There's are routing and switching people and there are security people. And they look at things different. That, IMHO, is the root of the emotion on this thread. No one is actually wrong except me for stirring the pot as the OP. :) -Hammer- "I was a normal American nerd" -Jack Herer On 7/17/2012 7:47 AM, Saku Ytti wrote:
I wonder who really believes there is no usage case for NAT66. Have these people seen non-trivial corporate networks?
I'm sure many people in this list finance part of their lives with renumber projects costing MUSDs. For many companies just finding out where addresses have been punched in (your FWs, your software, partner FWs, partner software, configurations...) will take months, before even starting renumbering.
If my enterprise customers don't have plan and ask my advice, I will recommend own PI, if they don't want (extra cost, extra clue needed) ULA and NAT66. If I recommend more specific from our PA, I know when they switch operators in few years time, some of them will decide renumbering is out-of-the-question[0] and will NAT my PA to new operator PA, essentially forcing me to never return any addresses to my free pool. I wonder if that is valid reason to ask more allocations? That address was once used?
More specific from our PA is fine for small offices with trivial setup, residential networks and few niche shops who specifically design for renumbering (but I guess these most often already want PI+BGP)
[0] I don't want NAT66 anywhere. I won't use NAT66 anywhere. But just because we have new protocol, does not mean we have new set of people, who share my ideologies and goals about network design. Only thing I can do, is protect myself from problems they would cause me.