v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space
trejrco at gmail.com
Wed Feb 4 21:41:07 CST 2009
>> All IPv6 address assignments are leases. Whether you get
>> the address from a RIR, LIR or ISP. The lease may not be
>> renewed when it next falls due. You may get assigned a
>> different set of addresses at that point. You should plan
>Exactly the problem, and the reason A) IPv6 is not and will not be a viable
>option any time soon (soon being before the publication of an IPv6 NAT
>and B) why network providers (and other parties who stand to gain
>financially) are firmly against IPv6 NAT.
A) I think you have a different definition of viable than I do. I have v6
today, running just fine. Not as a home user, yet - but that is coming in
the foreseeable future and has nothing to do with the presence of NAT66, or
B) I am not a service provider, and I still tend to dis-favor NAT. Not as
vehemently as some, but I for the most part, fail to see the need.
>> If we could get a true accounting of the extra cost imposed by NAT's
>> I would say it would be in the trillions of dollars.
>This is exactly the sort of hyperbole, like RFC4864's proposing that
>application-layer proxies are a viable substitute for NAT, that discredits
>IPv6 proponents. Those who remember the financial industry's push for SET,
>a failed encryption technology, will be struck by the similarities in
>technical vs rhetorical arguments.
While I generally try to avoid the NAT vs NONAT religious debate ... I'll
throw in a few comments.
>Perhaps what we need is an IPv6 NAT FAQ? I'm suspect many junior network
>engineers will be interested in the rational behind statements like:
And I suspect lots of new-to-IPv6 network engineers could benefit from more
IPv6 exposure :).
> * NAT disadvantage #1: it costs a lot of money to do NAT (compared to
> it saves consumers, ILECs, or ISPs?)
Developed a peer-to-peer application lately?
I haven't, but I know some of the issues others have had to go through to
work in spite of NAT.
> * NAT disadvantage #2 (re: your IPv6 address space) Owned by an ISP? It
> isn't much different than it is now. (say again?)
Sorry, your befuddlement has passed on to me - I am not sure what you are
The best I can pull from that would be something about PI vs PA space, and
I'd comment that both are now available.
> * NAT disadvantage #3: RFC1918 was created because people were afraid of
> running out of addresses. (in 1992?)
Is that a question?
> * NAT disadvantage #4: It requires more renumbering to join conflicting
> RFC1918 subnets than would IPv6 to change ISPs. (got stats?)
Actually, I think those are different points. NAT-space collisions are a
REAL problem, and renumbering due to changing ISPs is also a REAL problem.
> * NAT disadvantage #5: it provides no real security. (even if it were
> this could not, logically, be a disadvantage)
It is a disadvantage if people believe it is a security thing when it isn't.
>OTOH, the claimed advantages of NAT do seem to hold water somewhat better:
> * NAT advantage #1: it protects consumers from vendor (network provider)
OK, use PI space.
> * NAT advantage #2: it protects consumers from add-on fees for addresses
> space. (ISPs and ARIN, APNIC, ...)
IPv6 addresses (network allocations, actually) are pretty inexpensive ...
> * NAT advantage #3: it prevents upstreams from limiting consumers'
> internal address space. (will anyone need more than a /48, to be asked in
Yes, /48s have already been outgrown ... so you call up your ISP and justify
more, they give it to you. No fuss, no muss.
> * NAT advantage #4: it requires new (and old) protocols to adhere to the
> ISO seven layer model.
Actually, it does more than that. You are thinking of "traditional" network
apps, client-server stuff.
Think end to end / peer to peer (and I don't mean illegal file sharing) ...
> * NAT advantage #5: it does not require replacement security measures to
> protect against netscans, portscans, broadcasts (particularly microsoft
> netbios), and other malicious inbound traffic.
Depends on the NAT mode (1:1 or PAT; cone or restricted), and a stateful
firewall provides more/real protection ... again, I am not a radical
anti-NAT person, I just don't like the pro-NAT hyperbole any more than you
favor the opposite :).
More information about the NANOG