Addressing plan exercise for our IPv6 course

Saku Ytti saku at ytti.fi
Sat Jul 24 08:29:32 UTC 2010


On (2010-07-24 03:50 -0400), Valdis.Kletnieks at vt.edu wrote:

> Firewall != NAT.  The former is still needed in IPv6, the latter is not.  And I
> suspect that most Joe Sixpacks think of that little box they bought as a

Maybe you are talking strictly in context of residential DSL, in which case
I would agree, NAT is killable, if we don't fsck-up in our DSL offerings.
(Provide customer /64 and route /56 to ::c/64, so first /64 is bridged, if
customer ever wants to start routing, they just add ::c/64 router to LAN.)

However it is quite optimistic to think IPv6 would remove completely need
for NAT. Enterprises of non-trivial size will likely use RFC4193 (and I
fear we will notice PRNG returning 0 very often) and then NAT it to
provider provided public IP addresses. I'm just hoping that we'll at least
see 1:1 NAT instead of NAPT being used.

This is to facilitate easy and cheap way to change provider. Getting PI
address is even harder now, as at least RIPE will verify that you are
multihomed, while many enterprises don't intent to be, they just need low
cost ability to change operator.

This is non-technical problem, enterprises of non-trivial size can't
typically even tell without months of research all the devices and software
where they've written down the IP addresses.
RFC4193 + NAT quite simply is what they know and are comfortable with. It
would be hard sell to ask them to design whole IPv6 infra so that they can
confidently renumber it in 15min, like you can with RFC4193+NAT.

-- 
  ++ytti




More information about the NANOG mailing list