IPv6 deployment excuses
Masataka Ohta
mohta at necom830.hpcl.titech.ac.jp
Tue Jul 5 02:16:31 UTC 2016
Baldur Norddahl wrote:
>> With end to end NAT, you can still configure your UPnP capable NAT
>> boxes to restrict port forwarding.
> Only if you by NAT mean "home network NAT". No large ISP has or will deploy
> a carrier NAT router that will respect UPnP.
A large ISP should just set up usual NAT. In addition, the ISP
tells its subscriber a global IP address, a private IP address
and a small range of port numbers the subscriber can use and
set up *static* bi-directional port forwarding.
If each subscriber is allocated 64 ports, effective address
space is 1000 times more than that of IPv4, which should be
large enough.
Then, if a subscriber want transparency, he can set up his
home router make use of the bi-directional port forwarding
and his host reverse translation by nested port forwarding.
> That does not scale and is a
> security nightmare besides.
It is merely because you think you must do it dynamically.
But, if you want to run a server at fixed IP address
and port, port forwarding must be static.
Masataka Ohta
More information about the NANOG
mailing list