[arin-ppml] The role of NAT in IPv6
Owen DeLong
owen at delong.com
Mon Mar 29 13:52:26 EDT 2010
On Mar 29, 2010, at 9:00 AM, Chris Engel wrote:
>
> This discussion never ceases to amaze me... though it is very similar to some I've experienced in the IETF NAT66 mailing list. On the one hand...you have alot of folks moaning about why IPv6 adoption is so slow...and the problems that are going to be caused by that to the internet as a whole... and wondering what can be done to spur quicker adoption.
>
> Then when some people come along and say.... You know I'd be more likely to consider adopting IPv6 but it doesn't support X (fill in whatever you want for X) and I really need/want to use X. You turn around and dismiss them saying.... oh you're wrong, X is evil. We should never support X...in fact we should do everything we can to prevent X from being supported in IPv6.
> Then you wonder why the very same people aren't falling all over themselves to adopt IPv6?
>
> As an analogy...imagine you're selling phones. You put your brand new yellow phone out on the market and discover that sales are flat. Some portion of your customer base turns around and says... "You know...I'd consider your phone, but I really need it in black." You respond "Oh black is a horrible color.... you should never use black. You don't need black... WE know what you need... you need yellow. You can have any color that you want.... as long as it's YELLOW."
The difference is that the color of your phone only affects those who have to look at it (you).
NAT affects the broader internet and inflicts costs on people not responsible for the decision to use NAT.
It's more like selling solar-based backup power units and having the customers come along and say "I'd like to buy this, but, I really need it to burn coal instead of depending on sunshine."
> Then you turn around and scratch your heads wondering why you aren't selling more phones.
>
Actually, the places that most need to deploy IPv6 at this point being eye-ball ISPs and the public-facing portions of content and services providers, I don't think that NAT has been an actual barrier to adoption in either of those spaces. The vast majority of people calling for NAT66 are the enterprise interior, which is, IMHO, the least critical and least likely group to get on the IPv6 bandwagon quickly regardless of what is done to appease them.
>
> I don't know about the average home user. I'm sure most of them don't care about the technical details of how thier internet service is delivered to them/configured....as long as they can get to the sites they want. However for the Enterprise customers... NAT is considered very important. I can think of at least a half dozen ways in which it is useful to me.... have posted them before to this list. I can only think of a single incident where NAT caused any difficulty to me while working here....and that was a very minor and unimportant issue.
>
Yep... That's the key problem with NAT that causes me to refer to it as a toxic pollutant. It doesn't cause any problems to the NAT implementer, it causes problems (costs) to people that are providing services to users behind the NAT implementer. The NAT implementer has access to both sides of the NAT to investigate problems and knows that NAT is there to inflict damage. He knows what kind of damage his particular NAT is inflicting and so his troubleshooting environment is deterministic and readily understood by him.
On the other hand, for someone selling services to customers behind said NAT who has no access to both sides for diagnostic purposes and has no direct knowledge of the particular implementation or model of damage being done, it increases variables, costs, time, etc.
> I hate to tell you all this but...IF IPv6 does see general adoption...NAT/PAT (including many:1 NAT) WILL eventualy be running under it. The reason is simple....there are too many people just like me that find it useful and are willing to pay for it. Eventualy there WILL be vendors who recognize that demand and want to CASH IN on it. They will find a way to make it work in IPv6 even if it involves some very ugly hacks to the protocol.... and you WILL be living on an internet that involves NAT. The only thing that you will achieve by fighting to make NAT harder to use in IPv6 is slowing the adoption of IPv6 itself.
>
If NAT lives only at a few enterprise borders, that's fine. Having generalized support for NAT in the protocol specs, OTOH, would encourage a much wider deployment of it and worse, cruft in software to support NAT traversal all over again. If we can just avoid ISVs producing stuffing NAT traversal code into their software, it's a win for the industry in general, and, the damage by NAT become a consequence to your network instead of the rest of the world. I can live with that.
Owen
More information about the ARIN-PPML
mailing list