[166899] in North American Network Operators' Group
NAT64 and matching identities
daemon@ATHENA.MIT.EDU (Justin M. Streiner)
Mon Nov 18 18:45:45 2013
Date: Mon, 18 Nov 2013 15:06:52 -0500 (EST)
From: "Justin M. Streiner" <streiner@cluebyfour.org>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
It's looking more and more like NAT64 will be in our future. One of the
valid concerns for NAT64 - much like NAT44 - is being able to determine
the identity of a given user through the NAT at a given point in time.
How feasible this is depends on how robust/scalable $XYZ's translation
logging capabilities are, and possibly how easily that data can be matched
against a source of identify information, such as RADIUS accounting logs,
DHCP lease logs, etc.
Other IPv6 transition mechanisms appear to be no less thorny than NAT64
for a variety of reasons.
I'm curious to see how others are planning to tackle (or already have
tacked) this issue. Discussing vendor-specific solutions is fine, but I
think keeping things as platform/vendor agnostic as possible for the time
being would allow this thread to be more beneficial to a wider audience.
The floor is open...
jms
