Problems with removing NAT from a network

Cameron Byrne cb.list6 at
Wed Jan 5 23:39:30 CST 2011

On Wed, Jan 5, 2011 at 9:10 PM, Matthew Kaufman <matthew at> wrote:
> On 1/5/2011 8:47 PM, Cameron Byrne wrote:
>> And, you will notice that the list at
>> shows only a few web site,
>> because there are only a few that have this design flaws.
> And the list looks like it does because the list only shows a *few* web
> sites. Other surveys have shown significantly more cases. (
> "An examination of Alexa's top 1 million domains [Alexa] at the end of
> August, 2009, showed 2.38% of the HTML in their home pages contained IPv4
> address literals."
> And the list looks like is does because the list only shows a few *web
> sites*. Quite a few network protocols, particularly peer-to-peer protocols,

I understand my users pretty well, they only go to a few web pages ...
its the nature of the net.  I assure you, i am not taking any undue
risk with regards to web.  Try our friendly user trial and give me
your feedback, thats why i am running it.

> rely on moving around the IP address literals of peers via mechanisms other
> than DNS. This includes BitTorrent, Adobe's RTMFP, and Skype's proprietary

Ah Skype.  According to your web page you work at Skype.  Skype is a
well known IPv6 spoiler application.  In fact, in the IETF and many
other circles, Skype is the only app that we can't seem to get to work
with IPv6.  Are you here to help with that or to tell us that we need
to keep IPv4 around indefinitely?

In fact, we were just talking about how Skype as a spoiler this morning

Here is a pointer to IPv6-only users who would love to use Skype on
IPv6-only handsets.

Looking at the last post, it looks like they were able to NAT46 Skype
to then talk out the NAT64 ... ugly.  But serious, get with me off
list and lets collaborate. I can help from the networks side, and i am
eager to make progress. Skype should not be the IPv6 spoiler app when
NEARLY EVERYTHING ELSE WORKS.  Read the thread i mentioned, real
users, real developers, real network that is IPv6-only.  Notice that
things generally work, those folks have hacked their way to perhaps
even making Skype work.

> protocol, and every VoIP system using STUN and/or ICE, to name just a few.
> Once users figure out that none of those will work when they use you as an
> ISP, they'll find one that's chosen a better transition technology.

Seriously, 95+% of my traffic is web and email, and STUN and ICE don't
matter much to grandma as long as loads.

> Also note that DNSSEC end-to-end and DNS64/NAT64 are mutually exclusive. Now
> that DNSSEC is actually getting some traction, that's just one more reason
> to chose a different way to transition.

Strategy is done.  Implementation is on-going.  3GPP and IETF joint
meeting said dual-stack and IPv6-only + NAT64 are the 2 paths forward
for mobile.

Without going into too much detail, ds-lite does not live in mobile
and likely never will. Any solution that requires IPv4 is not
strategic.  IPv4 addresses simply are not available at the scale of
large mobile network operators, public, private, or bogon.  Mobile
must move to IPv6, and IPv6-only + NAT64 pushes the envelope in ways
that dual-stack never has, and hence it just might work to
*transition* to v6.

As long as dual-stack is around, the app vendors don't have to move
and network guys have to dream up hacks to support these legacy apps
(CGN ....).


> Matthew Kaufman

More information about the NANOG mailing list