[arin-ppml] The role of NAT in IPv6

[Gary T. Giesen]

On Thu, 2010-04-15 at 14:31 -0400, Dan White wrote:
> On 15/04/10 10:21 -0500, Gams, Matthew D wrote:
> >This assumes that just because you access the Internet you should be globally routable. I know it's too late to debate addressing schemes as IPv6 is already here but just because you have an insanely large address pool doesn't mean every toaster needs to have a globally unique address.
> 
> Frederick P Brooks, in his new Design on Design book, articulates something
> that I've always strongly believed in. When discussing several key
> components of a good design (not networking specific):
> 
> 	Generality is the ability to use a function for many ends. It expresses
>      the professional humility of the designer, his conviction that users
>      will be inventive beyond his imagination and that needs may change
>      beyond his ability to forecast. The designer should avoid limiting a
>      function by his own notions about its use. When you don't know, grant
>      freedom.
> 
> Protocol designers should not be thinking about the wisdom of addressing a
> toaster. They have a different purpose. The same should be (mostly) true of
> the RIR allocation process, and the ISP assignment process.
> 
> The debate about how addresses should be used should be done at the end
> user or enterprise level. NAT will be used in IPv6, because many enterprise
> and home users will deem that to be most appropriate for their users.
> Those admins have the responsibility to secure their networks in
> whatever way makes most sense to them.
> 
For home users (whose cost to renumber is the smallest out of all groups
and truly have absolutely no reason to use it) will get the greatest
benefit from not having NAT. Since they don't have dedicated network
admins to troubleshoot NAT issues.

> But I feel that ISPs and network operators that NAT in front of their
> enterprise, business, and residential customers are doing them a great
> disservice.

I don't think any ISP is talking about NAT66'ing their customers, it's
more about whether their customers should do it themselves.

As Owen has pointed out many times, the cost of supporting NAT is rarely
borne by the person implementing it. It's borne by everyone else trying
to sell services to the the NAT'd customer.

If you think it's wrong to use IP allocation policy as a tool for a
prescriptive approach to NAT in IPv6 (or lack thereof), we're already
using it as a measure to constrain BGP table growth, which like NAT, is
a cost shared mostly not by the route originator (read: NAT
implementer), but by everyone else.

GG