On 1/7/2011 2:47 PM, Josh Rambo wrote:
On Fri, Jan 7, 2011 at 5:45 PM, Joe Touch<to...@isi.edu> wrote:
On 1/7/2011 2:42 PM, Josh Rambo wrote:
That seems at odds with the goal of end-to-end transparency on the
Internet.
If it boots up with NAT66 out of the box, then it requires user
intervention
to remove that NAT66. You'd end up with NAT66 on every residential gateway
in the world.
Again, you're arguing against NAT. That's not what I'm suggesting.
If you really can make the case that a capability needs to be enabled for
IPv4, but should never be enabled for V6, then *maybe* - but, again, that
*will* be used as an excuse not to adopt the device in a V6 environment,
IMO.
If the box is a NAT, it's a NAT. If that's not what you want to sell, then
don't include a NAT.
I'm arguing that there are some features of v4 that are not appropriate to
enable by default in v6. NAT is one of those features. A home, residential
gateway is a gateway. That is it's true purpose. It's not a NAT box, it just
has to perform that function to operate in the limited v4 address space.
That's one viewpoint; in that case, then the NAT would not need to
support IPv6.
However, some places expect the NAT for various reasons:
- limits incoming connections
(disrupting use of home net connections for business uses,
or as a way to block viruses - not a great way, but it's
one reason it's on even when not necessary)
- enables better tracking of customer behavior
(need to track only one IP address)
- no need to run DHCP back to the CO
(no impact on CO DHCP when users add/remove devices
inside their house)
- protect intra-house networking
(again, not the best way to do this, but also can make it
easier to prevent leakage of LAN-intended protocols into
the CO, without requiring CO equipment to filter)
So, the true function of a gateway should be to be a gateway, which
doesn't involve a NAT66.
Just because v4 needs it by default doesn't mean v6 does or should.
Understood. Caveats do apply. But the overall point is still valid - in
general - with few, specific, and *deliberate* exceptions, if it works
for IPv4, it ought to work for IPv6 too.
Right now, e.g., many devices work fine to transit IPv6, but their net
mgt needs IPv4. That's insufficient, IMO, to claim "IPv6" on a box.
Joe
_______________________________________________
Int-area mailing list
Int-area@ietf.org
https://www.ietf.org/mailman/listinfo/int-area
