Security gain from NAT
David Conrad
drc at virtualized.org
Wed Jun 6 16:45:01 UTC 2007
On Jun 6, 2007, at 8:59 AM, Stephen Sprunk wrote:
> The thing is, with IPv6 there's no need to do NAT.
Changing providers without renumbering your entire infrastructure.
Multi-homing without having to know or participate in BGP games.
(yes, the current PI-for-everybody allocation mindset would address
the first, however I have to admit I find the idea of every small
enterprise on the planet playing BGP games a bit ... disconcerting)
> However, NAT in v6 is not necessary, and it's still evil.
Even ignoring the two above, NAT will be a fact of life as long as
people who are only able to obtain IPv6 addresses and need/want to
communicate with the (overwhelmingly IPv4 for the foreseeable future)
Internet. Might as well get used to it. I for one welcome our new
NAT overlords...
Rgds,
-drc
More information about the NANOG
mailing list