Wes Beebee (wbeebee) wrote:
While I agree that people will continue to use NAT even if we tell them not to, just like some people will continue to smoke
and Keith Moore wrote:
reading this, it's hard to escape the impression that you are out to make the IPv6 Internet as dysfunctional as the IPv4 Internet.
Instead of empty rhetoric I would recommend that any critique of NAT, positive or negative, address all of the reasons why it has become so popular. Analyses failing this simple test, or using derogatory terms such as "dysfunctional", or making purely rhetorical comparisons such as with smoking, are somewhat transparent in their bias and should continue to be considered faulty. Some of those valid reasons why NAT is and will continue to be pervasive are: #1 NAT advantage: it protects consumers from vendor lock-in. Consider the advantage of globally unique public addressing to ISPs and telcos. Without NAT they have a very effective vendor lock-in. Want to change ISPs? It's only as easy as reconfiguring every device and/or DHCP server on your internal network. With NAT you only need to reconfigure a single device, sometimes not even that. #2 NAT advantage: it protects consumers from add-on fees for addresses space. Given the 100 to 10,000% mark-ups many telcos and ISPs already charge for more than a /29 it should come as no surprise they would be opposed to NAT. #3 NAT advantage: it prevents upstreams from limiting consumers' internal address space. Even after full implementation of IPv6 the trend of technology will continue to require more address space. Businesses will continue to grow and households will continue to acquire new IP-enabled devices. Without NAT consumers will be forced to request new netblocks from their upstream, often resulting in non-contiguous networks. Not surprisingly, often incurring additional fees as well. Follow the money and you'll end up with these three reasons why the technical arguments being made against NAT in opinion pieces like Keith Moore's (URL above) are so one sided and overtly biased. But there are still more reasons NAT will continue to increase in popularity regardless of IPv6. #4 NAT advantage: it requires new protocols to adhere to the ISO seven layer model. H.323, SIP and other badly designed protocols imbed the local address in the data portion of IP packets. This trend is somewhat discouraged by the layer-isolation requirements of NAT. #5 NAT advantage: it does not require replacement security measures to protect against netscans, portscans, broadcasts (particularly microsoft's netbios), and other malicious inbound traffic. The vendors of non-NAT devices would love to have you believe that their stateful inspection and filtering is a good substitute for the inspection and filtering required by NAT devices. Problem is the non-NAT devices all cost more, many are less secure in their default configurations, and the larger rulesets they are almost always configured with are less security than the equivalent NAT device. To be continued. -- Roger Marquis _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
