Stephen Sprunk wrote: > Thus spake "Keith Moore" <moore@xxxxxxxxxx> >> NAT-PT really needs to be wiped off the face of the earth. It >> provides all of the disadvantages of IPv4+NAT with all of the >> transition costs of IPv6. > > Indeed it does. However, it has significant benefits as well: > > [arguments about NAT-PT avoiding the need to dual-stack hosts deleted] Dual-stacking hosts is a non-problem. For the majority of deployed hosts, it is already done. Adapting existing networks to IPv6 is somewhat painful, but most of the deployed hardware supports it. On the other hand, adapting existing security policies, traffic filters, network intrusion detection systems, explicit and interception proxies is much harder. In some cases the products or upgrades don't even exist for IPv6, and when they do, they're not mature. >> If there is ever any significant penetration of NAT-PT, then the >> pseudo-IPv6 network will not be able to support any more kinds of >> applications than the NATted IPv4 does today. > > In the beginning stages, yes. However, unlike v4 NAT, if one has a > problem with NAT-PT and how it affects applications, all one has to do > is deploy v6 and they go away. That's like saying that if you are a IPv4 software developer and your applications won't work at your customers' sites because they have NATs, all you have to do is get rid of your own NAT and your customers' problems will go away. It simply doesn't work that way. NATs create problems even for people who don't use them. > Besides, nearly everyone is behind a v4 NAT today, so things aren't > going to get any worse for v4 traffic, and they'll gradually improve > for v6 traffic as folks deploy it and start to bypass their NAT-PT > devices. > > All of this "applications for v6 aren't designed to cope with NAT" > stuff is bunk. Applications are designed to use both v4 and v6 > because there's no market for v6-only apps. Apps have already paid > the cost of dealing with NAT (if it affects them) and so will future > apps until we can manage to drop v4 entirely. If NAT-PT allows us to > drop v4 sooner, it's that much sooner app developers can stop paying > that cost, and that's good for everyone. All of these gross generalizations about applications are bunk. The patterns of interaction between nodes of an application, and the effect that NATs have on them, vary widely from one application to another. Any generalization of the form "applications do X" is dubious on its face. There are basically two incentives to support IPv6: one is more addresses, the other is a better behaved network that is capable of supporting a wider range of applications at lower cost. If NAT-PT is widely deployed, the second incentive is removed. Keith _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf