[arin-ppml] CGN multiplier was: RE: Input on an article by Geoff Huston (potentially/myopically off-topic addendum)

Michel Py michel at arneill-py.sacramento.ca.us
Thu Sep 15 11:04:55 EDT 2011


> Owen DeLong wrote:
> But the barrier to getting PI in IPv6 is so low that
> I really think PI is preferable to NAT.

Not always. I was reading the exchange with Matthew, and he wins the
argument. You start to sound like Keith Moore ;-)


For the small fish, there are 5 needs:

1. Basic and idiot-proof firewall.
2. No renumbering when switching providers.
3. Some kind of fault tolerance.
4. Some kind of load-balancing.
5. Cheaper than dirt.

NAT provides all these. PI does not. And I see all the time companies
with PI and full BGP that also use NAT.

So, we still haven't found the Holy Grail that provides all of these
features without the inconveniences of NAT.


David, RFC6296 is an attempt at that, but as said earlier the stateless
advantage is going to be cancelled by a stateful firewall. Besides, that
technology has existed with IPv4 for ages (it's called subnet
translation) and I don't see of it in the real world, even with
organizations that have enough PI addresses to do it.

Michel.




More information about the ARIN-PPML mailing list