quietly....

Matthew Huff mhuff at ox.com
Thu Feb 3 12:41:26 CST 2011


> Overloaded NAT is too costly to the community to be allowed to promulgate
> into IPv6. It is detrimental to:
> 	Application development
> 	Innovation
> 	Security
> 	Auditing
> 	Cost:
> 		Cost of application development
> 		Cost of devices
> 		Cost of administration
> 		Cost of operations
> 
> People that hold steadfast to the idea of not implementing IPv6 without
> NAT will eventually become IPv4 islands. The rest of the internet will
> continue to innovate without them and they will eventually come along
> or they will be left behind.
> 
> Owen
> 

Owen, can you point to a application protocol that is broken via NAT that isn't a p2p protocol or VoIP? Corporations are interested in neither (except SIP trunking, which works fine with NAT). Corporate networks have zero interest in p2p protocols or allowing desktops to be "full members" of the ip world.

Like I posted earlier, there are signficant reasons to use NAT44 and NAT66 that have nothing to do with perceived security, but rather with virtualization of ip endpoints/ip routing used by companies such as TNS and BTRadianz for extranet connectivity. From our standpoint NAT44 is a signifcant cost reduction because it allows us to make changes to internal environments without having to coordinate with all of our extranet partners. The difference is significant. In a very simple example, changing one of our FIX servers with the extranet clients being twice-natted, requires one change on one firewall. If I had to contact all the clients (and no, they can't use dynamic routing and/or DNS), then it would require hours of paperwork and time coordinating it. It's not even close.




More information about the NANOG mailing list