Operational challenges of no NAT
mark at exonetric.com
Thu Oct 28 12:06:44 CEST 2010
Ben Jencks wrote:
> Wouldn't crypto, either HMAC or signatures, be a better assurance of
> authorization? Sure, they can whitelist your /64, but that just serves
> to keep the riff-raff out; the signature provides the actual identity
> For callbacks, they should be done with DNS names. That way you're
> v4/v6 agnostic at the application layer, and you can renumber your
> callback receiver at will.
> I'm aware that in dealing with big providers they can have a pretty
> hard-to-budge idea of how to do things. But if you're asking for the
> "IPv6 way", I think crypto and DNS are the way to go.
Is there some documented list of the usual requirements that NAT is used
to satisfy and the corresponding IPv6 method to satisfy that requirement?
Lots of IT managers really like NAT for managing the interface between
their network and the big bad world outside.
I hadn't even considered the case the original poster brought up, myself.
More information about the ipv6-ops