[arin-ppml] The role of NAT in IPv6
marquis at roble.com
Thu Apr 15 21:28:35 EDT 2010
Owen DeLong wrote:
> I'm asserting that NAT creates the following costs borne by people
> providing services to NON-NATTed customers who have nothing
> whatsoever to do with NAT:
> 1. Additional troubleshooting difficulty/cost (web sites, services,
> network providers, network providers selling to web sites, etc.)
You've detailed problems you have had Owen, configuring cheap CPE for
protocols like SIP, but consider that the rest of us might not have those
problems. We spec capable gear where needed, or simply create static
Some of us do this gladly as we recall the pre-NAT days, and how much
troubleshooting we had to do then. Even with cheap CPE inbound
statefulness and ACLs are far easier to implement _with_ NAT. They're also
more secure, as paranoids (i.e., security engineers) uniformly agree.
> 2. Additional software complexity (ISVs)
Pure FUD, and not even just when applied to protocols like SIP and SCTP,
or applications like torrents. Weren't you just complaining about how
difficult and complex it was to implement ACLs for GUA route
announcements? Are you really claiming now that your earlier point does
not applly to NAT? Please explain this contradiction in your arguments.
> 3. Decreased security (inability to correlate events/logs)
Still waiting for you to float this opinion on firewall-wizards. Good
luck wiht that.
> 4. Increased legal costs (see 3)
Give me a break.
The arguments being made against giving consumers the option of NATting
their internal networks are as specious as those once made against spam
filters. They were rejected by the majority long ago, have never been
field tested, and are holding up the adoption of IPv6.
Follow the money and you'll see that the only good argument against NAT
in IPv6 is that it will limit the ability of IPv4 netblock holders and
hoarders to cash-in on the address shortage caused by further delays in
the roll-out of IPv6.
More information about the ARIN-PPML