Security gain from NAT

David Conrad drc at virtualized.org
Wed Jun 6 16:45:01 UTC 2007


On Jun 6, 2007, at 8:59 AM, Stephen Sprunk wrote:
> The thing is, with IPv6 there's no need to do NAT.

Changing providers without renumbering your entire infrastructure.

Multi-homing without having to know or participate in BGP games.

(yes, the current PI-for-everybody allocation mindset would address  
the first, however I have to admit I find the idea of every small  
enterprise on the planet playing BGP games a bit ... disconcerting)

> However, NAT in v6 is not necessary, and it's still evil.

Even ignoring the two above, NAT will be a fact of life as long as  
people who are only able to obtain IPv6 addresses and need/want to  
communicate with the (overwhelmingly IPv4 for the foreseeable future)  
Internet.  Might as well get used to it.  I for one welcome our new  
NAT overlords...

Rgds,
-drc
  



More information about the NANOG mailing list