On Apr 4, 2012, at 5:21 35PM, Noel Chiappa wrote: >> From: Doug Barton <dougb@xxxxxxxxxxxxx> > >> My comments were directed towards those who still have the mindset, >> "NAT is the enemy, and must be slain at all costs!" > > In semi-defense of that attitude, NAT (architecturally) _is_ a crock - it puts > 'brittle' (because it's hard to replicate, manage, etc) state in the middle of > the network. Having said that, I understand why people went down the NAT road > - when doing a real-world cost/benefit analysis, that path was, for all its > problems, the preferable one. NAT didn't really exist when the basic shape of v6 was selected. > > Part of the real problem has been that the IETF failed to carefully study, and > take to heart, the operational capabilities which NAT provided (such as > avoidance of renumbering, etc, etc), and then _failed to exert every possible > effort_ to provide those same capabilities in an equally 'easy to use' way. They thought -- or claimed -- that they had renumbering... v6 is not the protocol I would have chosen. For that matter, it's not the protocol I pushed for, as hard as I could, in the IPng directorate. At this point -- with all of its technical mistakes, IETF omissions, and difficulty of converting, we're stuck with it; we simply do not have time -- even if we agreed now on what we should have done, way back when -- to start over. Do the arithmetic... Assume we know, today, the basic structure of a perfect replacement for v4. It would take a minimum of 3 years to get through the IETF, not because of process but because there are so many things that it touches, like the DNS, BGP, OSPF, and more. There are also all of the little side-pieces, like the ARP/ND replacement, the PPP goo, etc. After that, it's 3 years of design/code/test by Microsoft, Apple, Cisco, Juniper, et al., following which we have the whole education cycle, the replacement cycle while old boxes die off and are replaced, and more. (Look at how many Windows XP boxes still exist -- and we're well into the second major release of Windows since then, and Windows 8 might be out before the end of the year.) By my arithmetic, it's a dozen years minimum, *after* we've agreed on the basic design. --Steve Bellovin, https://www.cs.columbia.edu/~smb