> Mark, > > On Jul 2, 2007, at 6:49 PM, Mark Andrews wrote: > > People arn't bashing NAT. > > Oh, please. Sure they are. > > > They are saying that NAT is not > > a appropriate for solution in a IPv6 world. It adds a lot > > more complexity than just a stateful firewall. > > A stateful firewall doesn't also provides provider independence and > an ability to have a form of multi-homing without playing BGP games > or even telling your ISPs. What real benifits are there in NAT compared with carrying multiple PA prefixes? Active connections are still going to break when links go down. ICMPv6 will provide feedback when the external link is gone. > I am also a bit confused how a "dual stack" transition strategy to > IPv6 is going to work when the IPv4 address free pool is exhausted in > a few years without some form of NAT/ALG, but maybe that's just me. How many legacy boxes are going to need global connectivity that can't be covered by a ALG, bump in the stack or something else. I suspect most of the legacy boxes will only need to talk locally and RFC 1918 addresses will suffice in most cases. If you offer a service to others you run "dual stack" either natively or with a ALG (e.g. RIPE's whois over IPv6 did this). When the crunch comes you start to see IPv6 only services. The problem is eveyone is waiting until the crunch and not running "dual stack" now. Microsoft is doing the right thing with Vista by turing on IPv6 on by default. Each Vista box is a client waiting for you to turn on your dual stack service. This is the time when everyone should be running dual stack. > Rgds, > -drc > > > _______________________________________________ > Ietf mailing list > Ietf@xxxxxxxx > https://www1.ietf.org/mailman/listinfo/ietf -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf