Re: Review: draft-ietf-v6ops-nap-01.txt

["Eric Klein" <ericlklein@softhome.net>]

Hongfei Chen Wrote



>
> I'm doubt about this sentence in this mail " once the network moves to
> fully IPv6 there is no need for NAT or NAT-PT". One of client's reason
> to choose NAT is security.  NAT could hide inner IP address. It is
> important for some company. There are request of transition IPv6 to IPv6
> maybe. Does this request needed in fully IPv6?
>

Part of what this draft was written to explain is that the concept of NAT as
a security tool was very limited, and one that is better served by
firewalls. The second concept of topology hiding (often confused with
security) is one of the inherent features IPv6 by the use of Site-Local
addresses.

NAT was intended as a patch that would allow a company to have more IP
addresses available than they could register (either from a price or
scarcity consideration). One of the biggest problems with NAT in the current
and future communications world is the high probability that when networks
merge (companies combine or interconnect internal networks) then the NAT
address pools will overlap. Making the process twice as hard in renumbering.
Where in IPv6 both networks would have unique numbers and would be able to
be combined without duplicate.

I hope this clears it up for you
Eric