[190440] in North American Network Operators' Group
IPv6 deployment excuses
daemon@ATHENA.MIT.EDU (Ca By)
Mon Jul 4 14:50:11 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <CAPkb-7Cxq0XZ663ysMbHCGfK_QTCfkSBgDf_tV-1c-QB+9Y+Rg@mail.gmail.com>
Date: Mon, 4 Jul 2016 11:50:06 -0700
From: Ca By <cb.list6@gmail.com>
To: Baldur Norddahl <baldur.norddahl@gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Monday, July 4, 2016, Baldur Norddahl <baldur.norddahl@gmail.com
<javascript:_e(%7B%7D,'cvml','baldur.norddahl@gmail.com');>> wrote:
> On 4 July 2016 at 11:41, Masataka Ohta <mohta@necom830.hpcl.titech.ac.jp>
> wrote:
>
> > With end to end NAT, you can still configure your UPnP capable NAT
> > boxes to restrict port forwarding.
> >
>
> Only if you by NAT mean "home network NAT". No large ISP has or will deploy
> a carrier NAT router that will respect UPnP. That does not scale and is a
> security nightmare besides.
>
> We could deploy MAP
> https://en.wikipedia.org/wiki/Mapping_of_Address_and_Port (which scales)
> and the user could then use the belowed "end to end NAT" method on that.
> But why would they? MAP requires IPv6 so they already have end to end
> transparency using IPv6.
>
> Regards,
>
> Baldur
>
Always so funny how people love talking how great MAP scales, yet it has
never been deployed at scale. 464XLAT and ds-lite have been deployed at
real scale, so has 6RD.
MAP is like beta max. Technically great, but reality is poor.
