v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space

TJ trejrco at gmail.com
Wed Feb 4 21:41:07 CST 2009


>> 	All IPv6 address assignments are leases.  Whether you get
>> 	the address from a RIR, LIR or ISP.  The lease may not be
>> 	renewed when it next falls due.  You may get assigned a
>> 	different set of addresses at that point.  You should plan
>> 	accordingly.
>
>Exactly the problem, and the reason A) IPv6 is not and will not be a viable
>option any time soon (soon being before the publication of an IPv6 NAT
RFC),
>and B) why network providers (and other parties who stand to gain
>financially) are firmly against IPv6 NAT.

A) I think you have a different definition of viable than I do.  I have v6
today, running just fine.  Not as a home user, yet - but that is coming in
the foreseeable future and has nothing to do with the presence of NAT66, or
lack thereof.
B) I am not a service provider, and I still tend to dis-favor NAT.  Not as
vehemently as some, but I for the most part, fail to see the need.


>
>>  If we could get a true accounting of the extra cost imposed  by NAT's
>> I would say it would be in the trillions of dollars.
>
>This is exactly the sort of hyperbole, like RFC4864's proposing that
>application-layer proxies are a viable substitute for NAT, that discredits
>IPv6 proponents.  Those who remember the financial industry's push for SET,
>a failed encryption technology, will be struck by the similarities in
>technical vs rhetorical arguments.

While I generally try to avoid the NAT vs NONAT religious debate ... I'll
throw in a few comments.


>
>Perhaps what we need is an IPv6 NAT FAQ?  I'm suspect many junior network
>engineers will be interested in the rational behind statements like:

And I suspect lots of new-to-IPv6 network engineers could benefit from more
IPv6 exposure :).


>
>  * NAT disadvantage #1: it costs a lot of money to do NAT (compared to
what
>  it saves consumers, ILECs, or ISPs?)

Developed a peer-to-peer application lately?  
I haven't, but I know some of the issues others have had to go through to
work in spite of NAT.


>
>  * NAT disadvantage #2 (re: your IPv6 address space) Owned by an ISP?  It
>  isn't much different than it is now.  (say again?)

Sorry, your befuddlement has passed on to me - I am not sure what you are
saying here.
The best I can pull from that would be something about PI vs PA space, and
I'd comment that both are now available.


>  * NAT disadvantage #3: RFC1918 was created because people were afraid of
>  running out of addresses. (in 1992?)

Is that a question?


>  * NAT disadvantage #4: It requires more renumbering to join conflicting
>  RFC1918 subnets than would IPv6 to change ISPs. (got stats?)

Actually, I think those are different points.  NAT-space collisions are a
REAL problem, and renumbering due to changing ISPs is also a REAL problem.


>  * NAT disadvantage #5: it provides no real security. (even if it were
true
>  this could not, logically, be a disadvantage)

It is a disadvantage if people believe it is a security thing when it isn't.


>OTOH, the claimed advantages of NAT do seem to hold water somewhat better:
>
>  * NAT advantage #1: it protects consumers from vendor (network provider)
>  lock-in.

OK, use PI space.


>  * NAT advantage #2: it protects consumers from add-on fees for addresses
>  space. (ISPs and ARIN, APNIC, ...)

IPv6 addresses (network allocations, actually) are pretty inexpensive ...


>  * NAT advantage #3: it prevents upstreams from limiting consumers'
>  internal address space. (will anyone need more than a /48, to be asked in
>  2018)

Yes, /48s have already been outgrown ... so you call up your ISP and justify
more, they give it to you.  No fuss, no muss.


>  * NAT advantage #4: it requires new (and old) protocols to adhere to the
>  ISO seven layer model.

Actually, it does more than that.  You are thinking of "traditional" network
apps, client-server stuff.  
Think end to end / peer to peer (and I don't mean illegal file sharing) ...


>  * NAT advantage #5: it does not require replacement security measures to
>  protect against netscans, portscans, broadcasts (particularly microsoft
>  netbios), and other malicious inbound traffic.

Depends on the NAT mode (1:1 or PAT; cone or restricted), and a stateful
firewall provides more/real protection ... again, I am not a radical
anti-NAT person, I just don't like the pro-NAT hyperbole any more than you
favor the opposite :).


IMHO
/TJ





More information about the NANOG mailing list