Hi Gert,
On Feb 8, 2009, at 3:13 PM, Gert Doering wrote:
On Fri, Feb 06, 2009 at 07:15:14AM -0500, Margaret Wasserman wrote:
Fred Baker did include a "customer" presentation (why the Cisco IT
department requires an IPv6 NAT) in his slides at the BEHAVE WG
meeting in MInneapolis.
Are these slides available online?
Yes, the full set of NAT66 slides are available online in the IETF
proceedings here:
http://www.ietf.org/proceedings/08nov/slides/behave-14.pdf
Fred's slides start a bit more than half way through with "Reasons to
use translation: IPv6/IPv6".
I'd like to look at it and understand
why a company that has an IPv6 /32 - which already brings all the
usual reasons listed, like "not renumbering, provider independence,
stable internal addressing" - thinks they need to use NAT.
There are many companies with ample IPv4 swamp space that choose to
use IPv4 NAT for some of all of their internal network. There are a
lot of reasons why they do this.
As I mentioned previously on the BEHAVE list, I once worked for a
company with plenty of IPv4 swamp space that used NAT for most of
their corporate network. When I asked why, I was told that they used
NAT because:
- They did not want to contract with their ISPs to route their IP
prefixes across their multi-site network. Apparently this costs money
and is prone to problems.
- They were unwilling to use ISP-provided addresses internally,
because they did not want to be required to renumber if the ISP
renumbered their network, or if they decided to change ISPs.
- They considered the "stateful firewall"-like behaviour of NAT to be
a benefit, and they considered NAT to be part of their security
architecture.
In some cases, companies with plenty of IPv4 swamp space use NAT only
for small parts of their networks -- satellite offices, etc. They do
this because it is (in their opinion) beter to have an ISP route their
whole IPv4 prefix to one site, and to use ISP-provided addresses (and
NAT, to gain address independence) at other sites than it would be to
ask their ISP to configure longer prefixes in the ISP routing tables
(and change them over time, etc.)
In the use case that Fred explored, Cisco uses nat for business-to-
business links with partners. The use of NAT allows them to provide
those partners with access to specific services, without exposing the
internal details of the Cisco network and/or requiring the partner to
reconfigure things on their end when something on the Cisco end is
changed -- Cisco can just reconfigure the NAT.
It has been my experience that there are many enterprise networks that
have plenty of IPv4 swamp space and choose to use IPv4 NAT. It
doesn't seem like the existence of PI space in IPv6 will change that.
Margaret
(And no, layer 3 loadbalancing gear is not something I'd consider
"NAT",
even if it technically is very similar - there you might actually need
some packet munging, but this is very special-cased)
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 128645
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-
Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
