From: Adam Roach <adam@nostrum.com>
To: Jeff Haran <jharan@bytemobile.com>
Cc: David Miller <davem@davemloft.net>,
jengelh@medozas.de, T.Moes@student.ulg.ac.be,
netfilter-devel@vger.kernel.org
Subject: Re: NAT66 : A first implementation
Date: Fri, 15 Jul 2011 22:08:33 -0500 [thread overview]
Message-ID: <4E2100B1.60202@nostrum.com> (raw)
In-Reply-To: <6F5DE7538AFCDA45A114F5E7510424A7028D1CDC@hq-exchange01.bytemobile.com>
On 7/15/11 17:12, Jul 15, Jeff Haran wrote:
>> I was unaware of the RFC. Thanks for the reference, however I have to
>> point out the following quote from its introduction:
>>
>> "For reasons discussed in [RFC2993] and Section 5, the IETF does not
>> recommend the use of Network Address Translation technology for IPv6."
That statement is simple IETF politics. A substantial portion of RFC
2993 doesn't apply to the RFC 6296 mechanism. For example, of the seven
problems enumerated in section 7, only two -- 7.2 and 7.5 -- remain
applicable. And, to be fair, those two issues are very minor compared to
the other five.
>> I'm not saying nobody is going to use IPv6 NAT nor that the Linux world
>> should somehow make it hard on them to do so. There may be a few cases
>> where it makes sense.
>>
Exactly. Even the most recent IAB statement on IPv6 NATs (RFC 5902)
concedes: "[I]n smaller managed networks that cannot get
provider-independent IP address blocks, renumbering remains a serious
issue. Regional Internet Registries (RIRs) constantly receive requests
for PI address blocks; one main reason that they hesitate in assigning
PI address blocks to all users is the concern about the PI addresses'
impact on the routing system scalability."
So, yes, IPv6 NAT remains inadvisable for most residential applications
(which can simply propagate their ISP's assigned prefix down to
devices), and some very large enterprise deployments (which can get PI
address blocks). But it does solve a very real problem for small to
medium (and even large, depending on where you want to draw the line)
enterprises -- basically, "everyone else."
It seems a little silly to refuse _consideration_ of NAT technologies
when (1) a preponderance of the problems historically present in IPv4
NATs have been addressed, and (2) a small but nontrivial portion of
networks that will be using IPv6 soon will desire this technology for
operational cost reasons.
What I'm saying is that this age-old policy statement:
<http://lists.netfilter.org/pipermail/netfilter/2005-March/059463.html>
needs to be revisited. The facts on the ground have changed. Adhering to
beliefs in the face of contrary evidence isn't principle -- it's
religion. And imposing religion on others doesn't help anyone.
/a
next prev parent reply other threads:[~2011-07-16 3:08 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-07-14 15:47 NAT66 : A first implementation Terry Moës
2011-07-14 16:22 ` Jan Engelhardt
2011-07-14 16:27 ` Terry Moës
2011-07-14 23:15 ` Jan Engelhardt
2011-07-14 23:17 ` David Miller
2011-07-14 23:37 ` Rick Jones
2011-07-15 15:43 ` Rick Jones
2011-07-14 23:55 ` Jan Engelhardt
2011-07-17 5:09 ` Krzysztof Olędzki
2011-07-17 22:23 ` Ed W
2011-07-17 23:54 ` Krzysztof Olędzki
2011-07-18 8:38 ` Ed W
2011-07-15 0:48 ` Jeff Haran
2011-07-15 2:29 ` Adam Roach
2011-07-15 22:12 ` Jeff Haran
2011-07-16 3:08 ` Adam Roach [this message]
2011-07-18 2:05 ` YOSHIFUJI Hideaki
2011-07-18 15:50 ` Patrick McHardy
2011-07-21 7:15 ` Harald Welte
2011-07-15 5:48 ` Philip Craig
2011-07-15 10:29 ` Jan Engelhardt
[not found] ` <4E20051D.7080208@student.ulg.ac.be>
2011-07-15 9:16 ` Terry Moës
2011-07-15 11:09 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E2100B1.60202@nostrum.com \
--to=adam@nostrum.com \
--cc=T.Moes@student.ulg.ac.be \
--cc=davem@davemloft.net \
--cc=jengelh@medozas.de \
--cc=jharan@bytemobile.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.