[136550] in North American Network Operators' Group
RE: quietly....
daemon@ATHENA.MIT.EDU (Matthew Huff)
Thu Feb 3 13:45:43 2011
From: Matthew Huff <mhuff@ox.com>
To: Owen DeLong <owen@delong.com>
Date: Thu, 3 Feb 2011 13:41:26 -0500
In-Reply-To: <F60CE500-3755-4453-9C95-5099FBD433B7@delong.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> Overloaded NAT is too costly to the community to be allowed to promulgate
> into IPv6. It is detrimental to:
> Application development
> Innovation
> Security
> Auditing
> Cost:
> Cost of application development
> Cost of devices
> Cost of administration
> Cost of operations
>=20
> People that hold steadfast to the idea of not implementing IPv6 without
> NAT will eventually become IPv4 islands. The rest of the internet will
> continue to innovate without them and they will eventually come along
> or they will be left behind.
>=20
> Owen
>=20
Owen, can you point to a application protocol that is broken via NAT that i=
sn't a p2p protocol or VoIP? Corporations are interested in neither (except=
SIP trunking, which works fine with NAT). Corporate networks have zero int=
erest in p2p protocols or allowing desktops to be "full members" of the ip =
world.
Like I posted earlier, there are signficant reasons to use NAT44 and NAT66 =
that have nothing to do with perceived security, but rather with virtualiza=
tion of ip endpoints/ip routing used by companies such as TNS and BTRadianz=
for extranet connectivity. From our standpoint NAT44 is a signifcant cost =
reduction because it allows us to make changes to internal environments wit=
hout having to coordinate with all of our extranet partners. The difference=
is significant. In a very simple example, changing one of our FIX servers =
with the extranet clients being twice-natted, requires one change on one fi=
rewall. If I had to contact all the clients (and no, they can't use dynamic=
routing and/or DNS), then it would require hours of paperwork and time coo=
rdinating it. It's not even close.
