[arin-ppml] Proposal - Remove Initial Small Assignment Requirements for IPv6
owen at delong.com
Tue Sep 14 15:47:35 EDT 2021
> The point is that at this time, we should not have to justify nat in order to permit its standardization. Standardize it and let users figure it out.
Why? It’s a local application only technology not useful on the broader internet, so why bother to standardize it? Why waste time of the standards bodies?
>> Nat also assumes that noone wants to run their own internet services. While many things like cameras use a remote server to bypass the NAT leading to vendor tiein, things are clearly cleaner if each workstation or other device like a camera can run its own publically accessable services. Note that this does not mean that firewalls cannot be in place to block things that are not intended to be world readable. NAT is NOT a substitute for a firewall.
> It is in IPv4. And lets not encourage camera server and devices to be globally accessible, we already know that is a disaster.
Actually, I’d suggest the following:
1. NAT Is NOT a substitution for a firewall. It might be integral in the firewall in IPv4, but that’s not the same thing.
2. Are cameras on the public internet a disaster because it was allowed, or are they a disaster because MFRs were
able to assume that NAT would protect them from bad engineering and somehow everyone bought into the idea
that such an assumption and bad engineering was acceptable?
3. I’d argue that switching the expectation from “Everything is behind NAT, so it’s OK to be security-careless” to
“Everything is publicly addressable and might be reachable, therefore security is important” would be very
good for the industry as a whole, not to mention end users. Yes, there will be some pain points as this
transition occurs, but the end result is highly desirable.
>> If you want NAT on the networks you manage, go for it. All the tech bits to make NAT work in IPv6 are there. Just do not expect the rest of us that would like to get back to the end-to-end model to support your choice, and I am sure some of your users will wish you did not make that choice, because of things they want that may not work in this enviroment.
> I expect exactly that. I expect you to support peoples ability to make this choice, since the current alternative is
So you expect everyone else to put in effort to support your choice of technology because you don’t like our choice… Sounds a lot like your reasons earlier claiming we shouldn’t expect v6 to be widely deployed any time soon.
You’ve successfully argued against yourself here. The advantage goes to v6 without NAT because it is further along in deployment than any effort to standardize NATv6 (fortunately).
More information about the ARIN-PPML