On 15 feb 2008, at 23:49, Jonathan Rosenberg wrote: >> So how far, exactly, are you prepared to bend over backwards and >> crack the spine of the IP architecture to accommodate 0.01% or so >> of its users? Not to mention the cost increases for all the extra >> protocol layers and debugging that must be borne by the other >> 99.99%? > Its not for me or you to decide. The issue is, will the people who > operate these networks decide that they want NAT. And then it is for > IETF to decide about whether they would like to engineer protocols > that actually work on the networks that those administrators have > built. A much better course of action is to agree on what is a reasonable use of IP technology first so that everyone can build stuff that works together from the start without undue cost or inconvenience, rather than having to go through a large number of frustrating iterations where new protocols can't be deployed because middleboxes don't let them through and middlebox buyers are unhappy with their vendors because the middlebox gets in the way of certain stuff. > A big mistake was made in IPv4, where NAT was declared 'evil' and we > didn't spend enough time defining it well. Now, it is wildly > successful and a part of what the Internet is, and it is harder to > deal with it. Had we done standards work up front and early, and > defining exactly how NAT work, things would work much better. Sure, but still much worse than without NAT. NAT IS evil in the sense that it makes life a lot harder, that's not the question. The question is whether it's a necessary evil. And that question is moot for IPv4 now, it's no longer possible to have a NAT-free IPv4 network. But it IS possible to have a NAT-free IPv6 network, although the requirement to change addresses often as external connectivity changes is deemed problematic by some. A NAT that only addresses this issue (i.e., static 1-to-1 address mappings where internal and external addresses have the same checksums so it's transparent to all protocols except those that do referrals) might not be too evil, but an IPv4-style port overloading NAT is even more evil in IPv6 because the workaround code isn't there in IPv6, and it's not a necessary evil either, because there is an abundance of address space in IPv6. > And now, we face the same dilemma with IPv6. Do we continue to deny > the possibility of IPv6 NAT? Do we decide NOT to standardize it? > Have we not learned our lesson from the first time around? What type of IPv6 NAT would you like to standardize? _______________________________________________ Ietf@xxxxxxxx http://www.ietf.org/mailman/listinfo/ietf