IPv6 deployment excuses
Baldur Norddahl
baldur.norddahl at gmail.com
Mon Jul 4 18:29:41 UTC 2016
On 4 July 2016 at 11:41, Masataka Ohta <mohta at necom830.hpcl.titech.ac.jp>
wrote:
> With end to end NAT, you can still configure your UPnP capable NAT
> boxes to restrict port forwarding.
>
Only if you by NAT mean "home network NAT". No large ISP has or will deploy
a carrier NAT router that will respect UPnP. That does not scale and is a
security nightmare besides.
We could deploy MAP
https://en.wikipedia.org/wiki/Mapping_of_Address_and_Port (which scales)
and the user could then use the belowed "end to end NAT" method on that.
But why would they? MAP requires IPv6 so they already have end to end
transparency using IPv6.
Regards,
Baldur
More information about the NANOG
mailing list