NAT66 was Re: using "reserved" IPv6 space

Lee ler762 at gmail.com
Tue Jul 17 07:33:13 UTC 2012


On 7/16/12, Grant Ridder <shortdudey123 at gmail.com> wrote:
> If you are running an HA pair, why would you care which box it went back
> through?

You wouldn't.  But if you've got an HA pair at site A and another HA
pair at site B..

Lee


>
> -Grant
>
> On Monday, July 16, 2012, Mark Andrews wrote:
>
>>
>> In message <CAD8GWsswFwnPKTfxt=
>> squUmZofs3_-yriHY8o4Gt3W9+x6fVUQ at mail.gmail.com <javascript:;>>, Lee
>> writes:
>> > On 7/16/12, Owen DeLong <owen at delong.com <javascript:;>> wrote:
>> > >
>> > > Why would you want NAT66? ICK!!! One of the best benefits of IPv6 is
>> being
>> > > able to eliminate NAT. NAT was a necessary evil for IPv4 address
>> > > conservation. It has no good use in IPv6.
>> >
>> > NAT is good for getting the return traffic to the right firewall.  How
>> > else do you deal with multiple firewalls & asymmetric routing?
>>
>> Traffic goes where the routing protocols direct it.  NAT doesn't
>> help this and may actually hinder as the source address cannot be
>> used internally to direct traffic to the correct egress point.
>>
>> Instead you need internal routers that have to try to track traffic
>> flows rather than making simple decisions based on source and
>> destination addresess.
>>
>> Applications that use multiple connections may not always end up
>> with consistent external source addresses.
>>
>> > Yes, it's possible to get traffic back to the right place without NAT.
>> > But is it as easy as just NATing the outbound traffic at the
>> > firewall?
>>
>> It can be and it can be easier to debug without NAT mangling
>> addresses.
>>
>> The only thing helpful NAT66 does is delay the externally visible
>> source address selection until the packet passes the NAT66 box.
>>
>> Mark
>> --
>> Mark Andrews, ISC
>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> PHONE: +61 2 9871 4742                 INTERNET:
>> marka at isc.org<javascript:;>
>>
>>
>




More information about the NANOG mailing list