Hi Remi and Keith (among others),
On Oct 25, 2010, at 12:09 PM, Rémi Després wrote:
It seems you accept that it may do some "harm" in the residential
case (which is the case I discuss: unmanaged CPEs).
Then we are in complete agreement. NAT66 isn't needed for most home
users -- a stateful firewall would serve the same purpose.
That doesn't say _anything_ about the NAT66 document we are discussing
on this list, though, as it is intended to provide address
independence for _enterprise_ networks. When Chris talks about the
people who are waiting for IPv6 NAT before they will deploy IPv6, he
is talking about _enterprises_. Not ISPs, not home users. (I'm
making an assumption here -- Chris, please correct me if I am wrong).
IMHO, it is rather time that NAT addicts start to listen to the
following argument:
As soon as you have a FW in a customer site, you don't need to break
the e2e address preservation of IPv6 to protect this site.
Most enterprise network managers are intelligent, well-educated, well-
informed, rational members of our community. They are our peers, and
we need to start treating them as such. There are valid (or at least
defensible) _reasons_ why they make the trade-offs they make. Until
you can see why so many of our peers use NAT in enterprise networks in
IPv4, you can't even begin to make a well-founded statement that they
aren't necessary in IPv6.
Please consider three facts:
- Firewalls existed in IPv4, too.
- Many large enterprises have more than enough "swamp space" (AKA IPv4
provider-independent addresses)
- Many of _those_ enterprises use NAT (for remote sites, B-to-B
network or their whole corporate networks)
Until you can offer an insightful explanation of _why_ they use NAT in
IPv4 , please stop telling them that they don't need NAT in IPv6...
Margaret
_______________________________________________
nat66 mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/nat66
