[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bridging IPv6 only networks
> Don't take me wrong, I'm not saying NAT is a perfect solution, far from
> that. I'm saying the model is well understood, partly thanks to you Keith.
> We know where it works and where it does not. That knowledge
> may or may not have percolated to all network admin, but its
> a different issue.
well, given that I don't think I can come up with a concise statement
of where NAT works and where it does not, at least, not without lots
of wiggle room - I seriously doubt that "we" (for any larger set of
people) understand NATs well. The midcom people have made progress,
but the ugliness of their partial solution should tell us something.
> I'm not advocating NAT instead of IPv6, I'm saying that NAT-like
> (NAT64/SIIT) technology would enable to deploy IPv6-only
> networks. Such hosts will work exactly the same as IPv4 hosts
> that are today behind a NAT when talking to the IPv4 world
> and benefit from end-to-end connectivity when talking to the IPv6 only
> world.
It's clear that some form of NAT is required to allow most apps on
IPv4-only hosts to exchange information with apps on IPv6-only hosts -
if only because it's impractical to build an ALG for each app.
> The success (or failure) of IPv6 will not be measured by how well
> early deployment using dual-stack technique will work, but
> by how well large to very large IPv6-only networks will operate.
and by whether those networks are more functional than NATted v4 networks.
the real challenge is for the transition mechanisms to avoid imposing
NAT-like restrictions on communications between application components
on v6-capable hosts. otherwise, there's little point to IPv6.
actually, let me back up - the real challenge is for IPv6 (with or without
transition mechanisms) to avoid imposing NAT-like restrictions on
communications between application components on v6-capable hosts.
Because current ideas about address selection, multihoming, renumbering,
and limited-scope addressing, actually impose many of those restrictions
even without considering transition mechanisms.
> One think that we learned in the last 2 years by studying DNS, SMTP,
> SIP & friends is that, in order to keep the Internet from fragmenting
> and being balkanized, nodes needs to access basic services regardless
> of the IP version they are using.
actually I suspect we will end up with a network which supports both
heavily NATted v4 and v6 - some apps using v4, some apps using v6,
and some able to tolerate either. the apps in the latter category
will consist of those that tolerate NAT and don't care how big their
addresses are (e.g. the web), and those apps that have built-in
support for intermediaries (that can serve as v4<>v6 translators)
and a transparent way of locating them (e.g. email).
IF we are successful, v6-only apps will be those that cannot tolerate
NAT. v4-only apps will be limited to legacy, probably local-only apps
that cannot tolerate NAT and/or have wired-in assumptions about address size.
> I think bridging both world at the IP layer makes more sense than
> bridging them at upper layers, and NAT-like technology is a natural
> candidate for that purpose.
again, I see two risks with this:
- one is that we pretend that it's a general solution.
- the other is that such mechanisms interfere with interoperation
between v6-only hosts.
Keith