Access to the IPv4 net for IPv6-only systems, was: Re: WG Action:

Fri Oct 5 00:18:43 UTC 2007

In article <4704D03D.5030702 at cisco.com> you write:
>
>Iljitsch van Beijnum wrote:
>>> That isn't actually true.  I could move to IPv6 and deploy a NAT-PT
>>> box to give my customers access to the v4 Internet regardless of
>>> whatever the rest of the community thinks.
>>
>> And then you'll see your active FTP sessions, SIP calls, RTSP
>> sessions, etc fail.
>
>Somehow we made it work for v4.  How did that happen?

The problem is that NAT constrains the solution space available to
application developers.  I have no problem with PT-NAT to get to
IPv4 because the IPv4 space is already constrained by the existing
use of NAT.  Most/many of the existing applications have been
crippled by the existance of NAT.

Almost no-one attempts to run the passive side (server) of a
connection behind a NAT.  With PAT try running more services that
use the same port than you have public addresses.  It just won't
work.  Similarly double or tripple NAT further reduce the application
space that works.

Even hotels realise NAT is bad.  Have you notice that you now get
asked if you can live behind the NAT or do you need a public address
when you register?

I work from behind a NAT as I work from home.  There have been lots
of things that should have been simple, but wern't, as that NAT was
there.  Something just didn't work because I couldn't find a ALG
for that protocol.

I have a big problem with pulling those constraints into IPv6.

Without NAT I can, if needed, open up a complete address in the
firewall to work around lack if a ALG.  I don't get that choice
with NAT.

Mark