> Fred, > > On 10,000 ft level, I think that the real success story of the internet is > that it allows for a wide diversity of usage cases and supports organizations > with a wide diversity of goals. If it's going to continue to be successful in > future, I think it will need to continue to support such diversity of > goals/usage. Those goals/usage cases don't have to be compatible with each > other. In fact, I think that would be an unachievable goal. However, I > believe there needs to be room for all of them to continue to exist on the > Net. I agree so far. > I really don't have any problem with anyone who values "end-to-end > transparency" as their goal for their OWN usage case of the NET. I have a big > problem when some-one is trying to tell me that goal MUST apply to my usage > case as well, whether I want it to or not....and then work to retard any > public standards being published which describe how my desired goals might be > enacted. The thing is, the end-to-end transparency of the core network is the primary feature of the Internet that allows "the wide diversity of usage cases" that you find valuable.
But few of us get to connect directly to the core network, so it's not just the transparency of the core network that matters. When enterprise networks and consumer ISPs don't also support end-to-end transparency, the Internet loses its ability to support that "wide diversity of usage cases". Now you may say that you have a right to do what you will with your own network, and you're correct about that. But as a practical matter, the large numbers of networks that have NATs in between themselves and the core Internet have crippled the ability of the Internet to support a wide diversity of applications. And yes, security is an important issue. But as compared to a stateful firewall, the additional security provided by NATs is very, very marginal. Furthermore, valuable security tools to do intrusion detection and packet tracing are hampered by NATs. And the firewall is much more flexible than the NAT in allowing the site to tailor its security policy to support the applications it wants to support and block the applications it wants to block. NATs don't give you flexibility at setting security policy, they take it away (unless you have some silly idea that a security policy should act like a NAT). IETF doesn't tell people what to do with their networks. There are no jackbooted network police with black helicopters that follow IETF's bidding (though that would be cool...just kidding). What IETF does is essentially to provide advice of the form "if you implement things this way, they should work well". What we know from around 15 years of experience is that NATs -- at least, NATs like we've had in IPv4 -- do not work well. They hinder the ability of the network to support applications. The applications that do manage to work in the presence of NATs become more expensive, more complex, less reliable. They provide an illusion of increased security while actually degrading it. So while people can continue to do what they want with their own networks, it would be irresponsible of IETF to recommend use of NATs in IPv6 unless a valid use case for use of NATs were known. And after 15 years of experience with IPv4, the only convincing use case for NATs has been to slow down the consumption of IPv4 addresses. That's it. Until we have a looming address shortage in IPv6, there's no proven justification for using NATs in IPv6. (I consider the jury still out for the nat66 proposal. I understand why people want it. I think there are better ways to skin that cat. But I think the question boils down to this: Who gets to feel the pain of solving the routing scaling problem? Should the users and application developers feel the pain, or should the enterprise network operators feel the pain, or should the carrier networks feel the pain? And because users and application developers are less-well represented in IETF, there's a lot of pressure to put the hurt on them. Nobody sees it that way, but that's the effect. The people doing routing want it to be Somebody Else's Problem so it will go away. I don't blame them, but the truth is, the problem doesn't go away just because you give it to somebody else.) > > For example, peer to peer networking is pretty much anthetical to the > standards that my organization embraces. I don't know what standards your organization embraces, but to me that's a really bizarre statement. Why should any organization care about the pattern of communication between parties in an application, unless you're doing traffic analysis? What is inherent about p2p that makes it less deserving of support from the network? > That being said, I have never had a problem with anyone attempting to > publish protocols involved with peer-to-peer applications. The end result of > such ple or whoever don't want to sell that sort of equipment for IPv6 that's > fine as well. All that will do is limit the market segment to which you can > sell your products. It's a free market economy, if you don't offer such > solutions, I'm pretty sure if there is a strong economic demand for them > (which I believe there will be) that those of us who strongly desire such > solutions will eventually find a vendor willing to fill that demand and > accept our cash. All that is really happening right now without that is > another factor slowing wide scale adoption of IPv6. There's also a strong market demand for methamphetamine. Should IETF promote that as well? Seems like NATs in IPv6 and meth have something in common - both provide the illusion of a benefit while actually doing considerable harm. And both have their proponents who are in denial about the harm that they cause because they can only see the money-making potential. > > I think on the very first exchange of e-mail I had with Margaret, I mentioned > that this particular proposed implementation of NAT66 didn't sufficiently > cover my usage requirements. However, I was happy to see it brought forward, > as I definitely could see how it might prove useful to certain usage cases. > From my perspective, the greater variety of options available the better.... > and having publication of standards for those options is better then not > having them. In general, the existence of too many standards in the same space, or standards with too many options, hinder interoperability rather than enhance it. > > My purpose here is simply as a reminder that there is a large user segment > that is currently under represented in discussions taking place on the > subject of NAT in IETF and certain other venues.....and that indeed there is > VERY far from universal agreement on the goals of end-to-end transparency or > reachability. You're correct about that. Applications developers and end users are grossly under-represented in IETF, and have been so ever since the mid 1990s. Keith
_______________________________________________ nat66 mailing list [email protected] https://www.ietf.org/mailman/listinfo/nat66
