IPv6 deployment excuses

Masataka Ohta mohta at necom830.hpcl.titech.ac.jp
Tue Jul 5 02:16:31 UTC 2016


Baldur Norddahl wrote:

>> With end to end NAT, you can still configure your UPnP capable NAT
>> boxes to restrict port forwarding.

> Only if you by NAT mean "home network NAT". No large ISP has or will deploy
> a carrier NAT router that will respect UPnP.

A large ISP should just set up usual NAT. In addition, the ISP
tells its subscriber a global IP address, a private IP address
and a small range of port numbers the subscriber can use and
set up *static* bi-directional port forwarding.

If each subscriber is allocated 64 ports, effective address
space is 1000 times more than that of IPv4, which should be
large enough.

Then, if a subscriber want transparency, he can set up his
home router make use of the bi-directional port forwarding
and his host reverse translation by nested port forwarding.

> That does not scale and is a
> security nightmare besides.

It is merely because you think you must do it dynamically.

But, if you want to run a server at fixed IP address
and port, port forwarding must be static.

						Masataka Ohta



More information about the NANOG mailing list