[99724] in North American Network Operators' Group
Re: Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
daemon@ATHENA.MIT.EDU (Mark Newton)
Wed Oct 3 04:18:11 2007
Date: Wed, 3 Oct 2007 17:03:43 +0930
From: Mark Newton <newton@internode.com.au>
To: Iljitsch van Beijnum <iljitsch@muada.com>
Cc: John Curran <jcurran@mail.com>, Stephen Sprunk <stephen@sprunk.org>,
North American Noise and Off-topic Gripes <nanog@merit.edu>
In-Reply-To: <40A905CE-680A-444A-ADD1-EBA6E8F1089A@muada.com>
Errors-To: owner-nanog@merit.edu
On Tue, Oct 02, 2007 at 09:50:09PM +0200, Iljitsch van Beijnum wrote:
> On 2-okt-2007, at 16:55, Mark Newton wrote:
> >So everyone will deploy IPv6 applications, which require no ALGs,
> >instead.
> >Isn't that a solution that everyone can be happy with?
>
> Well, I can think of a couple of things that make me unhappy:
Doubtless.
> - IPv4 vs IPv6 is completely invisible to the user. I regularly run
> netstat or tcpdump to see which I'm using, I doubt many people will
> do that. So if IPv6 works and IPv4 doesn't, that will look like
> random breakage to the untrained user rather than something they can
> do something about.
With respect, that's why a bunch of us have been suggesting using
techniques such as NAT-PT to make sure taht IPv6 works _and_ IPv4
works.
If the mechanisms used lack sufficient quantities of perfection,
they'll be modified until they're "good enough."
> - If we do NAT-PT and the ALGs are implemented and then the
> application workarounds around the ALGs, it's only a very small step
> to wide scale IPv6 NAT.
And thus the sky falls.
Perhaps it's a perspective issue, but I really don't see a problem
with that. If the network works, who cares?
Perhaps you'd be happier if, in recognition of the fact that NAT
appears to be a dirty word, we called it something else.
The IPv6 people have already jumped on this bandwagon, so it
shouldn't be a huge gulf to bridge: SHIM6 is basically wide-scale
highly automated NAT, in which layer-3 addresses are transparently
rewritten for policy purposes (a "SHIM6 middlebox," if it ever
existed, would be indistinguishable from a NAT box), so we have a
start here: If we rename NAT, it becomes acceptable to IPv6 proponents.
So my proposal is this: Instead of saying, "NAT," from now on
we should say, "Layer-4 switch."
I don't know about you, but I feel comfortable deploying a network
which has layer-4 switches in it. I already have layer-2 and layer-3
switches, so I might as well collect the whole set.
That solution to this quagmire also solves the other great problem
that you seem to have in gaining acceptance: There are legitimate
uses for NAT right now, and there will be in the future, so arguing
for the elimination of a useful tool before we can move the Internet
forward strikes me as a fundamentally regressive argument. Perhaps
in years to come we'll look at the people who argue for the elimination
of layer-4 switches in the same way that we look at 1980's campus
network administrators who thought the whole organization should be
one big broadcast domain, with no place for layer-3 switches. "Ah,
look at that, he doesn't like NAT. How... quaint."
:-)
- mark
--
Mark Newton Email: newton@internode.com.au (W)
Network Engineer Email: newton@atdot.dotat.org (H)
Internode Systems Pty Ltd Desk: +61-8-82282999
"Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
