[AusNOG] FW: [Ap-ipv6tf] official shutdown date for IPv4. The date he is pushing for is April 4, 2024. "IPv4 can't go on forever, " Latour said. "

Nathanael Bettridge nathanael at prodigy.com.au
Thu Nov 6 15:37:58 EST 2014 

For the record, I'm not arguing that NAT should be on every ipv6 link everywhere. Just that it can have its uses.

> > Basically - I get it some people don't like IPv6 NAT on their networks.
> > Fine. Don't use it.
> > Don't begrudge me my IPv6 NAT though.
> 
> We begrudge because it add costs to applications that we purchase
> because they need to be made to work with a NAT in the middle.

So either don't use broken protocols or broken applications, or live with it. It's not like we haven't had a decade and a half of NAT already for software to be designed to deal with it. I'm sorry but I don't think this is the network's problem - it's the software developers'.

> We begrudge because it add costs to when we have debug connections
> to your network.

How is this any different to at present - you prove it works to your boundary then either pass the buck or find someone to bill for chasing it up? Or fix the darn software.
And there's much more interesting and hard to debug ways I can break connectivity to a network than nat.

> We begrudge because it will make it harder to report and get corrected
> security issues eminating from your network.

You report it to the network owner and it's their problem from there. If it causes you issues you block it. It's not your job to investigate security issues in someone elses' network.

> Multiple PA prefixes work today with a single border router as it
> can manage the RA as seen by all the clients.  ULA + PA works today
> which gives you stability across PA renumber events, PD lifetime
> expiry etc.

For many situations, yes it does. For others it's messy to do this way. It purely depends on what the situation is and what needs to be achieved.

> Homenet is in the process of specifying multiple PA's from multiple
> routers + ULA all automagically managed.  This is adding source +
> destination address routing to the home CPE device.  Prefix delegation
> within the home from multiple providers.  Topology discovery etc.
> 
> 	ISP1 <-> CM <-> IR <-> IR <-> phone <-> ISP2
> 			 \     /
> 			    IR
> 			   /  \
> CM cable modem
> IR interior router
> 
> Where you have PA addresses delegated using PD from both ISP1 and ISP2.

OK um - that's nice. There's always someone doing something interesting. I look forward to seeing it in CPEs in five years time and seeing OS'es support necessary extensions (and have consistent rules about RA vs DHCPv6) in ten. Not entirely sure this is relevant to making IPv6 NAT entirely pointless though.

> > Nathanael Bettridge
> > Prodigy Communications Pty Ltd
> > Mobile: +61 (0)4 1048 0170
> > Office: +61 (0)2 8214 8920
> > Fax:    +61 (0)2 9427 4203
> > Email:  nathanael at prodigy.com.au
> > Web:    www.prodigy.com.au
> >
> >
> >
> > -----Original Message-----
> > From: Mark Newton [mailto:newton at atdot.dotat.org]
> > Sent: Thursday, 6 November 2014 11:05 AM
> > To: Nathanael Bettridge
> > Cc: Jonathan Thorpe; ausnog at lists.ausnog.net
> > Subject: Re: [AusNOG] FW: [Ap-ipv6tf] official shutdown date for IPv4.
> > The date he is pushing for is April 4, 2024. "IPv4 can't go on forever, "
> > Latour said. "
> >
> >
> > On Nov 6, 2014, at 9:12 AM, Nathanael Bettridge
> > <nathanael at prodigy.com.au> wrote:
> >
> > > I like and regularly use the ability to remap ports between disparate
> > machines or to different ports transparently, without having to use a
> > port proxy.
> > > I like and regularly use the ability to present an arbitrary number of
> > addresses as one to another network, or map between different address
> > structures.
> >
> > I like and regularly use networks which keep concentrations of state on
> > the edge.
> >
> > (why do you even care about ports? Oh, substandard application
> > architecture which forces you to micromanage 16 bit numbers. Never mind,
> > carry on.)
> >
> > > These are really handy tools to have to solve problems.
> >
> > They're also really handy tools to turn yourself into a DoS-magnet.
> >
> > An important plank of security is "availability."  You're reducing that
> > every time you put another bit of state in your core. These people who
> > claim that NAT is helping their security seem to have a somewhat more
> > limited view of "security" than the commonly accepted one that network
> > professionals strive to attain.
> >
> >   - mark
> >
> >
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the AusNOG mailing list