution to renumbering is getting organizations
> with
> > > their own blocks which will slowly make the routing tables just as
> ugly as
> > > IPv4????
> > >
> > > I would say NAT66 with Site-local "private" addressing on the
> inside.
> > >
> > > On the networks I've ran, I would never want to worry about
> renumbering just
> > > because of an ISP change and I am not thinking that GUA is the way
> to go.
> > >
> > > Keep the internal network internal and only change your outside
> numberings
> > > when you need along with static NAT/NAT pools.
> > >
> > > Am I missing something???
> >
> > Yes, NAT is an ugly beast that we wish would disappear...
> >
> > Since we have abundant globally unique addresses, and no equivalent to
> > RFC1918 in IPv6, it has reached the end of its usefulness...
> > >
> > >
> > > -----Original Message-----
> > > From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net]
> On Behalf
> > > Of Chris Engel
> > > Sent: Wednesday, March 31, 2010 9:56 AM
> > > To: 'arin-ppml at arin.net'
> > > Subject: Re: [arin-ppml] The role of NAT in IPv6
> > >
> > > Owen Delong wrote:
> > >
> > >> Actually, the places that most need to deploy IPv6 at this
> > >> point being eye-ball ISPs and the public-facing portions of
> > >> content and services providers, I don't think that NAT has
> > >> been an actual barrier to adoption in either of those spaces.
> > >> The vast majority of people calling for NAT66 are the
> > >> enterprise interior, which is, IMHO, the least critical and
> > >> least likely group to get on the IPv6 bandwagon quickly
> > >> regardless of what is done to appease them.
> > >
> > >
> > > Well, in addition to being an Enterprise...my company is also an
> ASP.... which
> > > I believe would qualify as a "content and services provider" under
> your
> > > definition.
> > >
> > > So lets see, if I want to deploy IPv6 currently....
> > >
> > > - Huge transition costs
> > >
> > > - No support for tools I rely on every day to make MY environment
> work the
> > > way I want it.
> > >
> > > - Out of compliance with current regulatory standards.
> > >
> > >
> > > Gee Whiz... where do I get to sign up for that?
> > >
> > >
> > >
> > >
> > >
> > >
> > > Christopher Engel
> > >
> > > _______________________________________________
> > > PPML
> > > You are receiving this message because you are subscribed to
> > > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > > Unsubscribe or manage your mailing list subscription at:
> > > http://lists.arin.net/mailman/listinfo/arin-ppml
> > > Please contact info at arin.net if you experience any issues.
> > > _______________________________________________
> > > PPML
> > > You are receiving this message because you are subscribed to
> > > the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
> > > Unsubscribe or manage your mailing list subscription at:
> > > http://lists.arin.net/mailman/listinfo/arin-ppml
> > > Please contact info at arin.net if you experience any issues.
> >
> >
> > E-MAIL CONFIDENTIALITY NOTICE:
> >
> >
> >
> >
> >
> >
> >
> > The contents of this e-mail message and
> > any attachments are intended solely for the
> > addressee(s) and may contain confidential
> > and/or legally privileged information. If you
> > are not the intended recipient of this message
> > or if this message has been addressed to you
> > in error, please immediately alert the sender
> > by reply e-mail and then delete this message
> > and any attachments. If you are not the
> > intended recipient, you are notified that
> > any use, dissemination, distribution, copying,
> > or storage of this message or any attachment
> > is strictly prohibited.
> >
> >
> >
> >
> >
> >
> >
> >
More information about the ARIN-PPML
mailing list