Important IPv6 Policy Issue -- Your Input Requested
Leo Bicknell
bicknell at ufp.org
Tue Nov 9 16:09:05 UTC 2004
In a message written on Tue, Nov 09, 2004 at 08:55:51AM +0100, Jeroen Massar wrote:
> http://www.ietf.org/internet-drafts/draft-vandevelde-v6ops-nap-00.txt
>
> That contains most of the answers to your questions ;)
Not really. It explains to me what a group of people would like
to see happen.
Major vendors already have NAT for IPv6:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/ipv6_c/sa_natpt.htm
Indeed, NAT is being pushed by some vendors as a migration tool
from IPv4 to IPv6. I have to believe if the code can do IPv4-IPv6
NAT, then doing IPv6 NAT to IPv6 NAT would be trivial.
While I would hope we move away from NAT with IPv6, I realize there
are brain dead people today with internal policies that read "All
network segments must be protected by NAT." I know NAT != security.
You know NAT != security. However, the vendors know they can charge
these people for a box that does IPv6-IPv6 NAT, these people (in
ignorance) want IPv6-IPv6 NAT. Therefor it will exist, and people
will use it.
So, while you can talk until you're blue in the face about why it
may not be needed, good planning dictates you have to realize it
will exist, and as such consider what the impact will be on the
network. Good product design means designing for people who do
stupid stuff with your product, to a certain degree.
--
Leo Bicknell - bicknell at ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/
Read TMBG List - tmbg-list-request at tmbg.org, www.tmbg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20041109/746f3c8c/attachment.sig>
More information about the NANOG
mailing list