NAT66 was Re: using "reserved" IPv6 space
shortdudey123 at gmail.com
Tue Jul 17 02:56:29 UTC 2012
If you are running an HA pair, why would you care which box it went back
On Monday, July 16, 2012, Mark Andrews wrote:
> In message <CAD8GWsswFwnPKTfxt=
> > >
> > > Why would you want NAT66? ICK!!! One of the best benefits of IPv6 is
> > > able to eliminate NAT. NAT was a necessary evil for IPv4 address
> > > conservation. It has no good use in IPv6.
> > NAT is good for getting the return traffic to the right firewall. How
> > else do you deal with multiple firewalls & asymmetric routing?
> Traffic goes where the routing protocols direct it. NAT doesn't
> help this and may actually hinder as the source address cannot be
> used internally to direct traffic to the correct egress point.
> Instead you need internal routers that have to try to track traffic
> flows rather than making simple decisions based on source and
> destination addresess.
> Applications that use multiple connections may not always end up
> with consistent external source addresses.
> > Yes, it's possible to get traffic back to the right place without NAT.
> > But is it as easy as just NATing the outbound traffic at the
> > firewall?
> It can be and it can be easier to debug without NAT mangling
> The only thing helpful NAT66 does is delay the externally visible
> source address selection until the packet passes the NAT66 box.
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
More information about the NANOG