Problems with removing NAT from a network
matthew at matthew.at
Mon Jan 10 13:07:32 CST 2011
On 1/9/2011 6:42 AM, Cameron Byrne wrote:
> 1. The companies that have selected NAT64 as a tool for rolling out
> IPv6 to address the IPv4 exhaustion business risk are aware of the
> various application trade offs. They select NAT64 because it makes
> business sense to aggressively go after IPv6 as the end-state and not
> provide patches and work-arounds in their network to make dual-stack
> work, which is not an end-state, it is a transition mechanism on the
> path to ipv6. Also, as i mentioned for mobile, dual-stack is MUCH
> more expensive. And ipv6-only works for the vast majority of my user
> and my traffic.
As long as your customers are aware that they are getting full IPv6 and
a particularly crippled form of IPv4, then that's fine. But NAT64 isn't
a solution for providing actual IPv4 connectivity to your customers....
just a poor simulation of it.
> 2. You can pass this FUD around about people leaving networks so that
> skype and bittorrent work. Last time i checked, many mobile network
> operators and handsets only begrudgingly supported skype and bittorent
> if at all. In fact, many networks spend considerable time and money
> to stop them. I also know that Skype has some mobile partners. I am
> not here to say if this is right or wrong, but i do not expect network
> providers to alter their ipv6 strategy of business decisions to
> accommodate Skype and Bittorrent. These applications have shown
> amazing resiliency over the years to bust through firewalls and NATs,
> and i am really amazed at how much opposition Skype is providing to
> the IPv6 transition.
Note that while I do work for Skype at the present time, I am not
representing Skype or its business plans when I post here from my
personal email account.
Please do not take my statements here as "opposition from Skype" with
regard to the IPv6 transition.
And yes, the mobile environment is likely a special case at this time...
but one would hope that in the long term we didn't have mobile providers
that were "spending considerable time and money" to stop applications
that work on the non-mobile Internet.
> I imagine Skype would have a better hand if
> Skype was IPv6 enabled a long time ago and pushing dual-stack and
> waiting on the carriers, but Skype is IPv4-only just like all the rest
> of the slow moving world.
Agreed. Skype should (and again note that this is my personal opinion)
have much better IPv6 support for use when both endpoints can speak
IPv6. A situation that is presently rare.
> If dual-stack had worked, we would not be
> here talking about NAT64. But, dual-stack did not work. We are out of
> IPv4 and the network still has to grow, hence IPv6-only + NAT64.
Or any number of other transition choices. You've just chosen one that
has a particular weakness.
> again, dual-stack is much more expensive in mobile networks than
> single stack so it won't happen with the Ipv4 side being endless
> duplication of RFC 1918 and bogon space.
Business needs often outweigh what would be technically superior.
> 3. I am just here to create awareness of this technology that the
> IETF as the protocol standardizer and the 3GPP as the mobile
> architecture standardizer have accepted and are moving forward. I
> want all applications to work with IPv6 and NAT64.
For that to happen there needs to be, at a minimum, a way for
applications to discover that they are in a NAT64 environment and work
with it even if they do not use DNS to exchange addresses. And as I said
before, *that* discussion probably belongs back on the BEHAVE list
where, for whatever reason, it is hibernating.
> When you are ready to talk about
> moving forward, i am all ears. Until then, you can keep posturing
> while the clock ticks on committed deployments.
See above. Lets get the discovery problem back on top.
More information about the NANOG