[arin-ppml] IPv6 Non-connected networks
Frank Bulk
frnkblk at iname.com
Sat Mar 27 17:40:39 EDT 2010
As others have said, and having worked at and managed an ISP help desk, I
can tell you that 95% of consumers don't know what NAT is, and don't care.
And 90% probably don't know what an IP address is. If we gave them IPv20
and it allowed them to get online to check facebook and check the latest
game score they would be happy. They won't have any issue giving up IPv4
NAT because most of them never knew what it was. Of course, we're likely to
see IPv4 NAT in place for many years to come because IPv4 address depletion
!= no IPv4 content.
Not once while thinking about IPv6 have I given any extended consideration
to educating my end customers about IPv4 address depletion and this "new"
thing called IPv6. The key customer impact I'm thinking about is how I can
help make their PC IPv6 ready (thanks, Microsoft, for turning it on by
default in Windows Vista and 7!) and how I communicate to them that we need
to change out their DSL/Wi-Fi/wireline-only router or router-integrated
cable modem and apologize for the inconvenience. It might very well happen
in a few years time that our residential customers demand that we compensate
them for having to purchase a new router so that they can access
IPv6-only-acme.com from their PC!
PAT was a stopgap measure with many short-comings. If we can swap out their
CPE with IPv6-capable stateful firewall/routers, we do ourselves a world of
favor. I will then be able to tell the customer which PC in their home is
infected with malware, sending out spam, or offer a more granular internet
filtering service.
What security issues are created back the lack of NAT? If you're thinking
of CPE moving to a pure router, I believe the broad consensus in this
community is that we need stateful firewalls that default to closed. An
IETF IPv6 WGs is working on fleshing that out now.
I'm not sure how you can assess that IPv6 has received a "thumbs-down" from
consumers -- I've not run across such a study or report. If anything,
service providers are frustrated by the lack of consumer-oriented CPE that
support IPv6.
Frank
-----Original Message-----
From: arin-ppml-bounces at arin.net [mailto:arin-ppml-bounces at arin.net] On
Behalf Of Roger Marquis
Sent: Friday, March 26, 2010 3:56 PM
To: William Herrin
Cc: arin-ppml at arin.net
Subject: Re: [arin-ppml] IPv6 Non-connected networks
>> I believe that it means exactly what I intended per the definition below.
>> admit (an event or activity) as legal or acceptable
>> fail to prevent (something) from happening
>
> Why then I apologize, because I thought you meant to convey that NAT
> should be *required* to become obsolete with IPv4, perhaps by
> obstructing folks' choice to use it in IPv6. Surely Roger only meant
> to offer his opinion that given a choice, few network security
> professionals would choose to abandon the use NAT.
It isn't just network security professionals who won't give up NAT,
end-user consumers also won't. If anything is clear from the past few
year's field trials it's that IPv6 has received a vote of no confidence
from consumers. It has received that thumbs down primarily because it
lacks address translation.
IMO there's no painless way to transition to IPv6 without NAT. Compound
that with the security issues created by the lack of NAT and, well, you
have where we are today.
Roger
More information about the ARIN-PPML
mailing list