[136553] in North American Network Operators' Group
RE: quietly....
daemon@ATHENA.MIT.EDU (Matthew Huff)
Thu Feb 3 14:01:52 2011
From: Matthew Huff <mhuff@ox.com>
To: Owen DeLong <owen@delong.com>
Date: Thu, 3 Feb 2011 14:00:57 -0500
In-Reply-To: <22DB2CB6-F5BE-41CA-A719-86C42A303D24@delong.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> In IPv6, the simpler solution is to allocate a /64 to groups of machines =
that serve such a function.
> If you need to move the group, you can simply move the entire prefix.
If we change the prefix, then I have to contact and deal with the bureaucra=
cy of external corporate entities. This is a significant cost that is compl=
etely prevented by using NAT. Also, given that the prefix is a network addr=
ess, now we have to contact a separate department with a separate bureaucra=
cy to get routing changes approved. Again, how is this easier without nat?=
=20
> You can break p2p just as quickly without NAT using policy. NAT doesn't p=
rovide policy, it just limits
> your ability to choose your own policy.
The goal is not to break p2p. The goal is to use NAT for various reasons, =
and the fact that it breaks p2p is just a benefit. You keep pointing out th=
at NAT should be eliminated so that p2p will work, to me, that is an good a=
rgument for the opposite. NAT, at least in a coroprate world, is never goin=
g away. There are two many good reasons for it to exist. For a ISP/CPE or U=
niversity environment, I understand your argument, but not for a corporate =
network.
If there were a good NAT46 implementation on a cisco asa, juniper firewall,=
checkpoint and others, then most corporate networks could stay in ipv4 RFC=
1918 private IP addresses, get PA ipv6 global routable address space from t=
heir providers, and setup global NAT pools and have access to ipv4 and ipv6=
with no internal changes. It may not be ideologically pure, but it would w=
ork, as least as well as it does now, and allow the migration to ipv6 to mo=
ve forward easier.
