Just to clarify, NAT does not provide isolation from the Internet, route
filtering does that. The inbound filtering that happens is a function of
lack of a route in the NAT, not the fact it is translating addresses.
IPv6 has a defined function for this, called Site Local. These addresses
are filtered at the site boundary router, providing more security than
'where is this port mapped to now?' functions.
It is expected that ISPs will be allocating /48 to customers, and for
those that don't support IPv6 the IPv4 address provides a /48 using
6to4. With 64k subnets available there should be no reason to build
perverse configurations, and no need for translating the addresses. As
you note many things do not work correctly without end-to-end address
integrity, so why preclude them by continuing down the NAT path? Each of
the items you list as values are solved in a cleaner way by IPv6 so just
move to it.
Tony
While I am the Program Manager for IPv6 at Microsoft, the above comments
are mine and should not be construed as related to my employer.
-----Original Message-----
From: Joris Dobbelsteen [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 11, 2000 8:27 AM
To: IPng WG (E-mail); NAT WG (E-mail)
Subject: (NAT) IPv6 and NAT
Maybe an issue for the IPv6 and NAT Workgroups.
NAT was proposed as a temporary solution for the shortage of IP address,
which is solved with the IPv6 protocol. Currently I don't expect IPv6 to
be
deployed soon (within 1 or 2 years). My ISP, nor many ISPs, aren't
promoting
IPv6 yet, nor Microsoft provides IPv6 support for it's OSes.
But as finally IPv6 has been deployed world-wide, what will we do with
NAT?
A disadvantage of NAT is that some protocols don't work good/correctly
through NAT. Here NAT broke the principle of the Internet, where every
node
should be able to have bidirectional and end-to-end communication. FTP
and
many games require this to operate correctly.
However, some scenarios where NAT provides THE solution, are for
* private networks that may not be exposed to the Internet and
* for networks that have only one IP address available to use on the
Internet,
while host on the private network are required to make 'direct'
connections
to the Internet.
I don't think NAT should be made obsolete or unneeded after IPv6 has
been
deployed, but rather to be offered for some purposes on small and home
networks. Most companies and bussinesses (even small ones) will be able
to
afford a dedicated Internet Connection with a couple IP addresses,
esspecially after IPv6 has been deployed.
However I don't expect my ISP to provide me more than one IP address,
because I don't have a dedicated connection (yet) and I even haven't got
one
static IP address (just DHCP). Also I want to separate 'MY' network from
the
Internet, and don't install more network adapters into computers and lay
networking cable than needed. This requirement without having to make
strange configurations to any other computers on the network.
That's what's so good about NAT, from my point of view....
- Joris
-
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe nat' in the body of the message.
--------------------------------------------------------------------
IETF IPng Working Group Mailing List
IPng Home Page: http://playground.sun.com/ipng
FTP archive: ftp://playground.sun.com/pub/ipng
Direct all administrative requests to [EMAIL PROTECTED]
--------------------------------------------------------------------
