> Part of the real problem has been that the IETF failed to carefully > study, and take to heart, the operational capabilities which NAT > provided (such as avoidance of renumbering, etc, etc), and then > _failed to exert every possible effort_ to provide those same capabilities in an equally 'easy to use' way. I agree with Noel on that one -- as surprising as it may sound. The IETF did recognize several problems, from privacy to renumbering to multi-homing, but the quality of the proposed solutions has been uneven. The IPV6 response to privacy protects the host with privacy addresses, but exposes internal network routes. Renumbering works fairly well in small networks, but does not provide a replacement for folks who insist in hardwiring IP addresses into filters. The response to multi-homing requires an additional layer of protocol in the hosts and is probably 15 years from being deployed. Of course, NAT does not really solve multi-homing either -- it is one of the points where the brittleness is most apparent. But NAT's do hide the internals of a network, and do isolate networks from renumbering issues. NAT also break lots of applications, which is why so many of us hate them. But so do firewalls, and it seems that IPv6 firewalls are encouraged. Oh well. -- Christian Huitema