On 2/18/24 8:47 AM, Greg Skinner via NANOG wrote:
On Feb 17, 2024, at 11:27 AM, William Herrin <b...@herrin.us> wrote:
On Sat, Feb 17, 2024 at 10:34?AM Michael Thomas <mike at mtcc.com> wrote:
Funny, I don't recall Bellovin and Cheswick's Firewall book discussing
NAT.
And mine too, since I hadn't heard of "Firewalls and Internet
Security: Repelling the Wily Hacker" and have not read it.
For what it's worth, both editions of Bellovin and Cheswick's Firewalls book
are online. [1] Also, there are discussions about NAT and how it influenced
IPng (eventually IPv6) on the big-internet list. [2]
FWIW, while at Cisco I started to get wind of some NAT-like proposal
being floated by 3COM at Packetcable back in the late 90's, early 2000's
(sorry, I have no memory of the specifics now). That was pretty
horrifying to me and others as the implication was that we'd have to
implement it in our routers, which I'm sure 3COM viewed as a feature,
not a bug. We pushed back that implementing IPv6 was a far better option
if it came down to that. That sent me and Steve Deering off on an
adventure to figure out how we might actually make good on that
alternative in the various service provider BU's. Unsurprisingly the
BU's were not very receptive not just because of the problems with v6 vs
hardware forwarding, but mostly because providers weren't asking for it.
They weren't asking for CGNAT like things either though so it was mostly
the status quo. IOS on the other hand was taking IPv6 much more
seriously so that providers could at least deploy it in the small for
testing, pilots, etc even if it was a patchwork in the various platforms.
The problem with v6 uptake has always been on the provider side. BU's
wouldn't have wanted to respin silicon but if providers were asking for
it and it gave them a competitive advantage, they'd have done it in a
heartbeat. It's heartening to hear that a lot of big providers and orgs
are using IPv6 internally to simplify management along with LTE's use of
v6. I don't know what's happening in MSO land these days, but it would
be good to hear if they too are pushing a LTE-like solution. I do know
that Cablelabs pretty early on -- around the time I mentioned above --
has been pushing for v6. Maybe Jason Livingood can clue us in. Getting
cable operators onboard too would certainly be a good thing, though LTE
doesn't have to deal with things like brain dead v4-only wireless
routers on their network.
Mike
