North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
On Tue, Oct 02, 2007 at 09:50:09PM +0200, Iljitsch van Beijnum wrote: > On 2-okt-2007, at 16:55, Mark Newton wrote: > >So everyone will deploy IPv6 applications, which require no ALGs, > >instead. > >Isn't that a solution that everyone can be happy with? > > Well, I can think of a couple of things that make me unhappy: Doubtless. > - IPv4 vs IPv6 is completely invisible to the user. I regularly run > netstat or tcpdump to see which I'm using, I doubt many people will > do that. So if IPv6 works and IPv4 doesn't, that will look like > random breakage to the untrained user rather than something they can > do something about. With respect, that's why a bunch of us have been suggesting using techniques such as NAT-PT to make sure taht IPv6 works _and_ IPv4 works. If the mechanisms used lack sufficient quantities of perfection, they'll be modified until they're "good enough." > - If we do NAT-PT and the ALGs are implemented and then the > application workarounds around the ALGs, it's only a very small step > to wide scale IPv6 NAT. And thus the sky falls. Perhaps it's a perspective issue, but I really don't see a problem with that. If the network works, who cares? Perhaps you'd be happier if, in recognition of the fact that NAT appears to be a dirty word, we called it something else. The IPv6 people have already jumped on this bandwagon, so it shouldn't be a huge gulf to bridge: SHIM6 is basically wide-scale highly automated NAT, in which layer-3 addresses are transparently rewritten for policy purposes (a "SHIM6 middlebox," if it ever existed, would be indistinguishable from a NAT box), so we have a start here: If we rename NAT, it becomes acceptable to IPv6 proponents. So my proposal is this: Instead of saying, "NAT," from now on we should say, "Layer-4 switch." I don't know about you, but I feel comfortable deploying a network which has layer-4 switches in it. I already have layer-2 and layer-3 switches, so I might as well collect the whole set. That solution to this quagmire also solves the other great problem that you seem to have in gaining acceptance: There are legitimate uses for NAT right now, and there will be in the future, so arguing for the elimination of a useful tool before we can move the Internet forward strikes me as a fundamentally regressive argument. Perhaps in years to come we'll look at the people who argue for the elimination of layer-4 switches in the same way that we look at 1980's campus network administrators who thought the whole organization should be one big broadcast domain, with no place for layer-3 switches. "Ah, look at that, he doesn't like NAT. How... quaint." :-) - mark -- Mark Newton Email: [email protected] (W) Network Engineer Email: [email protected] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
|