North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)

  • From: Mark Newton
  • Date: Wed Oct 03 04:50:51 2007

On Tue, Oct 02, 2007 at 09:50:09PM +0200, Iljitsch van Beijnum wrote:

 > On 2-okt-2007, at 16:55, Mark Newton wrote:
 > >So everyone will deploy IPv6 applications, which require no ALGs,
 > >instead.
 > >Isn't that a solution that everyone can be happy with?
 > 
 > Well, I can think of a couple of things that make me unhappy:

Doubtless.

 > - IPv4 vs IPv6 is completely invisible to the user. I regularly run  
 > netstat or tcpdump to see which I'm using, I doubt many people will  
 > do that. So if IPv6 works and IPv4 doesn't, that will look like  
 > random breakage to the untrained user rather than something they can  
 > do something about.

With respect, that's why a bunch of us have been suggesting using
techniques such as NAT-PT to make sure taht IPv6 works _and_ IPv4 
works.

If the mechanisms used lack sufficient quantities of perfection,
they'll be modified until they're "good enough."

 > - If we do NAT-PT and the ALGs are implemented and then the  
 > application workarounds around the ALGs, it's only a very small step  
 > to wide scale IPv6 NAT.

And thus the sky falls.

Perhaps it's a perspective issue, but I really don't see a problem
with that.  If the network works, who cares?

Perhaps you'd be happier if, in recognition of the fact that NAT
appears to be a dirty word, we called it something else.

The IPv6 people have already jumped on this bandwagon, so it
shouldn't be a huge gulf to bridge:  SHIM6 is basically wide-scale
highly automated NAT, in which layer-3 addresses are transparently
rewritten for policy purposes (a "SHIM6 middlebox," if it ever 
existed, would be indistinguishable from a NAT box), so we have a
start here:  If we rename NAT, it becomes acceptable to IPv6 proponents.

So my proposal is this:  Instead of saying, "NAT," from now on 
we should say, "Layer-4 switch." 

I don't know about you, but I feel comfortable deploying a network
which has layer-4 switches in it.  I already have layer-2 and layer-3
switches, so I might as well collect the whole set.

That solution to this quagmire also solves the other great problem
that you seem to have in gaining acceptance:  There are legitimate
uses for NAT right now, and there will be in the future, so arguing
for the elimination of a useful tool before we can move the Internet
forward strikes me as a fundamentally regressive argument.  Perhaps
in years to come we'll look at the people who argue for the elimination
of layer-4 switches in the same way that we look at 1980's campus
network administrators who thought the whole organization should be
one big broadcast domain, with no place for layer-3 switches.  "Ah,
look at that, he doesn't like NAT.  How... quaint."

:-)

   - mark

-- 
Mark Newton                               Email:  [email protected] (W)
Network Engineer                          Email:  [email protected]  (H)
Internode Systems Pty Ltd                 Desk:   +61-8-82282999
"Network Man" - Anagram of "Mark Newton"  Mobile: +61-416-202-223