Keith, A complete comparison would include that, if you have a NAT66, having it stateful provides *more* privacy to users, and provides topology hiding.
Besides, until a convincing scenario showing that, where IPv6 FWs are available, the pros of any NAT66 outweighs the cons, I keep doubts that deploying NAT66 is a good choice. Yet, if some *users* have firm plans to deploy NAT66 anyway, some with stateful NATs, some with stateless NATs, that's up to them. Under this assumption, their wish to standardize theses NATs is obviously legitimate. Regards, RD Le 28 oct. 2010 à 13:42, Keith Moore a écrit : > On Oct 28, 2010, at 5:06 AM, Rémi Després wrote: > >>> As long as consumers and security experts continue demanding v4-style >>> (stateful) NAT in IPv6 efforts to kill it and/or proclaim it dead are >>> greatly exaggerated, at best. >> >> I agree that, if a NAT66 is combined with a FW, stateful NAT66 seems more >> logical than stateless. > > The (relatively) "nice" feature about NAT66 (from the point of view of > applications) is that the mapping between internal-external addresses is > stateless. It means that apps dealing with such a beast would not have to > worry about having to recover from the NAT killing their associations, and > having to refind and resync with their peers. That doesn't mean that a > combined NAT/FW would have to be stateless. > > (Though in practice I have to wonder how many apps would find it useful to > special-case NAT66 handling. Probably most would not do so unless the vast > majority of NATs found within v6 were NAT66. But apps built to tolerate NAT > in general would likely perform better in the presence of only NAT66 than > with arbitrary NAT.) > > Keith > > _______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
