RE: Review: draft-ietf-v6ops-nap-01.txt

[chenhongfei <chenhongfei@huawei.com>]

I understand and agree with draft. Thank you.

The problem when networks merge is a big problem for NAT. A good network
design should reduce the effect of this problem. I need finished review
the draft at first :) 

Best regards
Hongfei Chen

-----Original Message-----
From: owner-v6ops@ops.ietf.org [mailto:owner-v6ops@ops.ietf.org] On
Behalf Of Eric Klein
Sent: Friday, August 19, 2005 3:06 PM
To: v6ops@ops.ietf.org
Subject: Re: Review: draft-ietf-v6ops-nap-01.txt

Hongfei Chen Wrote



>
> I'm doubt about this sentence in this mail " once the network moves to
> fully IPv6 there is no need for NAT or NAT-PT". One of client's reason
> to choose NAT is security.  NAT could hide inner IP address. It is
> important for some company. There are request of transition IPv6 to
IPv6
> maybe. Does this request needed in fully IPv6?
>

Part of what this draft was written to explain is that the concept of
NAT as
a security tool was very limited, and one that is better served by
firewalls. The second concept of topology hiding (often confused with
security) is one of the inherent features IPv6 by the use of Site-Local
addresses.

NAT was intended as a patch that would allow a company to have more IP
addresses available than they could register (either from a price or
scarcity consideration). One of the biggest problems with NAT in the
current
and future communications world is the high probability that when
networks
merge (companies combine or interconnect internal networks) then the NAT
address pools will overlap. Making the process twice as hard in
renumbering.
Where in IPv6 both networks would have unique numbers and would be able
to
be combined without duplicate.

I hope this clears it up for you
Eric