[75236] in North American Network Operators' Group
Re: Important IPv6 Policy Issue -- Your Input Requested
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Tue Nov 9 11:15:56 2004
Date: Tue, 9 Nov 2004 11:09:05 -0500
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@Merit.edu
Mail-Followup-To: nanog@Merit.edu
In-Reply-To: <1099986951.15862.136.camel@firenze.zurich.ibm.com>
Errors-To: owner-nanog-outgoing@merit.edu
--EVF5PPMfhYS0aIcm
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Tue, Nov 09, 2004 at 08:55:51AM +0100, Jeroen Massa=
r wrote:
> http://www.ietf.org/internet-drafts/draft-vandevelde-v6ops-nap-00.txt
>=20
> That contains most of the answers to your questions ;)
Not really. It explains to me what a group of people would like
to see happen.
Major vendors already have NAT for IPv6:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv=
6_c/sa_natpt.htm
Indeed, NAT is being pushed by some vendors as a migration tool
=66rom IPv4 to IPv6. I have to believe if the code can do IPv4-IPv6
NAT, then doing IPv6 NAT to IPv6 NAT would be trivial.
While I would hope we move away from NAT with IPv6, I realize there
are brain dead people today with internal policies that read "All
network segments must be protected by NAT." I know NAT !=3D security.
You know NAT !=3D security. However, the vendors know they can charge
these people for a box that does IPv6-IPv6 NAT, these people (in
ignorance) want IPv6-IPv6 NAT. Therefor it will exist, and people
will use it.
So, while you can talk until you're blue in the face about why it
may not be needed, good planning dictates you have to realize it
will exist, and as such consider what the impact will be on the
network. Good product design means designing for people who do
stupid stuff with your product, to a certain degree.
--=20
Leo Bicknell - bicknell@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request@tmbg.org, www.tmbg.org
--EVF5PPMfhYS0aIcm
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFBkOuhNh6mMG5yMTYRAjYBAJ90A360Myfs9hZ8TKO87DbeFYBuVACeMqk2
zI6DzuqkQEd0CQu/jBwtQEg=
=bZXL
-----END PGP SIGNATURE-----
--EVF5PPMfhYS0aIcm--
