North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Security gain from NAT

  • From: David Conrad
  • Date: Wed Jun 06 12:47:44 2007

On Jun 6, 2007, at 8:59 AM, Stephen Sprunk wrote:
The thing is, with IPv6 there's no need to do NAT.

Changing providers without renumbering your entire infrastructure.

Multi-homing without having to know or participate in BGP games.

(yes, the current PI-for-everybody allocation mindset would address the first, however I have to admit I find the idea of every small enterprise on the planet playing BGP games a bit ... disconcerting)

However, NAT in v6 is not necessary, and it's still evil.

Even ignoring the two above, NAT will be a fact of life as long as people who are only able to obtain IPv6 addresses and need/want to communicate with the (overwhelmingly IPv4 for the foreseeable future) Internet. Might as well get used to it. I for one welcome our new NAT overlords...