"IPv6 will not be deployed soon" Brusque manner aside, I would be curious to know how you define "deployed". Is it alive, in production networks today? Yes. Are there _many_ organizations moving towards that goal? Yes. Obviously, it is not as widely deployed as IPv4 - but why should a current failing of our industry as a whole (getting IPv6 more available, sooner) encourage the yet-more-widespread use of a previous failing (loss of addresses as meaningful, unique identifiers)? Is some form of NAT going to be required - probably yes, but that is an unfortunate side-effect of the "current failing" I mentioned ... rather than being a noble goal unto itself. (For what it is worth - I have no problem with the idea of bringing some form of end-to-end'edness into NAT - whatever the mechanism, as long as it can be readily supported and doesn't pose any overwhelming security concerns of its own. I do, however, have a problem with it being forced down a network's throat. You imply that you have seen counter-arguments to "NAT can be harmless" - care to share?) /TJ
-----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg- admin@ripe.net] On Behalf Of Masataka Ohta Sent: Thursday, July 16, 2009 6:56 PM To: Sander Steffann Cc: Sascha Lenz; address-policy-wg@ripe.net Subject: Re: [address-policy-wg] Mandating NAT toward the final /8
Sander Steffann wrote:
Hello Masataka,
Hello. To summarize the discussion, my points are:
IPv6 will not be deployed soon
NAT is inevitable
NAT can be harmless
and I have seen no counter argument for the first two points.
The document you sent to this list is only a draft.
For IPv6 deployment, there are abandoned RFCs, which means being an RFC does not mean anything, and new drafts with NAT are coming, some of which needs changes in hosts.
The chances of getting end to end NAT globally deployed before the IPv4 address space runs out are very close to zero,
That's not my proposal, I just say "Mandating NAT", including legacy NAT, though those who want to make NAT end to end transparent may use end to end NAT or similar technologies.
I heard that UPnP is supporting transparent TCP (only TCP), which seems to be, as transparent as end to end NAT, of course with host modifications.
Instead, your statement mean
The chances of getting IPv6 globally deployed before the IPv4 address space runs out are very close to zero,
or, considering technical quality of IPv6 specification, exactly zero, which means we must use IPv4 NAT.
My proposal gives a way to make NAT harmless.
Also remember that we make policy for all uses of IP addresses, not just end user networks that have/get/need a limited amount of public addresses. These policies also apply to datacenters where servers are hosted. There are many examples where you can not put those servers behind a NAT box. Mandating NAT in the way you have stated in your messages is therefore not possible.
What's the rational for data centers not to reduce amount of IP address consumption by not accepting virtual servers when IPv4 address is becoming scares and IPv6 is not ready?
We are not going to change address policy in the whole RIPE region because of a draft document that only covers a part of what addresses are used for.
See above on the consequence of your reasoning that IPv6 will not be deployed soon and NAT is inevitable, which, so far, has nothing to do with my draft.
Masataka Ohta