The PhoneBoy Blog

Simplifying Telecom, Mobile Phones, Gadgets, Health, and More!

NAT is Coming to IPv6. Whether We Like It Or Not.

We have dueling viewpoints on this topic. First from Networking Nerd:

NAT on IPv6 is pointless and a bad idea.

There is no reason to implement native IPv6-to-IPv6 NAT (NAT66) in reality.  The address space is way too big to require translation in the foreseeable future of my lifetime or even that of my kids.  If you are really concerned about hiding your addresses or disguising your MAC address, you can look into the idea of Temporary Addressing.  In the middle of writing this post, Paul Reganasked me about using NAT to translate when you move from one provider to another.  That might be a good use case, and it happens to be the one that RFC 6296 is lined up to address, but if keeping your IPv6 space is so important when you move, why not sign up for a provider-independent block from your local Regional Internet Registrar (RIR) and run BGP to advertise it yourself?  If you switch ISPs often enough to keep switching IP schemes every few months, maybe you need to worry more about stability and less about chasing the lowest ISP price.  If your ISP keeps forcing you to switch addressing space that often, it might be time to shop around.

And then we have El Reg:

Right about now, an interjection typically begins “but the Cisco…” and I have to stop everyone right there. If your argument includes the words Cisco or Juniper, we’re not talking about the same market.

The budgets available for the IT space I am talking about differ by an order of magnitude. Despite this, we somehow manage to provide uptimes no worse than the big guys and still manage redundancy. At least we do in an IPv4 world.

This leads into the other major issue with IPv6: the inability to do multihoming. In an IPv4 world this is simple and cheap. The IPv6 solution is “get a carrier-independent address assignment and do proper routing”.

And I’d like to be the King of all Londinium and wear a shiny hat.

Meanwhile on planet Earth

These folks obviously know nothing about life on the frugal edge. Consumer-grade ISP connections simply don’t allow for that sort of thing. Even if you have the cash for your ISP’s so-called business-class package, they’ll still give you the stink eye the instant you start talking about such tomfoolery.

From a purely technical perspective, is the suggestion on the table really that three-person companies seeking ISP redundancy start doing BGP? That is the single craziest thing I have ever heard.

By the way, even the large enterprises want NAT66 to ensure, in a multihomed environment, a given traffic flow utilizes the same link up and down. No asymmetric routing. These are businesses that can clearly afford Cisco over Linksys and have the expertise in-house to manage BGP. And yet they want NAT66.

So NAT66 is coming. Whether the standards God want it or not, whether the people against NAT want it or not, the market is demanding it. Either the standards Gods can come up with a solution to the problem or the market will.

Meanwhile, I hope we can at least leave the HIDE/Masquerade bits of NAT behind in the transition to IPv6 with NAT. At least something like Network Prefix Translation gives you the ability to address a host bi-directionally.


#Cybersecurity Evangelist, Podcaster, #noagenda Producer, Frequenter of shiny metal tubes, Expressor of personal opinions, and of course, a coffee achiever.