North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)

  • From: Iljitsch van Beijnum
  • Date: Thu Oct 04 08:39:08 2007

On 4-okt-2007, at 13:36, Eliot Lear wrote:

That isn't actually true.  I could move to IPv6 and deploy a NAT-PT
box to give my customers access to the v4 Internet regardless of
whatever the rest of the community thinks.

And then you'll see your active FTP sessions, SIP calls, RTSP
sessions, etc fail.

Somehow we made it work for v4. How did that happen?

(Hm, RTSP fails miserably when I use NAT on my Cisco 826...)

Well, if 95% of the people in a position to do this think it's worth repeating this effort for IPv6, my objections aren't going to stop them. But if the majority or even a significant minority don't want to play, then IPv6 NAT is going to work a lot worse than IPv4 NAT. And although it's clear that some people want IPv6 NAT, IPv6 NAT is not nearly as useful as IPv4 NAT, because IPv6 has more than enough addresses for any conceivable use without it.

I would be interested to know how many people favor each of the following approaches. Feel free to send me private email and I'll summerize.

1. Keep NAT and ALGs out of IPv6 and use additional protocols between hosts and firewalls to open "pinholes" in firewalls (where appropriate/allowed, such as in consumer installations) to avoid ALGs

2. Keep NAT out of IPv6 but use ALGs to bypass firewalls

3. Come up with a standard way of doing 1-to-1 NAT (no PAT) in IPv6

4. Come up with a standard way of doing NAT/PAT in IPv6

5. Everyone do whatever suits their needs like what happened in IPv4

And: if people start using NAT in IPv6 I will:

a. Implement ALGs and application workarounds to accommodate it

b. Not do anything, it's their problem if stuff breaks

c. Break stuff that goes through IPv6 NAT on purpose to prove a point