Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)

Thu Oct 4 12:36:18 UTC 2007

On 4-okt-2007, at 13:36, Eliot Lear wrote:

>>> That isn't actually true.  I could move to IPv6 and deploy a NAT-PT
>>> box to give my customers access to the v4 Internet regardless of
>>> whatever the rest of the community thinks.

>> And then you'll see your active FTP sessions, SIP calls, RTSP
>> sessions, etc fail.

> Somehow we made it work for v4.  How did that happen?

(Hm, RTSP fails miserably when I use NAT on my Cisco 826...)

Well, if 95% of the people in a position to do this think it's worth  
repeating this effort for IPv6, my objections aren't going to stop  
them. But if the majority or even a significant minority don't want  
to play, then IPv6 NAT is going to work a lot worse than IPv4 NAT.  
And although it's clear that some people want IPv6 NAT, IPv6 NAT is  
not nearly as useful as IPv4 NAT, because IPv6 has more than enough  
addresses for any conceivable use without it.

I would be interested to know how many people favor each of the  
following approaches. Feel free to send me private email and I'll  
summerize.

1. Keep NAT and ALGs out of IPv6 and use additional protocols between  
hosts and firewalls to open "pinholes" in firewalls (where  
appropriate/allowed, such as in consumer installations) to avoid ALGs

2. Keep NAT out of IPv6 but use ALGs to bypass firewalls

3. Come up with a standard way of doing 1-to-1 NAT (no PAT) in IPv6

4. Come up with a standard way of doing NAT/PAT in IPv6

5. Everyone do whatever suits their needs like what happened in IPv4

And: if people start using NAT in IPv6 I will:

a. Implement ALGs and application workarounds to accommodate it

b. Not do anything, it's their problem if stuff breaks

c. Break stuff that goes through IPv6 NAT on purpose to prove a point