LCA: IP address exhaustion and the end of the open net [LWN.net]

LCA: IP address exhaustion and the end of the open net

Posted Jan 27, 2011 14:25 UTC (Thu) by RobSeace (subscriber, #4435)
In reply to: LCA: IP address exhaustion and the end of the open net by dlang
Parent article: LCA: IP address exhaustion and the end of the open net

Well, NAT is evil, and should be abolished, yes... However, as long as there are still IPv4 hosts that need to be interacted with, there will need to be some kind of NAT for dealing with them... But, pure IPv6 hosts don't need to be behind NAT (from other IPv6 hosts); that's the point people tried to make... And, the argument was always with people who wanted NAT as a firewall replacement, instead of being bothered to just use a real firewall... NAT is a kluge to solve a specific problem; one which no longer exists if the world is all on IPv6... In that world, indeed no one should ever have any kind of NAT anywhere... Of course, I'm not sure I'll ever live to see that world... ;-/

(Log in to post comments)

role of NAT in the v4 -> v6 transition

Posted Jan 29, 2011 17:22 UTC (Sat) by jeleinweber (subscriber, #8326) [Link]

The IETF and IAB still hate the idea of NAT66, they want to return to the end-to-end transparency of the 1980's, once again allowing protocol innovation to flourish. See e.g. RFC-5902 from last July.

NAT46 such as NAT-PT has been given up on; e.g. RFC-4966. In addition to all the usual NAT issues you have the killer problem of being unable to reliably fake DNS A records for servers which have AAAA only at ISP scales. The implication is that v4-only clients will be cut off from v6-only services. Once v6-only services become interesting, consumers will demand v6 from their ISP's.

It's easy to dual-stack clients, except that we are out of v4 addresses. So new clients with public v6 trying to access the legacy v4 network have two basic options, both involving NAT translation. You could ditch v4 and do some kind of NAT64 gateway. That is probably going to lose out to dual-stack-lite, where instead you give the client private v4, tunnel it over v6 to a carrier NAT44, and only have to eat the usual NAT issues, not NAT plus the protocol translation issues. Expect at lot of dual-stack-lite on cell phone networks and in Asia.

While we are waiting for ISP's to finish eradicating the v4-only DSLAMS and CMTS from their networks in the US and Europe, expect a lot of 6rd, where clients with upgraded dual-stack modems and upgraded wifi routers use protocol 41 tunnels over v4 between their modem and a gateway at the ISP. This looks almost like native v6 at the client, incrementally and easily migrates to full native v6 as the ISP fixes its pipes, and is cheap and quick to deploy.

Recap: ISP's need to offer v6 to their business customers yesterday, and 6rd or native v6 to their consumers soon. Businesses need to dual stack their services ASAP, or the new v6 customers will have a terrible experience, the legacy v4 customers won't be able to reach them, and the v4 refugees from a degrading v4 multiple-NAT morass won't have any refuge to run to. Consumers can wait until the v6 availability improves, say 2013, and then go dual-stack in whatever fashion, lite or heavy, their ISP allows.

Teredo is only for masochists.

role of NAT in the v4 -> v6 transition

Posted Jan 29, 2011 22:01 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]

what company is going to be willing to setup an IPv6 only service that 99.7% of the end-users will not be able to reach?

give it a couple of years with a lot of publicity and that number may drop down to 90% (a 30x increase in the number of people with usable IPv6) and the question remains.

one of the problems with killing off IE6 is that there are sill 20-30% (approximatly, I've not looked it up recently) users who have that browser, and companies are not willing to refuse to serve those customers. until the number of IPv4 only users drops to a number significantly lower than the current number of IE6 users, businesses won't be willing to cut them off.