In message <DD7FE473A8C3C245ADA2A2FE1709D90B1C828F@xxxxxxxxxxxxxxxxxxxxxxxxxxxx ento.ca.us>, "Michel Py" writes: >> Ralph Droms wrote: >> Would someone with first-hand knowledge of the reasons "several >> major corporations publicly indicate that they intend to use NAT >> with IPv6" be willing to compare those reasons with the reasons >> listed in draft-vandevelde-v6ops-nap-01, and identify any reasons >> that might be missing from Gunter's document? Might be useful to >> consider extending draft-vandevelde-v6ops-nap-01 to address all >> the known reasons for IPv6 NAT. > >I'm not into this anymore, but two of the reasons are: > >1. Significant numbers of enterprise network operators do not want >multiple addresses per host. It makes everything more complex: access >control, troubleshooting, internal firewalling, documentation, etc. And >during the transition, it also creates a network with two different >models. NATting at the edge instead is not a free lunch, but it is >well-known and maintains a single-model, simpler network. Stateful >firewalls capable of dealing with multi-address hosts that change IP >addresses on the fly will be a significant challenge. > Actually, NATting at the edge is a disaster for a lot of those reasons, because of the difficulty it causes when you receive external trouble reports -- who caused it? --Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf