Posted Jul 21, 2011 19:58 UTC (Thu) by mstefani (subscriber, #31644)
In reply to: IPv6 NAT by Lennie
Parent article: IPv6 NAT
Because it is an operational mess in practice.
ULAs are not a special IPv6 address type like the site local addresses once where. They are global addresses by the standard. So you have 2 global addresses on the hosts and the applications/hosts will "randomly" pick one as source address. There doesn't seem to be any consistency between OSes or even OS versions on which address is chosen and applications can mess with that too. Stateful firewalls tend to not like that and protocols that are NAT unfriendly will have a tendency to break too.
What we hear from network vendors is that their customer that tried your proposal have reverted to use only global addresses pretty quickly and not bother with ULA. Even if they don't route their global address to the internet and provide only NATed or proxied Internet access over IPv6.
No, ULA is a nice idea but doesn't seem to work in practice.
NAT sounds like a bad idea but it tends to work in practice and can simplify some network designs tremendously (multihoming, making sure that the traffic returns through the same stateful firewall, stop gap measure for internet access while you beat your provider and upstream provider for weeks and months to not filter out your prefix, etc). After all NAT is *not* bad, NAT is just a tool. A tool that can be misused but also a tool that can save your ass sometimes.