Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)

• Previous message (by thread): Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Next message (by thread): Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thus spake "Iljitsch van Beijnum" <iljitsch at muada.com>
> On 28-sep-2007, at 6:25, Jari Arkko wrote:
>>> And make it works both way, v4 to v6 and v6 to v4.
>>> And also don’t call it NAT-PT. That name is dead.
>
>> For what it is worth, this is one of the things that I want
>> to do. I don't want to give you an impression that NAT-PT++
>> will solve all the IPv6 transition issues; I suspect dual stack
>> is a better answer. But nevertheless, the IETF needs to
>> produce a revised spec for the translation case. Fred and
>> I are organizing an effort to do this.
>
> The problem with NAT-PT (translating between IPv6 and IPv4
> similar to IPv4 NAT) was that it basically introduces all the NAT
> ugliness that we know in IPv4 into the IPv6 world.

There is no "IPv6 world".  I've heard reference over and over to how 
developers shouldn't add "NAT support" into v6 apps, but the reality is that 
there are no "v6 apps".  There are IPv4 apps and IP apps that are version 
agnostic.  The NAT code is there and waiting to be used whether the socket 
underneath happens to be v4 or v6 at any given time.

Yes, ideally the NAT code wouldn't get used if the socket were v6.  The 
other thing is NAT is only a small fraction of the problem; most of the same 
code will be required to work around stateful firewalls even in v6.

> Rather than "solving" this issue by trying harder, I would like to
> take the IETF to adopt the following approach:
>
> 1. for IPv6-only hosts with modest needs: use an HTTPS proxy
> to relay TCP connections
>
> 2. for hosts that are connected to IPv6-only networks but with
> needs that can't be met by 1., obtain real IPv6 connectivity
> tunneled on-demand over IPv6

Neither solves the problem of v6-only hosts talking to v4-only hosts.

The fundamental flaw in the transition plan is that it assumes every host 
will dual-stack before the first v6-only node appears.  At this point, I 
think we can all agree it's obvious that isn't going to happen.

NAT-PT gives hosts the _appearance_ of being dual-stacked at very little 
up-front cost.  It allows v6-only hosts to appear even if there still remain 
hosts that are v4-only, as long as one end or the other has a NAT-PT box. 
The chicken and egg problem is _solved_.  When v4-only users get sick of 
going through a NAT-PT because it breaks a few things, that will be their 
motivation to get real IPv6 connectivity and turn the NAT-PT box off -- or 
switch it around so they can be a v6-only site internally.

The alternative is that everyone just deploys multi-layered v4 NAT boxes and 
v6 dies with a whimper.  Tell me, which is the lesser of the two evils?

S

Stephen Sprunk         "God does not play dice."  --Albert Einstein
CCIE #3723         "God is an inveterate gambler, and He throws the
K5SSS        dice at every possible opportunity." --Stephen Hawking 

• Previous message (by thread): Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Next message (by thread): Access to the IPv4 net for IPv6-only systems, was: Re: WG Action: Conclusion of IP Version 6 (ipv6)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]