On Oct 25, 2010, at 11:42 AM, Chris Engel wrote: > Keith, > > Not going to rehash this whole argument we've had before. No one is talking > about changing the fundamentals of how IPv6 or IPv4 work. They are talking > about the technologies that are AVAILABLE to deploy as an OPTION in > conjunction with IPv4/6.
IETF does not determine what is available. IETF makes recommendations for things that it believes will work well for the Internet. You want IETF to endorse NAT in IPv6, you need to make an argument that it works well. All evidence is to the contrary. > Your approach essentially boils down to... "Don't tell me what you want. I'll > tell you what you want. Now shut up and like it." Your approach essentially boils down to "People want NAT because they want NAT. It doesn't matter whether it works well or not. IETF should endorse it because they want it." If people say they want to be able to change ISPs without renumbering their internal networks, I get that. That's a valid technical concern. I understand why NATs are an attractive approach to addressing that concern. I would like to find a better way (and still have routing scale), but I acknowledge that we're struggling to do that. Saying that people want NAT because they want NAT isn't a technical argument. It might even reflect how some people think, but it doesn't help produce something that works well. We understand that effective marketing is needed to foster deployment, but there's very little point in implementing/producing/marketing something that doesn't work better than IPv4. And with the hodgepodge of NAT solutions that are being proposed for IPv6 we are in danger of making IPv6 worse than IPv4. > ..... Then wondering why you are having trouble getting folks to jump at that > sales pitch. That approach may work well in boot camp...not so much in a free > market economy... where people are used to exercising some level of > individual choice. Choice for whom? Users or network operators? You want to champion NAT as a triumph of individual choice, but what it does is hamper the networks' ability to support applications and users' ability to choose new applications. There comes a point at which freedom of individual choice, if widely exercised, actually impairs individual choice. We need freedom of choice so that people who need to make exceptions to conventions are able to do so, not so that everyone can make exceptions to the conventions that let things work well. IETF doesn't limit freedom of choice, but it does help define the conventions that help the Internet work well. It's understandable that network operators resist change - they're having enough trouble coping with the network as it is. But if I were running a company and my network operator came to me and said "I want to cripple our company's network so that it cannot easily support new applications that might be valuable to us", I'd fire him on the spot. Which is pretty much what NAT does. > End to end transparency is a goal that many organizations/individuals do NOT > want.... at least not on all portions of their networks. If you can't accept > that, then we are simply going to have to agree to disagree. I do understand that. But just because those organizations/individuals want a lack of address transparency does not mean that IETF should recommend or endorse the practice. > Regardless, nothing the authors are doing with this flavor of NAT (unless I'm > mistaken about it) should break end to end connectivity between devices > running IPv6 since it's a 1:1 stateless mapping. where have you been for the last 25 years? the only way you can say that NAT66 doesn't break things is if you have a very high threshold for breakage. > A FW with statefull inspection and packet filtering rules would...but in that > case the person deploying the FW WANTS that connectivity broken. If you're > trying to argue that people should not be allowed to deploy FW's.... well > then, good luck with that. what I believe is that mechanisms to enforce policy should be explicitly tailored to do that. mangling addresses is a very crude way to implement policy, and it does a lot of collateral damage. Keith _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
