In article <4704D03D.5030702@cisco.com> you write:
Iljitsch van Beijnum wrote:
That isn't actually true. I could move to IPv6 and deploy a NAT-PT box to give my customers access to the v4 Internet regardless of whatever the rest of the community thinks.
And then you'll see your active FTP sessions, SIP calls, RTSP sessions, etc fail.
Somehow we made it work for v4. How did that happen?
The problem is that NAT constrains the solution space available to application developers. I have no problem with PT-NAT to get to IPv4 because the IPv4 space is already constrained by the existing use of NAT. Most/many of the existing applications have been crippled by the existance of NAT. Almost no-one attempts to run the passive side (server) of a connection behind a NAT. With PAT try running more services that use the same port than you have public addresses. It just won't work. Similarly double or tripple NAT further reduce the application space that works. Even hotels realise NAT is bad. Have you notice that you now get asked if you can live behind the NAT or do you need a public address when you register? I work from behind a NAT as I work from home. There have been lots of things that should have been simple, but wern't, as that NAT was there. Something just didn't work because I couldn't find a ALG for that protocol. I have a big problem with pulling those constraints into IPv6. Without NAT I can, if needed, open up a complete address in the firewall to work around lack if a ALG. I don't get that choice with NAT. Mark