>> All IPv6 address assignments are leases. Whether you get >> the address from a RIR, LIR or ISP. The lease may not be >> renewed when it next falls due. You may get assigned a >> different set of addresses at that point. You should plan >> accordingly. > >Exactly the problem, and the reason A) IPv6 is not and will not be a viable >option any time soon (soon being before the publication of an IPv6 NAT RFC), >and B) why network providers (and other parties who stand to gain >financially) are firmly against IPv6 NAT.
A) I think you have a different definition of viable than I do. I have v6 today, running just fine. Not as a home user, yet - but that is coming in the foreseeable future and has nothing to do with the presence of NAT66, or lack thereof. B) I am not a service provider, and I still tend to dis-favor NAT. Not as vehemently as some, but I for the most part, fail to see the need. > >> If we could get a true accounting of the extra cost imposed by NAT's >> I would say it would be in the trillions of dollars. > >This is exactly the sort of hyperbole, like RFC4864's proposing that >application-layer proxies are a viable substitute for NAT, that discredits >IPv6 proponents. Those who remember the financial industry's push for SET, >a failed encryption technology, will be struck by the similarities in >technical vs rhetorical arguments. While I generally try to avoid the NAT vs NONAT religious debate ... I'll throw in a few comments. > >Perhaps what we need is an IPv6 NAT FAQ? I'm suspect many junior network >engineers will be interested in the rational behind statements like: And I suspect lots of new-to-IPv6 network engineers could benefit from more IPv6 exposure :). > > * NAT disadvantage #1: it costs a lot of money to do NAT (compared to what > it saves consumers, ILECs, or ISPs?) Developed a peer-to-peer application lately? I haven't, but I know some of the issues others have had to go through to work in spite of NAT. > > * NAT disadvantage #2 (re: your IPv6 address space) Owned by an ISP? It > isn't much different than it is now. (say again?) Sorry, your befuddlement has passed on to me - I am not sure what you are saying here. The best I can pull from that would be something about PI vs PA space, and I'd comment that both are now available. > * NAT disadvantage #3: RFC1918 was created because people were afraid of > running out of addresses. (in 1992?) Is that a question? > * NAT disadvantage #4: It requires more renumbering to join conflicting > RFC1918 subnets than would IPv6 to change ISPs. (got stats?) Actually, I think those are different points. NAT-space collisions are a REAL problem, and renumbering due to changing ISPs is also a REAL problem. > * NAT disadvantage #5: it provides no real security. (even if it were true > this could not, logically, be a disadvantage) It is a disadvantage if people believe it is a security thing when it isn't. >OTOH, the claimed advantages of NAT do seem to hold water somewhat better: > > * NAT advantage #1: it protects consumers from vendor (network provider) > lock-in. OK, use PI space. > * NAT advantage #2: it protects consumers from add-on fees for addresses > space. (ISPs and ARIN, APNIC, ...) IPv6 addresses (network allocations, actually) are pretty inexpensive ... > * NAT advantage #3: it prevents upstreams from limiting consumers' > internal address space. (will anyone need more than a /48, to be asked in > 2018) Yes, /48s have already been outgrown ... so you call up your ISP and justify more, they give it to you. No fuss, no muss. > * NAT advantage #4: it requires new (and old) protocols to adhere to the > ISO seven layer model. Actually, it does more than that. You are thinking of "traditional" network apps, client-server stuff. Think end to end / peer to peer (and I don't mean illegal file sharing) ... > * NAT advantage #5: it does not require replacement security measures to > protect against netscans, portscans, broadcasts (particularly microsoft > netbios), and other malicious inbound traffic. Depends on the NAT mode (1:1 or PAT; cone or restricted), and a stateful firewall provides more/real protection ... again, I am not a radical anti-NAT person, I just don't like the pro-NAT hyperbole any more than you favor the opposite :). IMHO /TJ
