I still think that IPv6 is here to stay, and have tried tests with IPv4
disabled, and at this point I am guessing I can get about 75% of the
normal surfing to work. Of course arin.net works, as it is hard to push
v6 without eating your own dog food. I figure at this rate, I might get
toward 90% in a couple of more years. While there are those who refuse to
have IPv6, the majority of new stuff seems to come up using other peoples
servers such as AWS that already have IPv6 in place.
It will get harder to free up much more of the v4 space. The bottom line
is that we are working against a basic math problem, where there are fewer
possible addresses than persons on the earth, and there is demand for more
than one address per person. IPv6 solves the problem, IPv4 does not.
Everyone takes a different approach to the problem. I understand that
some players have only v6 in their main network, and only provide v4 on
the edges as part of a translation means.
I strongly suspect that most CGnat is deployed outside of the US, where
they of course can freely ignore silly laws like CALEA.
And of course there is no reason to simply provide routed v6 service in
conjunction with your v4 being part of CGnat. As more and more services
are offered over time on IPv6, that helps you reduce the load on those
boxes.
I understand the issues of running cameras on public addresses, and of
course the need for strong auth of your users. However, this is better
than the so called cloud cameras, where you cannot control your own data.
Of course remember that the term "cloud" simply means someone elses
machine. I would be more worried with hacking in a shared network like
Ring where they also might share your images without your consent.
My customers would not put up with lack of public addresses, and I am not
IPv4 constrained at this time. I am hoping for more movement toward IPv6
over time so I do not ever have to worry about lack of addresses.
Albert Erdmann
Network Administrator
Paradise On Line Inc.
On Tue, 14 Sep 2021, Joe Maimon wrote:
[email protected] wrote:
No, nat eliminates all the various translation tables, and the rewriting of
headers that NAT requires. This extra overhead shows in the form of slower
connections when NAT is used.
Yes of course. Except that modern hardware has made this definition of
"slower" meaningless in most if not all use cases.
Also, did you forget (if you are in the USA) CALEA? If you translate all
your customers traffic, CALEA requirements more or less mean you have to
log all that traffic on those CGNAT boxes, which will alone defeat any of
the cost savings of CGNAT.
So? Already the case. Hasnt stopped CGNAT.
Smart ISP's with IPv4 shortages that use CGnat often do port mapping with
their customers so that they do not have to log. A certain range of ports
are provided to each customer, so that no logging is required.
Indeed. Awesome.
And since there are PLENTY of IPv6 addresses, why use effort processing
IPv6 in a CGnat box? That part makes no sense at all. Just route the
packets and be done with it.
Try it in the reverse. Use your cgnat box so that your can IPv6 only customer
nodes that can continue to access the rest of the Internet, primarily IPv4
nodes.
Honestly, the only reason I can see for NAT on IPv6 is so fallover in a
multihome enviroment that can be handled the same as it is with IPv4 so
that BGP is not required for fallover.
The point is that at this time, we should not have to justify nat in order to
permit its standardization. Standardize it and let users figure it out.
Nat also assumes that noone wants to run their own internet services. While
many things like cameras use a remote server to bypass the NAT leading to
vendor tiein, things are clearly cleaner if each workstation or other
device like a camera can run its own publically accessable services. Note
that this does not mean that firewalls cannot be in place to block things
that are not intended to be world readable. NAT is NOT a substitute for a
firewall.
It is in IPv4. And lets not encourage camera server and devices to be
globally accessible, we already know that is a disaster.
If you want NAT on the networks you manage, go for it. All the tech bits
to make NAT work in IPv6 are there. Just do not expect the rest of us that
would like to get back to the end-to-end model to support your choice, and
I am sure some of your users will wish you did not make that choice,
because of things they want that may not work in this enviroment.
I expect exactly that. I expect you to support peoples ability to make this
choice, since the current alternative is
a) dictatorial
b) not working
c) delaying IPv6 deployment
Some of the best proponents of v6 is the gaming community, which have been
fighting the limitations of NAT for as long as they have been around.
Albert Erdmann
Network Administrator
Paradise On Line Inc.
Supporting its existence is not actually the same as supporting its
widespread deployment.
Better it be standardized and move on.
On Tue, 14 Sep 2021, Joe Maimon wrote:
The problem is that No NAT for IPv6 is religious dogma, regardless of the
reason anyone may have for wanting it, which may have nothing at all to do
with address sharing. Even fixing multihoming and readdressing (to the
extent it may be possible) will not eliminate any and all motivations for
NAT. Its time to standardize NAT and move on.
Now imagine if all those CGNAT boxes are also doing a workable version of
NAT-PT. Deploying customers with any IPv4 becomes optional.
That was supposed to also be read with the same meaning as "without any IPv4"
Joe
_______________________________________________
ARIN-PPML
You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List ([email protected]).
Unsubscribe or manage your mailing list subscription at:
https://lists.arin.net/mailman/listinfo/arin-ppml
Please contact [email protected] if you experience any issues.
