FW: Operational challenges of no NAT
gbonser at seven.com
Thu Oct 28 09:43:36 CEST 2010
Oops, meant to forward to the list as well.
> On Behalf Of Jay Hennigan
> > Sent: Wednesday, October 27, 2010 11:47 PM
> > To: ipv6-ops at lists.cluenet.de
> > Subject: Re: Operational challenges of no NAT
> > The problem seems not to be with IPv6 or the size of the subnet but
> > some
> > rather bizarre rules under which someone else operates and your need
> > and/or willingness to jump through flaming hoops to please them.
> True. I have tried to use the argument that there is an RFC1918 /16
> behind that NAT and reducing the size of the address pool that
> physically connects to them in no way limits the number of different
> systems that connect to them. And if they see something "bad" from
> NAT pool, I have no way of knowing which one of the servers behind the
> NAT is doing it as it is a dynamic pool. But many people have this
> notion in their head that wide access is bad. I say that you either
> trust me with the access or not, how many addresses I am using on my
> side to gain the access doesn't matter.
> > If your peer is willing to accept traffic from you and whitelist
> > subnet, then your peer is willing to do so. If not, not.
> Which validates my own position on the issue.
> > As far as a different "call-back" IP, that IP can be conveyed within
> > the
> > payload (as in SIP) or hard-coded in some manner, the same as it can
> > done in IPv4.
> It is in some cases, but in a couple of cases it apparently needs to
> "hard wired" with some great difficulty. That is a process I believe
> they are going to need to sort out because it just won't scale with
> > It sounds as if reasonableness and understanding on the part of the
> > other party are what would be needed to solve this issue. If the
> > party isn't reasonable or clueful, perhaps you should be talking to
> > of their competitors.
> Understanding is the hard part. They are "big major internet portal"
> and sometimes have an approach where they simply set the rules but in
> this case they are going to "get it", I think, once they start having
> the same challenges. I think at this point I am just further along the
> v6 road than they are and they will get it once they have gone further
> down the path.
> As for competition, that is really out of my control as most of these
> connections are on behalf of third parties. The third party end user
> decides. I am just facilitating the transaction. I am just a conduit
> in the path.
> Thanks for taking the time to respond.
More information about the ipv6-ops