I’ve just been reading Russell Helling blog post – Fear and Loathing in IPv6 where he talks about gut reactions from the Service Provider side in Provider Independent (IPv4) address space. Go and read it.
Ok, so the reason that PI space was NOT a requirement for IPv4 was that we could change our external addressing. Not easy, but we COULD. Therefore, telcos & service providers could get away with giving us IP address that forced us to use their services, and prevented us from easily migrating away.
RFC 5902 says
Now, the IAB has clearly expressed RFC 5092 – IAB Thoughts on IPv6 Network Address Translation it’s view:
4.1. Discussion tweet
We believe that providing end-to-end transparency, as defined above, is key to the success of the Internet. While some fields of traffic (e.g., Hop Limit) are defined to be mutable, transparency requires that fields not defined as such arrive un-transformed. Currently, the source and destination addresses are defined as immutable fields, and are used as such by many protocols and applications. tweet
Each of the three classes of solution can be defined in a way that preserves end-to-end transparency. tweet
While we do not consider IPv6 NATs to be desirable, we understand that some deployment of them is likely unless workable solutions to avoiding renumbering, facilitating multihoming without adversely impacting routing scalability, and homogeneity are generally recognized as useful and appropriate. tweet
As such, we strongly encourage the community to consider end-to-end transparency as a requirement when proposing any solution, whether it be based on tunneling or translation or some other technique. Solutions can then be compared based on other aspects such as scalability and ease of deployment. tweet
For what it worth, I completely agree with the IAB. There is no benefit for anyone in having NAT66 and it’s an evil that must be expunged from the system. It will be hard enough to get DNS4 and DNS6 working without some overly complex NAT process as well.
NAT Didn’t Always Work.
It took about five years for firewalls to reliably be able to perform NAT and PAT. You may not remember it but I can assure you that the Active / Passive FTP was nothing compared to other protocols that simply could not be translated. And the translation process forces us to create protocols that can survive translation, thus removing features or capabilities that we could otherwise us.
The EtherealMind View
You can help make this PI Address Allocation a convention by moving to request and deploy PI IPv6 space immediately. This will start a process of forcing the telcos to use LISP, or upgrade hardware, or start upgrading obsolete hardware and hiring enough engineers to complete their deployments. At least something will be done to adapt to the technical problems, the Internet always does.
Also worth remembering, those people who got IPv4 allocation in 1990′s got them forever and this might be your only chance again.
As Russell says:
In conclusion I concur with Greg and with the IAB that for IPv6 deployments in enterprise networks today PI is the only workable solution. Admitting this still makes me feel uncomfortable. tweet
Bring on the IPocalypse.