> > They are saying that NAT is not > > a appropriate for solution in a IPv6 world. It adds a lot > > more complexity than just a stateful firewall. > > A stateful firewall doesn't also provides provider > independence and an ability to have a form of multi-homing > without playing BGP games or even telling your ISPs. This could be done using ULA-random addresses and a form of IPv6 address translation that does a pure one-to-one mapping of internal and external addresses. In other words, no PAT because that is where the concept of NAT and firewall really start to become confused. Straightforward address translation doesn't need to carry any state in the translation device because it is simply swapping the address prefix bits. > I am also a bit confused how a "dual stack" transition strategy to > IPv6 is going to work when the IPv4 address free pool is > exhausted in a few years without some form of NAT/ALG, but > maybe that's just me. I don't think the IETF needs to do anything to enable ALG between v4 and v6. People are going to write code to do that anyway. --Michael Dillon _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf