Operational challenges of no NAT
George Bonser
gbonser at seven.com
Thu Oct 28 08:31:25 CEST 2010
One of the operational "benefits" of IPv4 with NAT as far as my daily
functions are concerned has been with connectivity to various outside
places where we transact data as a matter of course. For example, two
of the major portal sites require that different sorts of servers in my
network use different source IPs for their tracking and for access
purposes. They also require I not give them too wide a range.
So I might have 100 servers behind a couple of IPs in a NAT pool and
another hundred behind a different pool. I give these portals those IPs
and they are happy.
Now comes v6.
Now I must get each one of these servers individually white listed and
if an IP changes, that must be changed at the other end too. And it can
sometimes take weeks to get things white listed depending on who it is
with. I have people who balk at white listing a /25 as being too wide a
range. What are they going to think about a v6 /64? This also prevents
any use of autoconfiguration if each address must be separately white
listed. Most of these accesses are stuff that the regular internet has
access to but we are allowed a greater number of accesses without being
throttled or there might be considerable configuration involved where a
certain function in one direction has a "call back" IP that is
different. So each IP that we might connect into them with must be
mapped to some other IP on our side for transactions from them that
might happen later.
Yes, I understand that this process is going to take some sorting out on
both sides of the transaction but my question is if anyone else has run
into this sort of problem and how did you crack that nut?
George
More information about the ipv6-ops
mailing list