[arin-ppml] The role of NAT in IPv6

michael.dillon at bt.com michael.dillon at bt.com
Fri Apr 16 12:10:25 EDT 2010

> With all due respect, that is an entirely false analogy. 

You are wrong; Owen is right.

> The bottom line is that people deploy NAT on thier OWN 
> networks because they CHOOSE to do so. Other people interact 
> with those networks because they CHOOSE to do so. Vendors 
> offer NAT support in thier products and services because they 
> CHOOSE to be marketable to all those customers.

It is not their OWN network. If it really was their own network
then it would not have any use for NAT or any other kind
of Internet connectivity. The moment the network connects
to the Internet, it is no longer isolated and it's configuration
and operation can have potential global impacts.

> There is no toxic polluter model at work here....what's at 
> work is a free market model.

Sure, and if Ford decided to build all their cars with a fuel
tank that had an intake pipe 5mm smaller than current gasoline
fueled cars, with a patented screw connector with special
vapor release channel, and then only licenced Exxon to use
the special connectors on their fuel pumps, would it still
be a free market?

Putting NAT on Internet gateway boxes has limited the ability
of 3rd party suppliers to supply software and services to
NAT users, the most notable being telephony services which
require having some kind of phone set to which they can send
a ringing signal. NAT disallows incoming ring signals, so the
IETF has had to create all kinds of protocol workarounds for
this like STUN. And some of these workarounds only work for
a single phoneset behind the NAT, but cannot handle a PBX or
a situation in which there is the family phone, the teenagers'
phone upstairs, and mom's phone in the basement in-law suite.

With IPv6, we have the opportunity to separate NAT from firewall
features so that these can be implemented separately. In the IPv4
world, turning off NAT, opens up a host of security issues. But
if an IPv6 Internet gateway has an included firewall feature that
is on by default, then any NAT feature can be off by default.

In this kind of IPv6 world, simple Network Address Translation 
would be used only by a much smaller subset of people who actually
have real problems to solve with it; perhaps portability and 
renumbering. It will no longer be incorrectly considered to be
part of a security solution.

> Despite what you guys may think, NAT is an attractive 
> solution to many people to address certain specific issues. 

Sure. But NAT will be much rarer in IPv6 and mostly on 
corporate gateways, not the kind of standard feature
that it is today. In any case, are there any NAT implementations
available yet for IPv6?

--Michael Dillon

More information about the ARIN-PPML mailing list