[arin-ppml] Proposal - Remove Initial Small Assignment Requirements for IPv6
hostmaster at uneedus.com
hostmaster at uneedus.com
Tue Sep 14 13:19:06 EDT 2021
No, nat eliminates all the various translation tables, and the rewriting
of headers that NAT requires. This extra overhead shows in the form of
slower connections when NAT is used.
Also, did you forget (if you are in the USA) CALEA? If you translate all
your customers traffic, CALEA requirements more or less mean you have to
log all that traffic on those CGNAT boxes, which will alone defeat any of
the cost savings of CGNAT.
Smart ISP's with IPv4 shortages that use CGnat often do port mapping with
their customers so that they do not have to log. A certain range of ports
are provided to each customer, so that no logging is required.
And since there are PLENTY of IPv6 addresses, why use effort processing
IPv6 in a CGnat box? That part makes no sense at all. Just route the
packets and be done with it.
Honestly, the only reason I can see for NAT on IPv6 is so fallover in a
multihome enviroment that can be handled the same as it is with IPv4 so
that BGP is not required for fallover.
Nat also assumes that noone wants to run their own internet services.
While many things like cameras use a remote server to bypass the NAT
leading to vendor tiein, things are clearly cleaner if each workstation or
other device like a camera can run its own publically accessable services.
Note that this does not mean that firewalls cannot be in place to block
things that are not intended to be world readable. NAT is NOT a substitute
for a firewall.
If you want NAT on the networks you manage, go for it. All the tech bits
to make NAT work in IPv6 are there. Just do not expect the rest of us
that would like to get back to the end-to-end model to support your
choice, and I am sure some of your users will wish you did not make that
choice, because of things they want that may not work in this enviroment.
Some of the best proponents of v6 is the gaming community, which have been
fighting the limitations of NAT for as long as they have been around.
Albert Erdmann
Network Administrator
Paradise On Line Inc.
On Tue, 14 Sep 2021, Joe Maimon wrote:
>
>
> hostmaster at uneedus.com wrote:
>> During the entire time since TCP over IPv4 started, the "default"
>> expectation was that each workstation or server would be given its own
>> public address. The same thing is also considered the default in IPv6, and
>> the idea of NAT on IPv6 was not seriously considered is the fact that every
>> network already has more public addresses than all of IPv4, thus there is
>> no real need for NAT for address sharing.
>
> The problem is that No NAT for IPv6 is religious dogma, regardless of the
> reason anyone may have for wanting it, which may have nothing at all to do
> with address sharing. Even fixing multihoming and readdressing (to the extent
> it may be possible) will not eliminate any and all motivations for NAT. Its
> time to standardize NAT and move on.
>
> Now imagine if all those CGNAT boxes are also doing a workable version of
> NAT-PT. Deploying customers with any IPv4 becomes optional.
>
> Joe
>
>
More information about the ARIN-PPML
mailing list