In message <[EMAIL PROTECTED]
ento.ca.us>, "Michel Py" writes:
>> Ralph Droms wrote:
>> Would someone with first-hand knowledge of the reasons "several
>> major corporations publicly indicate that they intend to use NAT
>> with IPv6" be willing to compare those reasons with the reasons
>> listed in draft-vandevelde-v6ops-nap-01, and identify any reasons
>> that might be missing from Gunter's document? Might be useful to
>> consider extending draft-vandevelde-v6ops-nap-01 to address all
>> the known reasons for IPv6 NAT.
>
>I'm not into this anymore, but two of the reasons are:
>
>1. Significant numbers of enterprise network operators do not want
>multiple addresses per host. It makes everything more complex: access
>control, troubleshooting, internal firewalling, documentation, etc. And
>during the transition, it also creates a network with two different
>models. NATting at the edge instead is not a free lunch, but it is
>well-known and maintains a single-model, simpler network. Stateful
>firewalls capable of dealing with multi-address hosts that change IP
>addresses on the fly will be a significant challenge.
>
Actually, NATting at the edge is a disaster for a lot of those reasons,
because of the difficulty it causes when you receive external trouble
reports -- who caused it?
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
_______________________________________________
Ietf mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/ietf
