1. Easier to manage the network if the IPv4 and IPv6 versions are [...] 2. Risk management - developing a new operating posture for a new [...] 3. Renumbering - works about as well in IPv6 as in IPv4, which is to [...] 4. Defense in depth is a core principle of all security, network and [...]
On Fri, Apr 18, 2014 at 10:02 AM, William Herrin <bill@herrin.us> wrote: It would appear point (5) in favor of NAT with IPv6 is the only point that has any merit there. (1) to (4) are just rationalizations. None of (1) to (4) are the reasons IPv4 got NAT, none are valid, and none are good reasons to bring NAT to IPv6 or use NAT in designs of IPv6 networks. You could also add as good reasons.. (6) Requirement for NAT based on personal preference, and... (7) "You don't need this NAT function anymore," is not a good reason to 'withhold the feature as a design and implementation option'. -- "IPv6 is clearly not as mature as IPv4, when my IPv4 router has greater flexibility in translation options" --- (1) to (4) are just excuses for people who want NAT to not admit the real reasons which are illogical, BUT still important. (5) is quite valid. Also, you cannot fight it. When you have customers that demand NAT, even though there is absolutely no sound reason for NAT anymore. The users will still buy whatever gives them the feature they deemed important, based on their experience with IPv4. The fact of the matter is, the demand has irrational sources contributing: comfort and change-aversity and loss-aversity. People want to keep and not lose their IPv4 or their IPv4 features. They expect to cherrypick IPv6's advantages and not lose any functionality from V4 or have any extra work to do, or re-thinking of their understanding of IP networking to be doing. So if you are building IPv6 firewall SW, you should definitely include any NAT functionality you believe that many of your potential customers will demand. The fact is... as a product vendor to move the maximal number of people to the IPv6 paradigm: you are still going to have to cater to people with IPv4-like thinking. Therefore... I fully expect all the NAT features of IPv4 to have an IPv6 equivalent appearing. 5.
Feel free to refute all four points. No doubt you have arguments you personally find compelling. Your arguments will fall on deaf ears. At best the arguments propose theory that runs contrary to decades of many folks' experience. More likely the arguments are simply wrong.
-- -JH