Hello, Is it really true that most of the market chose to use NAT rather than tunneling or dual-stack for IPv6 transition mechanism? As far as I know, many providers in Japan have long been servicing IPv6 service, and their choice was never NAT. It was mostly tunneling, with small number of dual-stack services. Am I mistaken?
Thanks in advance for any comments. Ron -------------------------- Ron Lee Senior Engineer/ Ph.D. Samsung Electronics Suwon, South Korea ' spamcontrol ' -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pekka Savola Sent: Thursday, September 18, 2003 11:31 PM To: [EMAIL PROTECTED] Subject: why market picked up NATs [Re: Writeups on why RFC1918 is bad?] Hi, As I sent some thoughts on RFC1918 to the IAB, we had a short personal discussion with Geoff, and he made a very good question: "Why did the market pick up NATs and run so hard with them despite their evident complications and technical compromises?" I made a few observations of my own, which I believe are not so technical (because I don't think picking NATs has been a very technical decision, most of the times.) This discussion -- while maybe off-topic, chairs please speak up if so - - may be relevant when considering whether there is something missing in the IPv6 protocol set. -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings ---------- Forwarded message ---------- Date: Mon, 15 Sep 2003 15:34:34 +0300 (EEST) From: Pekka Savola <[EMAIL PROTECTED]> To: Geoff Huston <[EMAIL PROTECTED]> Subject: Re: Writeups on why RFC1918 is bad? (fwd) On Mon, 15 Sep 2003, Geoff Huston wrote: > At 11:19 AM 15/09/2003 +0300, Pekka Savola wrote: [...] > So the question that strikes right at the heart of this is: "Why did > the market pick up NATs and run so hard with them despite their > evident complications and technical compromises?" > > And if you can provide some insights into market behaviours in > answering the above question then you will gain some valuable insights > in answering the related questions listed above. (hmm.. perhaps we'd have had this discussion on a larger forum, like the ipv6 list or the IAB list.. feel free to forward or whatever if you feel the latter would be warranted.) I have thought up four reasons for this; I think all of them, especially the first two, are pretty obvious, and should not be technology-driven. 1) they provide for easy, extensible networking. When you install a NAT box in the network, the user doesn't have to configure static routes or anything like that; the NAT box is "transparent" (in a weird sense) to the network. The same argument applies to bridging compared to routing; if we wanted to get rid of NAT's e.g. in home or SOHO environments for IPv6, I'm pretty certain we'd have to go and specify a bridging architecture (remember J. Noel Chiappa's posts on why he thinks he made a mistake by advocating routing instead of bridging at the start of 80's). 2) NAT's have security properties which are understandable and settable even by those who don't have any security expertise. Just plug it in, and bam.. you prevent any incoming traffic except to those nodes which have been explicitly configured. The same would be doable with total- blockage access lists as well, but many folks really don't understand this. 3) IP address space conservation and ISP business models. ISPs feel that they cannot give enough IP addresses to the users (e.g. home), unless they want to spend considerable amount of energy fighting the respective RIR to get the address space (e.g., our hostmaster boggled when I proposed he'd apply for some /20 or /21 for a thousand or so DSL users). On the other hand, some ISPs do even have a business model of not giving the home users anything but one address, to get them to get premium service; I don't know the details of such arrangements. The bottom line is that getting IP addresses to those folks that need them (e.g. homes), _easily_, is just too difficult, impossible or costs too much. 4) the evident complications and technical compromises are not really so evident (as in, you don't typically notice or understand them outright, and when you do, it's already too late), and your favourite vendor is more than happy to code workarounds to these complications (e. g. ALG's) to gain you as a customer. Do you have any answers of your own to the question you posed? -- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 -------------------------------------------------------------------- -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------