[97293] in North American Network Operators' Group
Re: Security gain from NAT
daemon@ATHENA.MIT.EDU (David Conrad)
Wed Jun 6 12:46:08 2007
In-Reply-To: <006c01c7a856$35fdd570$3c0417ac@atlanta.polycom.com>
Cc: North American Noise and Off-topic Gripes <nanog@merit.edu>
From: David Conrad <drc@virtualized.org>
Date: Wed, 6 Jun 2007 09:45:01 -0700
To: Stephen Sprunk <stephen@sprunk.org>
Errors-To: owner-nanog@merit.edu
On Jun 6, 2007, at 8:59 AM, Stephen Sprunk wrote:
> The thing is, with IPv6 there's no need to do NAT.
Changing providers without renumbering your entire infrastructure.
Multi-homing without having to know or participate in BGP games.
(yes, the current PI-for-everybody allocation mindset would address
the first, however I have to admit I find the idea of every small
enterprise on the planet playing BGP games a bit ... disconcerting)
> However, NAT in v6 is not necessary, and it's still evil.
Even ignoring the two above, NAT will be a fact of life as long as
people who are only able to obtain IPv6 addresses and need/want to
communicate with the (overwhelmingly IPv4 for the foreseeable future)
Internet. Might as well get used to it. I for one welcome our new
NAT overlords...
Rgds,
-drc
