BINET David FTRD/DMI/CAE wrote: > > After the today's decision with site local, is clear to me > > that we don't want to have NAT happening again ) > I think it was clear before SL discussion. > > > > We know that the people will do it anyway, but we must do an > > effort to avoid is as much as possible, and some ideas that could > > support this are: > > > > 1) Clearly show the advantages of end-to-end and no NAT model. > > 2) Have the specs indicating that an IPv6 node (host/router, > > whatever) MUST NOT support NAT or equivalent mechanisms. Any > > interoperability/conformance test must fail if you fail to > > agree with this specification. This should be a clear sign for the > > manufacturers to avoid supporting NATs. > > 3) Indicate that if someone wants to keep using NAT, should > > do it with IPv4. > > The good question is: why customers use NATs ? > Maybe, it is because of the lack of public addresses and > surely there are some other reasons ! > So I am not convinced by the interdiction of NATs in IPv6 > node requirements (is it possible ?) but I would prefer > a constructive solution that provides > right solutions for customer needs. End to end secure > communications is a nice goal but is it possible today to > propose such service for any customer or in any environment ?
In IPv6 every enduser should have enough IP's simply because of the simple rule: - when in doubt that the user might ever have 1+ subnets give them a /48. otherwise you might give them a /64. But that quickly boils down to passing a /48 to everybody because that's much easier to administrate in the books. Though using 1 /48 for passing out single /64's from that is nice solution too ofcourse. Bigger customers can ofcourse get bigger blocks or extra /48's. And when the LIR runs out it should get a bigger one from the RIR etc. Nevertheless customers should never have any need whatsoever for NAT. If there once is a need for it IPv6 'failed' as it didn't get up to the primary need for IPv6: More addressspace so that everything can be e2e. Taking this into consideration NAT's can be banned from IPv6 and what Jordi stated above is IMHO completely correct. As for people who think that a NAT is a firewall: it isn't. (Though usually functions of firewalls are also built into NAT's) Greets, Jeroen -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
