On Wed, 4 Feb 2009, Roger Marquis wrote:
Perhaps what we need is an IPv6 NAT FAQ? I'm suspect many junior network engineers will be interested in the rational behind statements like:
* NAT disadvantage #1: it costs a lot of money to do NAT (compared to what it saves consumers, ILECs, or ISPs?)
Yes it cost more money in OPEX. Try to detect malicious host behind a NAT among thousand of hosts.
* NAT disadvantage #3: RFC1918 was created because people were afraid of running out of addresses. (in 1992?)
Yes. One of my colleague, who participated in development of RFC 1918 confirmed it.
* NAT disadvantage #4: It requires more renumbering to join conflicting RFC1918 subnets than would IPv6 to change ISPs. (got stats?)
This statement is true: Currently you encounter more private address usage than IPv6 usage.
* NAT disadvantage #5: it provides no real security. (even if it were true this could not, logically, be a disadvantage)
It is true. Lots of administrator behind the NAT thinks, that because of the NAT they can run a poor, careless software update process. Majority of the malware infection is coming from application insecurity. This cannot be prevented by NAT!
OTOH, the claimed advantages of NAT do seem to hold water somewhat better:
* NAT advantage #1: it protects consumers from vendor (network provider) lock-in.
Use PI address and multi homing.
* NAT advantage #2: it protects consumers from add-on fees for addresses space. (ISPs and ARIN, APNIC, ...)
No free lunch. Or use IPv6.
* NAT advantage #3: it prevents upstreams from limiting consumers' internal address space. (will anyone need more than a /48, to be asked in 2018)
You can gen more /48, or use ULA.
* NAT advantage #4: it requires new (and old) protocols to adhere to the ISO seven layer model.
This statement is a bullshit.
* NAT advantage #5: it does not require replacement security measures to protect against netscans, portscans, broadcasts (particularly microsoft netbios), and other malicious inbound traffic.
Same, if your implement proper firewall filtering. Best Regards, Janos Mohacsi